also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Can't open/install Malwarebytes, google redirects and overall slow computer

Discussion in 'Virus and Malware Removal' started by zemzero, Jan 1, 2012.

Page 2 of 2

  1. zemzero Newcomer, in training

    OTL Extras logfile created on: 1/1/2012 7:46:25 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jim\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.48 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.78% Memory free
    12.66 Gb Paging File | 12.19 Gb Available in Paging File | 96.31% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 1.45 Gb Free Space | 7.41% Space Free | Partition Type: NTFS
    Drive F: | 58.59 Gb Total Space | 2.69 Gb Free Space | 4.59% Space Free | Partition Type: NTFS
    Drive G: | 22.61 Gb Total Space | 0.46 Gb Free Space | 2.05% Space Free | Partition Type: NTFS
    Drive H: | 33.65 Gb Total Space | 1.43 Gb Free Space | 4.25% Space Free | Partition Type: NTFS
    Drive I: | 29.29 Gb Total Space | 0.07 Gb Free Space | 0.23% Space Free | Partition Type: NTFS
    Drive K: | 3.73 Gb Total Space | 3.34 Gb Free Space | 89.70% Space Free | Partition Type: FAT32
    Drive M: | 22.62 Gb Total Space | 0.56 Gb Free Space | 2.45% Space Free | Partition Type: NTFS

    Computer Name: RINCEWIND | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-823518204-152049171-1343024091-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "F:\Applications\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- F:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "F:\Applications\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1 -- [2011/10/21 09:27:24 | 000,000,000 | ---D | M]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1 -- [2011/10/21 09:27:24 | 000,000,000 | ---D | M]
    "DoNotAllowExceptions" = 1 -- [2011/10/21 09:27:24 | 000,000,000 | ---D | M]
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "65535:TCP" = 65535:TCP:*:Disabled:65535
    "65535:UDP" = 65535:UDP:*:Disabled:65535
    "6112:TCP" = 6112:TCP:*:Disabled:6112 TCP
    "6112:UDP" = 6112:UDP:*:Disabled:6112 UDP
    "3724:TCP" = 3724:TCP:*:Disabled:Blizzard Downloader
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "38864:TCP" = 38864:TCP:*:Enabled:UTTCP
    "38864:UDP" = 38864:UDP:*:Enabled:UTUDP
    "6113:TCP" = 6113:TCP:*:Disabled:6113 TCP
    "6113:UDP" = 6113:UDP:*:Disabled:6113 UDP
    "6114:TCP" = 6114:TCP:*:Disabled:6114 TCP
    "6114:UDP" = 6114:UDP:*:Disabled:6114 UDP
    "6115:TCP" = 6115:TCP:*:Disabled:6115 tcp
    "6115:UDP" = 6115:UDP:*:Disabled:6115 udp
    "6116:TCP" = 6116:TCP:*:Disabled:6116 tcp
    "6116:UDP" = 6116:UDP:*:Disabled:6116 udp
    "6117:TCP" = 6117:TCP:*:Disabled:6117 tcp
    "6117:UDP" = 6117:UDP:*:Disabled:6117 udp
    "6118:TCP" = 6118:TCP:*:Disabled:6118 tcp
    "6118:UDP" = 6118:UDP:*:Disabled:6118 udp
    "6119:TCP" = 6119:TCP:*:Disabled:6119 tcp
    "6119:UDP" = 6119:UDP:*:Disabled:6119 udp
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "7757:TCP" = 7757:TCP:*:Disabled:7757 TCP RO
    "7757:UDP" = 7757:UDP:*:Disabled:7757 UDP RO
    "7758:TCP" = 7758:TCP:*:Disabled:7758 TCP RO
    "7758:UDP" = 7758:UDP:*:Disabled:7758 UDP RO
    "28902:TCP" = 28902:TCP:*:Disabled:28902 UDP RO
    "20610:UDP" = 20610:UDP:*:Disabled:20610 UDP RO
    "10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "F:\Applications\CyberLink\PowerDVD8\PowerDVD8.exe" = F:\Applications\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0
    "C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service
    "F:\Applications\CyberLink\PowerDVD9\PowerDVD9\PowerDVD9.exe" = F:\Applications\CyberLink\PowerDVD9\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
    "C:\Program Files\uTorrent\Copy of uTorrent.exe" = C:\Program Files\uTorrent\Copy of uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
    "F:\Applications\CyberLink\PowerDVD9\PowerDVD9\PowerDVD9.exe" = F:\Applications\CyberLink\PowerDVD9\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Disabled:Xfire -- (Xfire Inc.)
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Disabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
    "F:\Applications\mIRC\mirc.exe" = F:\Applications\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}" = SST Programming Software
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
    "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{2348B97D-C991-438F-BC44-294C931E7B8B}" = SMART Essentials for Educators
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
    "{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
    "{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software
    "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
    "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack Data Recovery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
    "{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
    "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
    "{519FCD20-AB3E-4A4F-AA30-2AAED80513A8}" = Lightscribe Extended Label Contrast Utility
    "{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
    "{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
    "{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
    "{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
    "{626713B4-F070-4605-9DF6-31783A5AEAAE}" = ENFUNS Updater
    "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    "{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
    "{66712EEE-ECBC-4CA4-A474-dream-mkv-to-avi-converter}_is1" = Dream MKV to AVI Converter 3.0.3.2
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
    "{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
    "{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.3.00
    "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
    "{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
    "{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{962206B0-C3BA-4A51-82DF-124032910C91}" = Wings Over Vietnam
    "{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C395AAF-F3DB-FA42-2ADF-9CC22B281033}" = Nero 7 Ultra Edition
    "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
    "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
    "{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
    "{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
    "{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
    "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
    "{BDED1DCF-4A14-475E-83C9-81F4E29C0852}" = Eamonn
    "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
    "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
    "{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
    "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
    "{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
    "{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
    "{E825D490-927B-43E5-BD45-3ABF03D6347A}" = Saitek Smart Technology Drivers
    "{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
    "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
    "{ED538FC7-A6DE-2C1F-72D1-0E92DEDB023D}" = Fever Frenzy
    "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
    "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "4Front EQ10 for Various Players_is1" = 4Front EQ10 2.0 for Various Players
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "Airport Mania - First Flight" = Airport Mania - First Flight (remove only)
    "All ATI Software" = ATI - Software Uninstall Utility
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "AnyDVD" = AnyDVD
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "AutoItv3" = AutoIt v3.2.10.0
    "AVI Joiner_is1" = AVI Joiner
    "Avi2Dvd" = Avi2Dvd 0.4.5 beta
    "AviSynth" = AviSynth 2.5
    "Belarc Advisor" = Belarc Advisor 7.2
    "BroadJump Client Foundation" = BroadJump Client Foundation
    "Burger Shop" = Burger Shop (remove only)
    "Bytescout SWF To Video Scout (demo)_is1" = Bytescout SWF To Video Scout
    "Cake Mania Bundle" = Cake Mania Bundle (remove only)
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "C-Media Audio Driver" = C-Media WDM Audio Driver
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
    "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    "Easy Video Joiner_is1" = Easy Video Joiner 5.21
    "EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "Fever Frenzy" = Fever Frenzy (remove only)
    "File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
    "First Class Flurry" = First Class Flurry (remove only)
    "FLVPlayer" = FLV Player 1.3.3
    "foobar2000" = foobar2000 v1.0
    "Fraps" = Fraps
    "GeoVid Flash Player_is1" = GeoVid Flash Player
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
    "InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
    "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "InstallShield_{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
    "InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
    "Intel(R) 536EP Modem" = Intel(R) 536EP Modem
    "InterActual Player" = InterActual Player
    "IrfanView" = IrfanView (remove only)
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LimeWire" = LimeWire 4.16.6
    "Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MVApplication1" = SureThing CD Labeler Deluxe 4 Trial
    "NeroVision!UninstallKey" = Nero Digital
    "NVIDIA Drivers" = NVIDIA Drivers
    "oggcodecs" = oggcodecs 0.71.0946
    "OJOsoft HD Video Converter_is1" = OJOsoft HD Video Converter
    "OpenMG HotFix4.0-04-11-01-01" = OpenMG Limited Patch 4.0-04-11-01-01
    "Opera 11.60.1185" = Opera 11.60
    "PlexUtil" = SmartPack 1.0.0
    "Portal" = Portal
    "PunkBusterSvc" = PunkBuster Services
    "Recuva" = Recuva (remove only)
    "Replay Video Capture4.2" = Replay Video Capture
    "SBC Yahoo! Applications" = SBC Yahoo! Applications
    "SensorsView Pro 3.2" = SensorsView Pro 3.2
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Sound Blaster PCI128" = Sound Blaster PCI128
    "Starcraft" = Starcraft
    "StreamPlug" = StreamPlug Player
    "SUPER ©" = SUPER © Version 2007.bld.21 (Jan 4, 2007)
    "SwitchOff" = Switch Off
    "SystemRequirementsLab" = System Requirements Lab
    "TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
    "The Rosetta Stone" = The Rosetta Stone
    "Theocratic Research Utilities_is1" = Theocratic Research Utilities 2005
    "Trojan Remover_is1" = Trojan Remover 6.7.5
    "TrueRTA" = TrueRTA
    "Tweak UI 2.10" = Tweak UI
    "UltraISO_is1" = UltraISO Premium V9.33
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.1
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "WinAVI Video Converter_is1" = WinAVI Video Converter
    "WindowBlinds" = WindowBlinds
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinFF_is1" = WinFF 1.3.2
    "WinPatrol" = WinPatrol 2007
    "WinPcapInst" = WinPcap 3.1
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
    "Xfire" = Xfire (remove only)
    "Xilisoft HD Video Converter" = Xilisoft HD Video Converter
    "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
    "XoftSpySE" = XoftSpySE
    "XPMP" = Xfire Plus: Music Plugin
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XviD" = XviD MPEG-4 Codec
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "XviDDec" = Nic's XviD Decoder

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-152049171-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Darth Mod M2TW 1.4D" = Darth Mod M2TW 1.4D
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "uTorrent" = µTorrent
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/12/2011 10:06:58 PM | Computer Name = RINCEWIND | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/21/2011 6:04:05 AM | Computer Name = RINCEWIND | Source = Application Hang | ID = 1002
    Description = Hanging application vlc.exe, version 1.0.1.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 12/25/2011 7:18:21 AM | Computer Name = RINCEWIND | Source = Application Hang | ID = 1002
    Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/30/2011 2:58:17 PM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    Error - 12/30/2011 2:59:53 PM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    Error - 12/31/2011 6:49:02 PM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    Error - 12/31/2011 9:24:13 PM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    Error - 12/31/2011 11:33:26 PM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    Error - 1/1/2012 1:06:42 AM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    Error - 1/1/2012 1:09:02 AM | Computer Name = RINCEWIND | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.60.0.59, faulting module
    mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

    [ System Events ]
    Error - 1/1/2012 5:04:55 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7000
    Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
    to the following error: %%2

    Error - 1/1/2012 5:05:11 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the BITS service.

    Error - 1/1/2012 5:05:50 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the TrkWks service.

    Error - 1/1/2012 5:06:19 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the ShellHWDetection service.

    Error - 1/1/2012 5:07:15 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7022
    Description = The StarWind iSCSI Service service hung on starting.

    Error - 1/1/2012 5:07:15 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the BITS service.

    Error - 1/1/2012 6:48:42 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7000
    Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
    to the following error: %%2

    Error - 1/1/2012 7:07:25 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7000
    Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
    to the following error: %%2

    Error - 1/1/2012 8:30:29 PM | Computer Name = RINCEWIND | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 1/1/2012 8:31:22 PM | Computer Name = RINCEWIND | Source = Service Control Manager | ID = 7000
    Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
    to the following error: %%2


    < End of report >
    zemzero, Jan 1, 2012
    #21

  2. Broni Malware Annihilator

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
O2 - BHO: (no name) - {2872FCAB-D624-41EC-A962-ED0042E88703} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {4A35215E-CC2C-479D-8497-B4E0E717ED5D} - No CLSID value found.
O2 - BHO: (no name) - {60BAB90D-8901-435C-A5CC-CA57A71AD1D6} - No CLSID value found.
O2 - BHO: (no name) - {76BB1260-B534-4682-954B-1CFD70E1143F} - No CLSID value found.
O2 - BHO: (no name) - {D04FE4B9-60A7-4051-90DA-7EBA950E9D5F} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\nnnoPFUm: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2011/04/28 21:15:27 | 000,001,574 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 21:15:27 | 000,001,574 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
    Broni, Jan 1, 2012
    #22

  3. zemzero Newcomer, in training

    All processes killed
    ========== OTL ==========
    Error: No service named RichVideo) Cyberlink RichVideo Service(CRVS was found to stop!
    Service\Driver key RichVideo) Cyberlink RichVideo Service(CRVS not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2872FCAB-D624-41EC-A962-ED0042E88703}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2872FCAB-D624-41EC-A962-ED0042E88703}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A35215E-CC2C-479D-8497-B4E0E717ED5D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A35215E-CC2C-479D-8497-B4E0E717ED5D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60BAB90D-8901-435C-A5CC-CA57A71AD1D6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60BAB90D-8901-435C-A5CC-CA57A71AD1D6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76BB1260-B534-4682-954B-1CFD70E1143F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76BB1260-B534-4682-954B-1CFD70E1143F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D04FE4B9-60A7-4051-90DA-7EBA950E9D5F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D04FE4B9-60A7-4051-90DA-7EBA950E9D5F}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoPFUm\ deleted successfully.
    C:\Documents and Settings\Jim\Local Settings\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5 moved successfully.
    C:\Documents and Settings\All Users\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Jim
    ->Temp folder emptied: 229689 bytes
    ->Temporary Internet Files folder emptied: 224174 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 112017946 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 10866 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: My Documents

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2387498 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 110.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: My Documents

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01012012_222753

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...










    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    ESET Smart Security
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    WinPatrol 2007 (Outdated! Latest version is WinPatrol 2011)
    XoftSpySE
    Spybot - Search & Destroy
    Trojan Remover 6.7.5
    CCleaner
    EasyCleaner
    Java(TM) 6 Update 30
    Java(TM) SE Runtime Environment 6 Update 1
    Out of date Java installed!
    Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
    Mozilla Firefox (3.6.25) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    WinPatrol winpatrol.exe
    BillP Studios WinPatrol winpatrol.exe
    ``````````End of Log````````````
    zemzero, Jan 1, 2012
    #23

  4. zemzero Newcomer, in training

    Scanning Report
    Sunday, January 1, 2012 23:24:37 - 23:35:04

    Computer name: RINCEWIND
    Scanning type: Quick scan
    Target: System
    No malware found
    Statistics
    Scanned:

    * Files: 4421
    * System: 4421
    * Not scanned: 0

    Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * Not cleaned: 0
    * Submitted: 0

    Options
    Scanning engines:

    Copyright © 1998-2009 Product support | Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
    zemzero, Jan 1, 2012
    #24

  5. zemzero Newcomer, in training

    Everything ran smooth for the most part. JavaRa crashed when I first tried to run it but trying it a second time worked.

    Computer seems to be doing good, very happy with the results so far.
    zemzero, Jan 1, 2012
    #25

  6. Broni Malware Annihilator

    Uninstall Java(TM) SE Runtime Environment 6 Update 1

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    Update or uninstall WinPatrol.

    Uninstall EasyCleaner
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ===============================================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Jan 1, 2012
    #26

  7. zemzero Newcomer, in training

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Temp folder emptied: 178000584 bytes
    ->Temporary Internet Files folder emptied: 736430 bytes
    ->Java cache emptied: 29632 bytes
    ->FireFox cache emptied: 33938440 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: My Documents

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 203.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: My Documents

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 01022012_004059

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Thanks for all the help, Broni. This was a lot more work than I thought, glad everything appears to be normal.
    zemzero, Jan 2, 2012
    #27

  8. Broni Malware Annihilator

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Jan 2, 2012
    #28
Page 2 of 2