Inactive Slender Man virus

D

daveed12vas

Posts: 31   +0
Dear TechSpot,
I just downloaded The Slender Man free game download from AtomicGamer.com and along with the Slender Man game I was made to download a set of other programs like: Yahoo Toolbar, PC Optimizer, SevenZip, and some others... I have The Slender Man game on my desktop now which is nice, but now I can no longer open programs with a double mouse click and my quick launch icons for Internet Explorer & Mozilla have disappeared from the taskbar. I think I might have a virus. Can you please help and take me through the removal process? Any help would be welcomed.
 
www.malwarebytes.org

Database version: v2012.12.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GX620 [administrator]

12/16/2012 11:38:47 AM
mbam-log-2012-12-16 (11-38-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188691
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 11:58:53 on 2012-12-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2887 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Cartwheel: {B50DF051-E1D4-439C-B94E-F4DE82B56542} - c:\documents and settings\administrator\application data\cartwheel\Cartwheel.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
dRun: [Norton Download Manager{N360621005-SHPD-FSD25037}] c:\program files\norton management\engine\3.0.0.133\ccSvcHst.exe /m
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340484126046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350846574421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{2225B3BB-99B4-43AD-B80C-7B7402075F2B} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-2 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0302000.013\ccsetx86.sys [2012-10-23 134304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-2 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-2 149624]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2012-12-16 107520]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-9 399432]
R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.2.0.19\ccsvchst.exe [2012-10-23 143928]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-6-19 103040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20121214.001\IDSXpx86.sys [2012-12-15 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-19 22856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121215.006\NAVENG.SYS [2012-12-15 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121215.006\NAVEX15.SYS [2012-12-15 1601184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-19 676936]
.
=============== Created Last 30 ================
.
2012-12-16 15:58:14 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
2012-12-16 15:28:45 -------- d-----w- c:\documents and settings\administrator\application data\DefaultTab
2012-12-16 15:28:32 -------- d-----w- c:\documents and settings\administrator\application data\Cartwheel
2012-12-16 15:28:23 -------- d-----w- c:\program files\Yahoo!
2012-12-14 16:29:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE
2012-12-09 21:51:23 -------- d-----w- C:\HOME2
.
==================== Find3M ====================
.
2012-12-12 17:32:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 17:32:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 03:48:47 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 03:48:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\mclient\0302000.013\ccsetx86.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 11:59:22.60 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

I still need Attach.txt part of DDS.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2010 5:15:43 PM
System Uptime: 12/16/2012 9:58:34 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 53.931 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP117: 9/19/2012 12:06:56 PM - System Checkpoint
RP118: 9/20/2012 12:41:13 PM - System Checkpoint
RP119: 9/21/2012 2:19:42 PM - System Checkpoint
RP120: 9/22/2012 4:14:18 PM - System Checkpoint
RP121: 9/26/2012 2:02:04 PM - System Checkpoint
RP122: 9/28/2012 3:29:48 PM - System Checkpoint
RP123: 9/29/2012 4:25:53 PM - System Checkpoint
RP124: 9/30/2012 10:04:44 PM - System Checkpoint
RP125: 10/2/2012 10:59:43 AM - System Checkpoint
RP126: 10/4/2012 10:18:39 AM - System Checkpoint
RP127: 10/5/2012 1:32:09 PM - System Checkpoint
RP128: 10/6/2012 5:43:53 PM - System Checkpoint
RP129: 10/6/2012 10:48:41 PM - Installed Java 7 Update 7
RP130: 10/8/2012 10:41:54 AM - System Checkpoint
RP131: 10/9/2012 1:33:42 PM - System Checkpoint
RP132: 10/12/2012 11:45:48 PM - System Checkpoint
RP133: 10/14/2012 12:09:14 AM - System Checkpoint
RP134: 10/16/2012 9:58:56 AM - System Checkpoint
RP135: 10/18/2012 9:17:26 AM - System Checkpoint
RP136: 10/19/2012 1:07:24 PM - System Checkpoint
RP137: 10/21/2012 2:12:41 PM - Software Distribution Service 3.0
RP138: 10/22/2012 10:58:48 AM - Installed Java 7 Update 9
RP139: 10/24/2012 10:12:42 AM - System Checkpoint
RP140: 10/26/2012 9:59:05 AM - System Checkpoint
RP141: 10/27/2012 12:38:19 PM - System Checkpoint
RP142: 10/30/2012 9:16:32 AM - System Checkpoint
RP143: 10/31/2012 11:57:56 AM - System Checkpoint
RP144: 11/1/2012 10:37:42 PM - System Checkpoint
RP145: 11/3/2012 3:30:42 PM - System Checkpoint
RP146: 11/4/2012 4:20:04 PM - System Checkpoint
RP147: 11/9/2012 9:56:23 AM - System Checkpoint
RP148: 11/10/2012 2:08:04 PM - System Checkpoint
RP149: 11/14/2012 5:23:53 PM - System Checkpoint
RP150: 11/15/2012 5:50:42 PM - System Checkpoint
RP151: 11/16/2012 6:14:45 PM - System Checkpoint
RP152: 11/18/2012 9:48:04 AM - System Checkpoint
RP153: 11/19/2012 10:29:12 AM - System Checkpoint
RP154: 11/20/2012 1:07:31 PM - System Checkpoint
RP155: 11/21/2012 4:14:37 PM - System Checkpoint
RP156: 11/22/2012 11:18:17 PM - System Checkpoint
RP157: 11/23/2012 11:38:15 PM - System Checkpoint
RP158: 11/24/2012 11:41:13 PM - System Checkpoint
RP159: 11/27/2012 1:21:50 PM - System Checkpoint
RP160: 11/28/2012 8:35:24 PM - System Checkpoint
RP161: 12/1/2012 9:06:35 PM - System Checkpoint
RP162: 12/3/2012 12:22:02 PM - System Checkpoint
RP163: 12/4/2012 4:38:42 PM - System Checkpoint
RP164: 12/8/2012 10:01:27 PM - System Checkpoint
RP165: 12/9/2012 2:31:25 PM - Software Distribution Service 3.0
RP166: 12/9/2012 5:03:35 PM - Installed LightScribe System Software.
RP167: 12/11/2012 9:52:33 AM - System Checkpoint
RP168: 12/13/2012 12:23:51 AM - System Checkpoint
RP169: 12/14/2012 11:16:06 AM - Norton_Power_Eraser_20121214111602046
RP170: 12/15/2012 9:55:20 PM - System Checkpoint
RP171: 12/16/2012 9:59:23 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD APP SDK Runtime
AMD Catalyst Install Manager
ATI AVIVO Codecs
Broadcom Gigabit Integrated Controller
Cartwheel Shopping
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplay 1.8
DefaultTab
Dell Driver Download Manager
DVD Shrink 3.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 26
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 6 Ultra Edition
Norton 360
Norton Management
OpenOffice.org 3.1
PunkBuster Services
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/9/2012 11:26:15 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
12/9/2012 11:26:03 PM, error: Dhcp [1002] - The IP address lease 71.85.230.56 for the Network Card with network address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Oops! Okay Broni, here is the DDS Att.file

Things have only gotten worse with each keystroke on my PC.
When I launch Internet Explorer my entire PC freezes and I must restart. I am attempting to run my Norton360 right now. I will check back here after the Norton scan is complete. Thanks for helping.
 
So far I don't see anything malicious there.

Did you try system restore to before installing that game?
 
I went to Add/Remove Programs and uninstalled YahooToolbar and PC Optimizer, and then did a System Restore to restore my PC to yesterdays restore point.
 
Using System Restore did nothing to fix the problem. Over half of my desktop programs no longer respond to a double mouse click, when I open Internet Explorer my PC just freezes (mouse arrow becomes an hourglass), and Norton360 does not work. I've tried to run Norton twice and it stalls and freezes after scanning 2790 files. What is going on? Should I delete and reinstall IE Explorer? Should I delete or uninstall The Slender Man? And where did my taskbar icons go?
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 12/16/2012 17:41:43

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x8ACAC610)
SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x8ACAC6F0)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8AD5C4A8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x8ACAD690)
SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x8ABEA1B0)
SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x8ACACEC0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x8ACADA60)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8AC18810)
SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x8ACAD1C0)
SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x8ACB4878)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8AC592C0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x8ACACF90)
SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x8ACACAD8)
SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x8AC94BC0)
SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8ADCAAE8)
SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x8AB6F550)
SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x8AC7E2C8)
SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8AB6E4A8)
SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x8AB6FED8)
SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x8ADA7308)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x8ACADB50)
SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x8ACAC220)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x8AB6EA28)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8AD33930)
SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x8ACAD280)
SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x8AB6FA28)
SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8AB6EE18)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8ADA52A8)
SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8AB6EED8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x8ADCAA28)
SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8AC8E530)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0C910)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AB09258)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AB049D8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC7C9D8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AC6EAF0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8ADF0D20)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ADB3270)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8ADE67D0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8ADA9C50)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC6F3E0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS +++++
--- User ---
[MBR] 68543f0563158d43b37a920b968b72fe
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7]_D_12162012_02d1741.txt >>
RKreport[1]_S_12162012_02d1739.txt ; RKreport[2]_D_12162012_02d1740.txt ; RKreport[3]_D_12162012_02d1740.txt ; RKreport[4]_D_12162012_02d1741.txt ; RKreport[5]_D_12162012_02d1741.txt ;
RKreport[6]_D_12162012_02d1741.txt ; RKreport[7]_D_12162012_02d1741.txt
 
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 12/16/2012 17:39:17

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x8ACAC610)
SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x8ACAC6F0)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8AD5C4A8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x8ACAD690)
SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x8ABEA1B0)
SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x8ACACEC0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x8ACADA60)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8AC18810)
SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x8ACAD1C0)
SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x8ACB4878)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8AC592C0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x8ACACF90)
SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x8ACACAD8)
SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x8AC94BC0)
SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8ADCAAE8)
SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x8AB6F550)
SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x8AC7E2C8)
SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8AB6E4A8)
SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x8AB6FED8)
SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x8ADA7308)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x8ACADB50)
SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x8ACAC220)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x8AB6EA28)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8AD33930)
SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x8ACAD280)
SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x8AB6FA28)
SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8AB6EE18)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8ADA52A8)
SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8AB6EED8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x8ADCAA28)
SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8AC8E530)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0C910)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AB09258)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AB049D8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC7C9D8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AC6EAF0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8ADF0D20)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ADB3270)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8ADE67D0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8ADA9C50)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC6F3E0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS +++++
--- User ---
[MBR] 68543f0563158d43b37a920b968b72fe
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12162012_02d1739.txt >>
RKreport[1]_S_12162012_02d1739.txt
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-16 17:45:13
-----------------------------
17:45:13.687 OS Version: Windows 5.1.2600 Service Pack 3
17:45:13.687 Number of processors: 2 586 0x403
17:45:13.687 ComputerName: GX620 UserName:
17:45:16.406 Initialize success
18:00:26.265 AVAST engine defs: 12121601
18:03:00.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:03:00.484 Disk 0 Vendor: ST380013AS 8.12 Size: 76293MB BusType: 3
18:03:00.500 Disk 0 MBR read successfully
18:03:00.500 Disk 0 MBR scan
18:03:00.609 Disk 0 Windows XP default MBR code
18:03:00.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76293 MB offset 63
18:03:00.609 Disk 0 scanning sectors +156248190
18:03:00.671 Disk 0 scanning C:\WINDOWS\system32\drivers
18:03:10.609 Service scanning
18:03:24.734 Modules scanning
18:03:30.125 Disk 0 trace - called modules:
18:03:30.140 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:03:30.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aef5ab8]
18:03:30.140 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8af4db58]
18:03:30.640 AVAST engine scan C:\WINDOWS
18:03:35.328 AVAST engine scan C:\WINDOWS\system32
18:05:30.484 AVAST engine scan C:\WINDOWS\system32\drivers
18:05:43.906 AVAST engine scan C:\Documents and Settings\Administrator
18:07:36.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:07:36.609 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-12-14.01 - Administrator 12/16/2012 19:34:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2916 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Administrator\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-17 01:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DefaultTab
2012-12-16 15:28 . 2012-12-16 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cartwheel
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\program files\Yahoo!
2012-12-14 16:29 . 2012-12-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2012-12-09 23:03 . 2012-12-09 23:03 -------- d-----w- c:\program files\Common Files\LightScribe
2012-12-09 21:51 . 2012-12-09 22:34 -------- d-----w- C:\HOME2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 17:32 . 2012-04-03 02:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 17:32 . 2011-06-17 22:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 03:48 . 2012-10-07 03:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 03:48 . 2011-06-17 22:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:19 . 2012-10-23 16:21 134304 ----a-w- c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2011-06-19 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16 . 2012-10-22 15:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 18:07 . 2012-12-01 18:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
 
ComboFix 12-12-17.01 - Administrator 12/16/2012 22:53:37.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3012 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-17 01:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DefaultTab
2012-12-16 15:28 . 2012-12-16 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cartwheel
2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\program files\Yahoo!
2012-12-14 16:29 . 2012-12-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2012-12-09 23:03 . 2012-12-09 23:03 -------- d-----w- c:\program files\Common Files\LightScribe
2012-12-09 21:51 . 2012-12-09 22:34 -------- d-----w- C:\HOME2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 17:32 . 2012-04-03 02:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 17:32 . 2011-06-17 22:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 03:48 . 2012-10-07 03:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 03:48 . 2011-06-17 22:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:19 . 2012-10-23 16:21 134304 ----a-w- c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2011-06-19 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16 . 2012-10-22 15:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 18:07 . 2012-12-01 18:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
2012-10-17 22:18 231432 ----a-w- c:\documents and settings\Administrator\Application Data\Cartwheel\Cartwheel.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 01:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-25 03:00 32768 ----a-w- c:\windows\system32\rmctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-07-04 04:48 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/2/2012 9:52 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/2/2012 9:52 AM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 12:17 PM 995488]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys [10/23/2012 10:21 AM 134304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/2/2012 9:52 AM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/2/2012 9:52 AM 149624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 3:02 PM 399432]
R2 MCLIENT;Norton Management;c:\program files\Norton Management\Engine\3.2.0.19\ccsvchst.exe [10/23/2012 10:21 AM 143928]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/2/2012 9:52 AM 138272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [6/19/2011 11:41 AM 103040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:48 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121214.001\IDSXpx86.sys [12/15/2012 9:51 AM 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2011 3:20 PM 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2011 3:20 PM 676936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 21:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:32]
.
2012-12-17 c:\windows\Tasks\User_Feed_Synchronization-{7F981BCB-ABC9-4C36-9EBA-E7880CC42B20}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,06,89,b7,96,6d,80,42,96,8c,cf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,fa,d3,ba,3d,bf,3c,4e,a6,be,62,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,06,89,b7,96,6d,80,42,96,8c,cf,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-16 23:01:14
ComboFix-quarantined-files.txt 2012-12-17 05:01
ComboFix2.txt 2012-12-17 01:43
ComboFix3.txt 2012-02-06 23:56
ComboFix4.txt 2012-02-02 02:03
.
Pre-Run: 57,647,828,992 bytes free
Post-Run: 57,440,571,392 bytes free
.
- - End Of File - - D87C684EE45A8BB1736157E476EF7B88
 
Oops, sorry about the error with ComboFix. I hope the new log is correct. I am still having all the same problems with Internet Explorer, programs will not start via double mouse click, and Norton360 stalls out just after 2000 files are scanned. Thanks for the help Broni.
 
problems with Internet Explorer, programs will not start via double mouse click
Click to expand...
If this is Desktop shortcut try to create new one.

As for Norton you may need to reinstall it.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v2.101 - Logfile created 12/17/2012 at 00:07:17
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - GX620
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\searchplugins\safesearch.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1387 octets] - [17/12/2012 00:06:49]
AdwCleaner[S1].txt - [1332 octets] - [17/12/2012 00:07:17]

########## EOF - C:\AdwCleaner[S1].txt - [1392 octets] ##########
 
OTL logfile created on: 12/17/2012 12:13:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.79% Memory free
4.09 Gb Paging File | 3.71 Gb Available in Paging File | 90.61% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 53.71 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

Computer Name: GX620 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/17 00:05:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/10/10 20:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccsvchst.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/12/12 11:32:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/01 12:07:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 20:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/23 17:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/10/03 19:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys -- (ccSet_MCLIENT)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/14 09:26:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121216.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/14 09:26:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121216.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121214.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 06:48:37 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 06:48:37 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 20:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 20:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/07/04 00:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/07/01 17:56:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/06 22:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 19:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2012/05/14 00:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/03/29 00:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\symtdi.sys -- (SYMTDI)
DRV - [2012/03/29 00:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2012/03/29 00:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2010/04/27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/03/17 15:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes\{271AB670-473B-4EDC-8036-15E5194F33A9}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20121251,6901,0,8,0
IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes\{988AA950-1F62-48B2-A8DA-EFE0B23C8875}: "URL" = http://www.mysearchresults.com/search?&c=2650&t=03&q={searchTerms}
IE - HKU\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/07/01 17:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/12/17 00:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 12:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/01 12:07:16 | 000,000,000 | ---D | M]

[2010/04/07 16:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/12/16 15:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\extensions
[2012/12/16 15:56:25 | 000,234,972 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/12/01 12:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/17 00:09:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\COFFPLGN
[2012/07/01 17:59:49 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPLGN
[2011/07/04 08:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/01 12:07:23 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 09:25:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 17:01:44 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/16 19:40:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1340484126046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1350846574421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2225B3BB-99B4-43AD-B80C-7B7402075F2B}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/07 16:13:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 19:31:14 | 005,011,996 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/12/16 17:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/12/16 09:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/12/16 09:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2012/12/16 09:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Slender v0.9.7
[2012/12/16 09:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/12/16 09:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/14 10:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2012/12/09 17:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/12/09 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012/12/09 15:51:23 | 000,000,000 | ---D | C] -- C:\HOME2
[2012/12/01 12:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 00:09:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/17 00:08:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/16 23:32:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/16 23:21:57 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/16 23:21:50 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/16 23:21:50 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/16 22:51:08 | 005,011,996 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/12/16 19:40:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/16 18:26:15 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F981BCB-ABC9-4C36-9EBA-E7880CC42B20}.job
[2012/12/16 18:07:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/12/16 14:21:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/16 13:43:53 | 000,106,484 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559867574_7095613_n.jpg
[2012/12/16 13:43:34 | 000,075,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559862574_6188948_n.jpg
[2012/12/16 13:43:19 | 000,080,971 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559857574_334677_n.jpg
[2012/12/16 13:14:25 | 000,059,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\261_1062181270983_8081_n.jpg
[2012/12/16 10:53:14 | 000,085,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\198723_246654008692257_3722898_n.jpg
[2012/12/16 10:34:55 | 000,100,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\527968_10151082408668579_1144189974_n.jpg
[2012/12/16 10:05:56 | 000,111,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\575143_10151496327190174_908941605_n.jpg
[2012/12/16 09:43:43 | 065,812,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Slender_v0_9_7.zip
[2012/12/16 02:03:35 | 000,044,575 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\253_20287805827_5281_n.jpg
[2012/12/16 01:54:28 | 000,154,897 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\556064_10150917674280828_1381619199_n.jpg
[2012/12/16 01:43:07 | 000,039,697 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\581594_185262564942140_1908392838_n.jpg
[2012/12/16 01:36:03 | 000,071,971 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157315130478_2968909_n.jpg
[2012/12/16 01:35:47 | 000,089,247 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157311865478_7692424_n.jpg
[2012/12/16 01:03:23 | 000,058,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796901319_769025_n.jpg
[2012/12/16 01:03:18 | 000,060,869 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796941320_5306665_n.jpg
[2012/12/15 23:42:09 | 000,071,459 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\248781_2144181005483_5042624_n.jpg
[2012/12/15 23:41:12 | 000,094,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\267583_2249405116020_2639995_n.jpg
[2012/12/15 23:21:45 | 000,085,011 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\396614_1820614511340_316881020_n.jpg
[2012/12/15 23:10:23 | 000,084,725 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\206767_10150154363369039_6466081_n.jpg
[2012/12/15 23:10:02 | 000,103,964 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\215679_10150154363429039_2434430_n.jpg
[2012/12/15 23:02:44 | 000,053,307 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\9021_126017333602_4267830_n.jpg
[2012/12/12 11:32:24 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 11:32:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/11 21:48:40 | 000,064,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\560781_210920942374896_1376037402_n.jpg
[2012/12/10 22:01:05 | 000,053,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\205769_110753989007984_1569016_n.jpg
[2012/12/10 21:44:31 | 000,038,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\269811_104812279614250_4588483_n.jpg
[2012/12/09 20:59:05 | 014,117,417 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 4.mp3
[2012/12/09 20:58:58 | 014,457,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 3.mp3
[2012/12/09 20:58:50 | 014,501,103 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 2.mp3
[2012/12/09 20:58:38 | 015,049,699 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 1.mp3
[2012/12/09 17:03:49 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2012/12/09 16:43:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/09 15:02:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/09 14:38:47 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/02 12:25:44 | 163,910,310 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BF3_Premium_Bonus_Art_EN_v2.pdf
[2012/11/30 12:35:48 | 000,100,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ovw001-checklist.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/16 18:07:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/12/16 13:43:53 | 000,106,484 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559867574_7095613_n.jpg
[2012/12/16 13:43:34 | 000,075,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559862574_6188948_n.jpg
[2012/12/16 13:43:19 | 000,080,971 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559857574_334677_n.jpg
[2012/12/16 13:14:24 | 000,059,706 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\261_1062181270983_8081_n.jpg
[2012/12/16 10:53:13 | 000,085,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\198723_246654008692257_3722898_n.jpg
[2012/12/16 10:34:55 | 000,100,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\527968_10151082408668579_1144189974_n.jpg
[2012/12/16 10:05:55 | 000,111,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\575143_10151496327190174_908941605_n.jpg
[2012/12/16 09:43:43 | 065,812,970 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Slender_v0_9_7.zip
[2012/12/16 02:03:35 | 000,044,575 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\253_20287805827_5281_n.jpg
[2012/12/16 01:54:28 | 000,154,897 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\556064_10150917674280828_1381619199_n.jpg
[2012/12/16 01:43:07 | 000,039,697 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\581594_185262564942140_1908392838_n.jpg
[2012/12/16 01:36:03 | 000,071,971 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157315130478_2968909_n.jpg
[2012/12/16 01:35:47 | 000,089,247 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157311865478_7692424_n.jpg
[2012/12/16 01:03:23 | 000,058,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796901319_769025_n.jpg
[2012/12/16 01:03:18 | 000,060,869 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796941320_5306665_n.jpg
[2012/12/15 23:42:08 | 000,071,459 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\248781_2144181005483_5042624_n.jpg
[2012/12/15 23:41:11 | 000,094,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\267583_2249405116020_2639995_n.jpg
[2012/12/15 23:21:45 | 000,085,011 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\396614_1820614511340_316881020_n.jpg
[2012/12/15 23:10:23 | 000,084,725 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\206767_10150154363369039_6466081_n.jpg
[2012/12/15 23:10:02 | 000,103,964 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\215679_10150154363429039_2434430_n.jpg
[2012/12/15 23:02:43 | 000,053,307 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\9021_126017333602_4267830_n.jpg
[2012/12/11 21:48:40 | 000,064,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\560781_210920942374896_1376037402_n.jpg
[2012/12/10 22:01:04 | 000,053,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\205769_110753989007984_1569016_n.jpg
[2012/12/10 21:44:30 | 000,038,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\269811_104812279614250_4588483_n.jpg
[2012/12/09 20:58:57 | 014,117,417 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 4.mp3
[2012/12/09 20:58:50 | 014,457,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 3.mp3
[2012/12/09 20:58:39 | 014,501,103 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 2.mp3
[2012/12/09 20:58:30 | 015,049,699 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 1.mp3
[2012/12/09 17:03:49 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2012/12/02 12:24:04 | 163,910,310 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BF3_Premium_Bonus_Art_EN_v2.pdf
[2012/11/30 12:35:44 | 000,100,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ovw001-checklist.pdf
[2012/03/14 16:30:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 17:34:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/06 17:34:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/06 17:34:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/06 17:34:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/06 17:34:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/01 17:35:55 | 000,199,307 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/02/01 17:35:52 | 000,165,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/02/01 17:27:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/08/03 18:48:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/13 20:42:30 | 000,140,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/07/13 20:42:29 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2011/07/13 20:41:51 | 000,280,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/07/13 20:41:49 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2011/07/13 20:41:49 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/06/19 09:53:07 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/06/19 09:53:07 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/19 09:53:07 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/17 16:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

========== ZeroAccess Check ==========

[2011/06/17 16:24:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 
OTL Extras logfile created on: 12/17/2012 12:13:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.79% Memory free
4.09 Gb Paging File | 3.71 Gb Available in Paging File | 90.61% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 53.71 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

Computer Name: GX620 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:pnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:pnkBstrB -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional
"{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English
"{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{479826D5-FE36-711F-8BE3-AB7B44440F66}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}" = HP Deskjet 2050 J510 series Basic Device Software
"{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German
"{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish
"{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F2954FB-3F0F-B384-3E6F-5D0CAAF80A77}" = ATI AVIVO Codecs
"{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French
"{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish
"{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese
"{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch
"{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center
"{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian
"{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek
"{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6346B4B-FDD6-C406-06FE-0CF77F561E78}" = AMD Catalyst Install Manager
"{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy
"{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese
"{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"DVD Shrink_is1" = DVD Shrink 3.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MCLIENT" = Norton Management
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PunkBusterSvc" = PunkBuster Services
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2012 10:46:02 AM | Computer Name = GX620 | Source = Application Error | ID = 1001
Description = Fault bucket -1216698070.

Error - 8/23/2012 11:24:47 AM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/8/2012 3:55:56 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/9/2012 3:33:16 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/9/2012 3:33:23 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/10/2012 3:04:47 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/2/2012 11:30:22 AM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/10/2012 11:43:46 AM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/1/2012 1:34:15 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/1/2012 9:23:18 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 12/1/2012 9:23:14 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/6/2012 11:20:51 AM | Computer Name = GX620 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0013727340F4.

Error - 12/8/2012 10:20:38 PM | Computer Name = GX620 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/8/2012 10:20:38 PM | Computer Name = GX620 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/8/2012 10:20:55 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/10/2012 1:26:03 AM | Computer Name = GX620 | Source = Dhcp | ID = 1002
Description = The IP address lease 71.85.230.56 for the Network Card with network
address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/10/2012 1:26:15 AM | Computer Name = GX620 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/14/2012 12:05:26 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/16/2012 5:32:39 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
Description = The IP address lease 71.85.225.232 for the Network Card with network
address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/16/2012 7:38:41 PM | Computer Name = GX620 | Source = Service Control Manager | ID = 7034
Description = The DefaultTabUpdate service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You must log in or register to reply here.

Similar threads

Shawn Knight
Pixels in motion: Lego's Pac-Man Arcade set comes to life with mechanical crank
Replies
0
Views
322
Shawn Knight
Shawn Knight
midian182
Spinal implant helps man with Parkinson's disease walk miles without mobility issues
Replies
5
Views
337
RudyBob
RudyBob
midian182
Man says bingeing Starfield saved his family from a fire
Replies
9
Views
467
Kam7r
K

Latest posts

Back