« previous next »
Pages: [1] 2

Author Topic: Not able to instal programs  (Read 1443 times)

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« on: January 01, 2011, 02:57:10 PM »
Hi Guestsolo

I got more work for you. I am on another computer that is runnning slow and I fear may have been hijacked. I tried downloading the hijack file that is located under your posts, but I get a pop up window saying..Window IE cannot open the internet site.......operation aborted.

I also tried to instal spyware blaster and malawarebytes, but got the same problem.

Running Windows XP....Internet explorer, with norton.

Thanks
« Last Edit: January 01, 2011, 02:57:37 PM by rinoscar »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #1 on: January 01, 2011, 03:36:55 PM »
Can you do the following
See if it's any help

transfer the installer to Firefox to the desktop of the computer
You can use a thumbdrive, etc...

Here is the installer to Firefox
http://www.mozilla.com/en-US/firefox/
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #2 on: January 01, 2011, 04:38:36 PM »
Hi Guestsolo..... I want to wish you a happy new year and may all your wishes come to true!!


Here are the logs:
OTL logfile created on: 01/01/2011 4:30:14 PM - Run 1
OTL by OldTimer - Version 3.2.20.0     Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
479.00 Mb Total Physical Memory | 157.00 Mb Available Physical Memory | 33.00% Memory free
741.00 Mb Paging File | 462.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 52.40 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-K0N3ZT9M2 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/01/01 16:29:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/23 18:40:57 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
PRC - [2003/03/27 18:34:58 | 000,053,248 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/01/01 16:29:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/23 18:40:57 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\E5.tmp -- (MEMSWEEP2)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101231.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101231.034\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 13:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20101229.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/05/30 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/05 19:20:57 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 03:47:52 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/30 12:42:00 | 000,397,824 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/05/14 18:09:00 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/04/01 15:51:30 | 000,719,052 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/01/10 13:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/23 22:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation                                                ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: _{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/01 16:25:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/01 16:24:44 | 000,000,000 | ---D | M]
 
[2009/12/08 21:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/12/08 21:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
[2011/01/01 16:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwojlqk2.default\extensions
[2011/01/01 16:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2005/06/14 20:53:06 | 000,000,833 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2B9A2F4B-E636-4C40-A422-DF4CAAE800A2} - No CLSID value found.
O2 - BHO: (no name) - {2EFDBF2A-6563-4DFC-BFCA-34F2677A5C01} - No CLSID value found.
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ()
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - No CLSID value found.
O2 - BHO: (no name) - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - No CLSID value found.
O2 - BHO: (no name) - {BB3E753A-140C-4385-A351-BC12C06F0856} - No CLSID value found.
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {E3DB17F5-A378-41BC-BBF7-B6A07F360F60} - No CLSID value found.
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] C:\WINDOWS\Options\OEMReset.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: some = C:\Program Files\NetProject\scit.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O9 - Extra 'Tools' menuitem : IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -  File not found
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game02.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://yog30.games.ac4.yahoo.com/yog/y/tt5_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.203
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\iiijigh: DllName - iiijigh.dll -  File not found
O24 - Desktop Components:0 () - http://65.54.169.250/cgi-bin/getmsg/5769726_7_2.jpg?&msg=7E409F15-B2E7-4261-82BF-9D37AE35B1E4&start=0&len=57222&mimepart=5&curmbox=00000000-0000-0000-0000-000000000001&b=d9bd1ab64f9dee441f94e753f337dd23&disk=10.1.106.212_d3363&login=anna_sca68&domain=hotmail%2ecom&hm___sig=e1dddf2801c6a3ddc2a1410579fbff326f346bb5f92a9597
O24 - Desktop Components:1 () - http://65.54.169.250/cgi-bin/getmsg/5769726_7_2.jpg?&msg=7E409F15-B2E7-4261-82BF-9D37AE35B1E4&start=0&len=57222&mimepart=5&curmbox=00000000-0000-0000-0000-000000000001&b=fe353bc9f7e9204ea86fea001adbbab6&disk=10.1.106.212_d3363&login=anna_sca68&domain=hotmail%2ecom&hm___sig=7dc3816001c6a3dbbf0c687a7bf0e952336298d3053109fd
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/01/01 16:29:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/01/01 16:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2011/01/01 16:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/01 16:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2011/01/01 16:29:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/01/01 16:24:50 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/01 16:24:50 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/01 16:00:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 15:57:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 15:57:27 | 502,849,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/26 20:08:19 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - user.job
 
========== Files Created - No Company Name ==========
 
[2011/01/01 16:24:50 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/01 16:24:50 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/09/21 16:16:47 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/05 23:10:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/04/17 12:28:18 | 000,001,230 | -HS- | C] () -- C:\WINDOWS\System32\rntqsueq.ini
[2008/04/15 22:42:14 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\dkugiqog.ini
[2008/04/15 22:32:58 | 000,157,813 | -HS- | C] () -- C:\WINDOWS\System32\jmnmp.ini2
[2008/04/15 22:32:57 | 000,157,813 | -HS- | C] () -- C:\WINDOWS\System32\jmnmp.ini
[2008/04/14 22:33:13 | 000,000,826 | -HS- | C] () -- C:\WINDOWS\System32\bwwfuyth.ini
[2008/04/14 22:27:09 | 000,187,343 | -HS- | C] () -- C:\WINDOWS\System32\qsstv.ini2
[2008/04/14 22:27:08 | 000,187,343 | -HS- | C] () -- C:\WINDOWS\System32\qsstv.ini
[2008/04/14 19:17:51 | 000,000,646 | -HS- | C] () -- C:\WINDOWS\System32\llthyrxc.ini
[2008/04/13 19:20:33 | 000,000,526 | -HS- | C] () -- C:\WINDOWS\System32\jadqlfgw.ini
[2008/04/12 19:16:06 | 000,000,466 | -HS- | C] () -- C:\WINDOWS\System32\mujooknm.ini
[2008/04/12 19:06:53 | 000,174,717 | -HS- | C] () -- C:\WINDOWS\System32\fillm.ini
[2008/04/12 19:06:53 | 000,174,587 | -HS- | C] () -- C:\WINDOWS\System32\fillm.ini2
[2008/04/11 20:18:27 | 000,000,998 | -HS- | C] () -- C:\WINDOWS\System32\npupgxwb.ini
[2008/04/10 20:10:13 | 000,000,766 | -HS- | C] () -- C:\WINDOWS\System32\cfvppvjg.ini
[2008/04/10 20:04:01 | 000,182,208 | -HS- | C] () -- C:\WINDOWS\System32\mmnpo.ini2
[2008/04/10 20:04:00 | 000,182,328 | -HS- | C] () -- C:\WINDOWS\System32\mmnpo.ini
[2008/04/10 18:43:34 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\fydajndn.ini
[2008/04/07 21:49:59 | 000,000,586 | -HS- | C] () -- C:\WINDOWS\System32\qekwvtiw.ini
[2008/04/07 21:49:56 | 000,085,056 | ---- | C] () -- C:\WINDOWS\System32\witvwkeq.dll
[2008/04/06 17:48:16 | 000,000,526 | -HS- | C] () -- C:\WINDOWS\System32\jopykjtv.ini
[2008/04/03 20:01:40 | 000,006,362 | -HS- | C] () -- C:\WINDOWS\System32\vxwvw.ini2
[2008/04/03 20:01:39 | 000,006,362 | -HS- | C] () -- C:\WINDOWS\System32\vxwvw.ini
[2008/04/02 19:32:46 | 000,000,774 | -HS- | C] () -- C:\WINDOWS\System32\cvuxgfoh.ini
[2008/04/01 19:29:09 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\tkshywqk.ini
[2008/04/01 19:23:07 | 000,173,526 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini2
[2008/04/01 19:23:07 | 000,173,526 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini
[2008/04/01 18:06:06 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\mxflokte.ini
[2008/04/01 18:02:50 | 000,165,162 | -HS- | C] () -- C:\WINDOWS\System32\cedgh.ini2
[2008/04/01 18:02:50 | 000,165,162 | -HS- | C] () -- C:\WINDOWS\System32\cedgh.ini
[2008/03/30 10:53:47 | 000,002,986 | -HS- | C] () -- C:\WINDOWS\System32\tkoshxfv.ini
[2008/03/29 10:49:03 | 000,002,686 | -HS- | C] () -- C:\WINDOWS\System32\clmxmulr.ini
[2008/03/29 10:46:00 | 000,223,116 | -HS- | C] () -- C:\WINDOWS\System32\dddgh.ini2
[2008/03/29 10:46:00 | 000,223,116 | -HS- | C] () -- C:\WINDOWS\System32\dddgh.ini
[2008/03/29 08:57:03 | 000,002,506 | -HS- | C] () -- C:\WINDOWS\System32\mbbfgabp.ini
[2008/03/27 18:34:25 | 000,002,326 | -HS- | C] () -- C:\WINDOWS\System32\iptvikkp.ini
[2008/03/27 18:28:22 | 000,160,921 | -HS- | C] () -- C:\WINDOWS\System32\twxbc.ini2
[2008/03/27 18:28:21 | 000,160,972 | -HS- | C] () -- C:\WINDOWS\System32\twxbc.ini
[2008/03/27 17:46:47 | 000,002,086 | -HS- | C] () -- C:\WINDOWS\System32\prhunlqg.ini
[2008/03/17 18:23:41 | 000,001,966 | -HS- | C] () -- C:\WINDOWS\System32\theabnwq.ini
[2008/03/17 17:26:41 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\blejwrkm.ini
[2008/03/09 00:40:22 | 000,001,726 | -HS- | C] () -- C:\WINDOWS\System32\pmjsmbrg.ini
[2008/03/08 11:58:16 | 000,001,306 | -HS- | C] () -- C:\WINDOWS\System32\gxnmcwvr.ini
[2008/03/06 20:21:59 | 000,000,894 | -HS- | C] () -- C:\WINDOWS\System32\vvrrpebw.ini
[2008/03/06 20:20:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/03/04 20:16:20 | 000,000,714 | -HS- | C] () -- C:\WINDOWS\System32\wwparwxv.ini
[2008/03/02 00:58:11 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\uaakuipe.ini
[2008/03/01 22:15:28 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\ufbimqwi.ini
[2008/02/28 19:31:26 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\kjsojfkd.ini
[2008/02/28 08:11:29 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\bipmroyg.ini
[2008/02/28 08:10:20 | 000,166,674 | -HS- | C] () -- C:\WINDOWS\System32\suxbc.ini2
[2008/02/28 08:10:19 | 000,166,674 | -HS- | C] () -- C:\WINDOWS\System32\suxbc.ini
[2008/02/27 22:47:21 | 000,000,534 | -HS- | C] () -- C:\WINDOWS\System32\yeturmgy.ini
[2008/02/27 08:09:35 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\insgwoyy.ini
[2008/02/27 08:08:32 | 000,174,669 | -HS- | C] () -- C:\WINDOWS\System32\nmnpo.ini2
[2008/02/27 08:08:29 | 000,174,669 | -HS- | C] () -- C:\WINDOWS\System32\nmnpo.ini
[2008/02/26 18:14:57 | 000,001,374 | -HS- | C] () -- C:\WINDOWS\System32\vwiovfsi.ini
[2008/02/25 00:26:50 | 000,001,194 | -HS- | C] () -- C:\WINDOWS\System32\dsnvrwqx.ini
[2008/02/23 23:53:53 | 000,001,074 | -HS- | C] () -- C:\WINDOWS\System32\xvjnngxp.ini
[2004/12/08 23:39:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/13 20:25:14 | 000,000,289 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/18 22:39:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/02/09 00:23:26 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2004/01/18 12:57:25 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2004/01/18 12:48:19 | 000,000,308 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/01/06 13:23:56 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/04 01:53:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/18 05:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2003/05/27 11:27:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/27 10:43:19 | 000,001,534 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/27 03:48:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8

< End of report >

OTL Extras logfile created on: 01/01/2011 4:30:14 PM - Run 1
OTL by OldTimer - Version 3.2.20.0     Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
479.00 Mb Total Physical Memory | 157.00 Mb Available Physical Memory | 33.00% Memory free
741.00 Mb Paging File | 462.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 52.40 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-K0N3ZT9M2 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(Sympatico Consumer)" = Visual IP InSight(Sympatico Consumer)
"{1DC02E08-5098-42CD-81E3-4A5C877C7902}" = UFile 2006
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{2998FC3C-E41C-41D7-8527-D51B10363120}" = UFile Updater 2005
"{2A5C6AD0-F7B3-40A1-B140-23B085B1B8CE}" = UFile 2008
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}" = UFile 2007
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}" = UFile Updater 2007
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C9967B5A-6E08-4E79-BFBD-BBB07DB0CA04}" = UFile Updater 2008
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D46CF69E-A5E8-44A8-BDE6-48171C6CE691}" = SymNet
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{E19B632A-945B-4D1E-9BA9-97FCFD3F3071}" = UFile 2004
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F86AAA85-32B4-4686-9B42-8D4C3766BC73}" = UFile 2005
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BellCanada.MCCInstall" = Sympatico NetAssistant
"blubstershop.xml" = Blubster Support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark X1100 Series" = Lexmark X1100 Series
"LimeWire" = LimeWire 5.5.8
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MultiMedia Software" = MultiMedia Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Shockwave" = Shockwave
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01/01/2011 3:36:12 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 01/01/2011 3:36:12 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 01/01/2011 3:36:17 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 01/01/2011 3:36:17 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 01/01/2011 3:36:21 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 01/01/2011 3:36:24 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: A connection with the server could not be established  
 
Error - 01/01/2011 3:36:24 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 01/01/2011 3:36:24 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 01/01/2011 3:36:25 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 01/01/2011 3:36:25 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
[ System Events ]
Error - 01/01/2011 2:01:30 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:30 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:30 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:30 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:30 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:31 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:31 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:31 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 2:01:31 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 01/01/2011 3:25:10 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly.  It has done this
 1 time(s).
 
 
< End of report >
« Last Edit: January 02, 2011, 03:54:16 AM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #3 on: January 02, 2011, 03:57:05 AM »
this computer is quite infected, nothing we can't take care of however
Can you do the following please
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.

Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
     
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #4 on: January 02, 2011, 10:30:23 AM »
Hi guestsolo,

I will only be able to access that computer once or 2 times a week at best because it is at another location.

Since it is an old pc, running on norton and registration soon to expire. I would like to install on it a lite virus protection and firewall. I know it is not time for that right now, just giving you a heads up that after we clean the pc, I want to remove Norton and install whatever you recommend.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #5 on: January 02, 2011, 11:03:45 PM »
Quote
I will only be able to access that computer once or 2 times a week at best because it is at another location.

With my previous instructions, can you also reopen OTL.exe and run a Quick Scan, post the log that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #6 on: January 05, 2011, 07:06:33 PM »
Hello Guestsolo,


TFC..executed

Unable to download malawarebytes from either location> I first tried from IE, then I switched to mozilla with no luck. When I click on the first link, I get a screen saying:"Server not foundFirefox can't find the server at store.malwarebytes.org.* Check the address for typing errors such as
    ww.example.com instead of
    www.example.com

   * If you are unable to load any pages, check your computer's network
    connection.

   * If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.


The second link, did bring me to the major geek site, but after clicking on the download link, I got the same message above.

I then disabled the firewall from Norton, but got the same result.

    
    
    


    
Logged

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #7 on: January 05, 2011, 09:59:21 PM »
Update from previous post...

I managed to download spywareblaster from cnet. Enabled protection to both IE and mozilla.

I then retried to download malawarebytes from your links, again nothing. However I googled malawarebytes and managed to download it from cnet.

Installed the malaware but would not allow me to update to the newer version. I was going to remove the program, but thought better to scan with older version then not scanning at all. Did find 90 infected files, deleted and rebooted the computer. I went to the log file, copy pasted and then the computer would not connect to the internet anymore. I was told that it happens from time to time that the connection goes to @#!%&. I thought because the internet went whacky when I installed malaware(not from you links) I may have put a defectious one, so I deleted the malaware, but still could not connect.

I am writing this post from my home pc.



Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #8 on: January 16, 2011, 11:37:13 AM »
very sorry for the delay, do you still need a hand with this computer?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #9 on: January 20, 2011, 06:50:08 AM »
Of Course:)

But I havent been to that PC for a week now and don't know if the internet is acting crazy! I will be in front of that PC tonight or tomorrow and I'll see if the internet is up and running. If it is I will retry to download Malawarebytes from your links.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #10 on: January 22, 2011, 03:10:00 PM »
Can you try booting to "Safe mode with Networking"
Download/install Malwarebytes' Anti-malware, ensure it's updated run the "Quick Scan"

Clean anything it finds
Post back the log it creates

Also, try and get me a log from OTL.exe
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #11 on: January 23, 2011, 11:09:20 AM »
Hi guestsolo,

Haven't done your steps yet but this is what happened since my last post;

The internet is up and running, it was never down! Called the internet provider and after doing many test, including ipconfig, (dsn or is it dns) did a ping test, and the person said that the internet is working. He made me enter a number on the address bar( don't remember what it is) and when i push enter, the home page of google loaded. However, whenever I tried to access a webpage, either by cliking on one from the favorites or manualy entering in the address bar, nothing. The ISP tech said that there is something in the computer that is blocking the access to the internet.


Can you please refresh my memory on how to boot to safe mode?

Thanks
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #12 on: January 23, 2011, 12:01:55 PM »
As your computer restarts but before Windows launches, start tapping F8.  
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

Use the arrow keys to highlight Safe Mode with Networking, and then press ENTER.
If Windows launches before you can choose a safe mode, restart your computer and try again.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #13 on: January 24, 2011, 05:08:51 PM »
Hi guestsolo,

I wasn't sure if I had to run a scan in safe mode or in regular mode. I decide to run it in safe mode!

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5591

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

24/01/2011 5:00:15 PM
mbam-log-2011-01-24 (17-00-15).txt

Scan type: Quick scan
Objects scanned: 141653
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
« Last Edit: January 24, 2011, 06:12:25 PM by rinoscar »
Logged

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #14 on: January 24, 2011, 05:10:34 PM »
Here is the OTL:

OTL logfile created on: 24/01/2011 5:02:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.5    Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
479.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 64.00% Memory free
740.00 Mb Paging File | 673.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 52.95 Gb Free Space | 69.05% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-K0N3ZT9M2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/01/24 17:02:21 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/01/24 17:02:21 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/23 18:40:57 | 001,245,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101231.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101231.034\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 13:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20101229.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/30 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/05 19:20:57 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/16 03:47:52 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/30 12:42:00 | 000,397,824 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/05/14 18:09:00 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/04/01 15:51:30 | 000,719,052 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/01/10 13:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/23 22:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation                                               ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2011/01/20 19:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/01 19:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/01 19:59:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2005/06/14 20:53:06 | 000,000,833 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2B9A2F4B-E636-4C40-A422-DF4CAAE800A2} - No CLSID value found.
O2 - BHO: (no name) - {2EFDBF2A-6563-4DFC-BFCA-34F2677A5C01} - No CLSID value found.
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ()
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {BB3E753A-140C-4385-A351-BC12C06F0856} - No CLSID value found.
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - No CLSID value found.
O2 - BHO: (no name) - {E3DB17F5-A378-41BC-BBF7-B6A07F360F60} - No CLSID value found.
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] C:\WINDOWS\Options\OEMReset.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task]  File not found
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game02.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://yog30.games.ac4.yahoo.com/yog/y/tt5_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =  
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\iiijigh: DllName - iiijigh.dll -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Cicero.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Cicero.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/01/24 17:02:19 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/24 16:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/24 16:56:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/24 16:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/24 16:56:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/24 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/24 16:55:41 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                   ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/24 16:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/24 16:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/07 22:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/05 19:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/05 19:27:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/01/01 20:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/01 20:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/01 19:59:44 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/01 19:59:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/01 19:59:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/01 19:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/01 19:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/01 16:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2011/01/24 17:02:21 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/24 16:56:33 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/24 16:55:41 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                   ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/24 16:46:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/24 16:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/20 20:25:16 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - user.job
[2011/01/20 19:45:41 | 000,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/01 19:59:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/01 19:59:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/01 19:59:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/01 19:59:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/01 19:59:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
 
========== Files Created - No Company Name ==========
 
[2011/01/24 16:56:33 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/21 16:16:47 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/05 23:10:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/04/17 16:38:13 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/17 12:28:18 | 000,001,230 | -HS- | C] () -- C:\WINDOWS\System32\rntqsueq.ini
[2008/04/15 22:42:14 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\dkugiqog.ini
[2008/04/15 22:32:58 | 000,157,813 | -HS- | C] () -- C:\WINDOWS\System32\jmnmp.ini2
[2008/04/15 22:32:57 | 000,157,813 | -HS- | C] () -- C:\WINDOWS\System32\jmnmp.ini
[2008/04/14 22:33:13 | 000,000,826 | -HS- | C] () -- C:\WINDOWS\System32\bwwfuyth.ini
[2008/04/14 22:27:09 | 000,187,343 | -HS- | C] () -- C:\WINDOWS\System32\qsstv.ini2
[2008/04/14 22:27:08 | 000,187,343 | -HS- | C] () -- C:\WINDOWS\System32\qsstv.ini
[2008/04/14 19:17:51 | 000,000,646 | -HS- | C] () -- C:\WINDOWS\System32\llthyrxc.ini
[2008/04/13 19:20:33 | 000,000,526 | -HS- | C] () -- C:\WINDOWS\System32\jadqlfgw.ini
[2008/04/12 19:16:06 | 000,000,466 | -HS- | C] () -- C:\WINDOWS\System32\mujooknm.ini
[2008/04/12 19:06:53 | 000,174,717 | -HS- | C] () -- C:\WINDOWS\System32\fillm.ini
[2008/04/12 19:06:53 | 000,174,587 | -HS- | C] () -- C:\WINDOWS\System32\fillm.ini2
[2008/04/11 20:18:27 | 000,000,998 | -HS- | C] () -- C:\WINDOWS\System32\npupgxwb.ini
[2008/04/10 20:10:13 | 000,000,766 | -HS- | C] () -- C:\WINDOWS\System32\cfvppvjg.ini
[2008/04/10 20:04:01 | 000,182,208 | -HS- | C] () -- C:\WINDOWS\System32\mmnpo.ini2
[2008/04/10 20:04:00 | 000,182,328 | -HS- | C] () -- C:\WINDOWS\System32\mmnpo.ini
[2008/04/10 18:43:34 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\fydajndn.ini
[2008/04/07 21:49:59 | 000,000,586 | -HS- | C] () -- C:\WINDOWS\System32\qekwvtiw.ini
[2008/04/07 21:49:56 | 000,085,056 | ---- | C] () -- C:\WINDOWS\System32\witvwkeq.dll
[2008/04/06 17:48:16 | 000,000,526 | -HS- | C] () -- C:\WINDOWS\System32\jopykjtv.ini
[2008/04/03 20:01:40 | 000,006,362 | -HS- | C] () -- C:\WINDOWS\System32\vxwvw.ini2
[2008/04/03 20:01:39 | 000,006,362 | -HS- | C] () -- C:\WINDOWS\System32\vxwvw.ini
[2008/04/02 19:32:46 | 000,000,774 | -HS- | C] () -- C:\WINDOWS\System32\cvuxgfoh.ini
[2008/04/01 19:29:09 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\tkshywqk.ini
[2008/04/01 19:23:07 | 000,173,526 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini2
[2008/04/01 19:23:07 | 000,173,526 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini
[2008/04/01 18:06:06 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\mxflokte.ini
[2008/04/01 18:02:50 | 000,165,162 | -HS- | C] () -- C:\WINDOWS\System32\cedgh.ini2
[2008/04/01 18:02:50 | 000,165,162 | -HS- | C] () -- C:\WINDOWS\System32\cedgh.ini
[2008/03/30 10:53:47 | 000,002,986 | -HS- | C] () -- C:\WINDOWS\System32\tkoshxfv.ini
[2008/03/29 10:49:03 | 000,002,686 | -HS- | C] () -- C:\WINDOWS\System32\clmxmulr.ini
[2008/03/29 10:46:00 | 000,223,116 | -HS- | C] () -- C:\WINDOWS\System32\dddgh.ini2
[2008/03/29 10:46:00 | 000,223,116 | -HS- | C] () -- C:\WINDOWS\System32\dddgh.ini
[2008/03/29 08:57:03 | 000,002,506 | -HS- | C] () -- C:\WINDOWS\System32\mbbfgabp.ini
[2008/03/27 18:34:25 | 000,002,326 | -HS- | C] () -- C:\WINDOWS\System32\iptvikkp.ini
[2008/03/27 18:28:22 | 000,160,921 | -HS- | C] () -- C:\WINDOWS\System32\twxbc.ini2
[2008/03/27 18:28:21 | 000,160,972 | -HS- | C] () -- C:\WINDOWS\System32\twxbc.ini
[2008/03/27 17:46:47 | 000,002,086 | -HS- | C] () -- C:\WINDOWS\System32\prhunlqg.ini
[2008/03/17 18:23:41 | 000,001,966 | -HS- | C] () -- C:\WINDOWS\System32\theabnwq.ini
[2008/03/17 17:26:41 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\blejwrkm.ini
[2008/03/09 00:40:22 | 000,001,726 | -HS- | C] () -- C:\WINDOWS\System32\pmjsmbrg.ini
[2008/03/08 11:58:16 | 000,001,306 | -HS- | C] () -- C:\WINDOWS\System32\gxnmcwvr.ini
[2008/03/06 20:21:59 | 000,000,894 | -HS- | C] () -- C:\WINDOWS\System32\vvrrpebw.ini
[2008/03/04 20:16:20 | 000,000,714 | -HS- | C] () -- C:\WINDOWS\System32\wwparwxv.ini
[2008/03/02 00:58:11 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\uaakuipe.ini
[2008/03/01 22:15:28 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\ufbimqwi.ini
[2008/02/28 19:31:26 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\kjsojfkd.ini
[2008/02/28 08:11:29 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\bipmroyg.ini
[2008/02/28 08:10:20 | 000,166,674 | -HS- | C] () -- C:\WINDOWS\System32\suxbc.ini2
[2008/02/28 08:10:19 | 000,166,674 | -HS- | C] () -- C:\WINDOWS\System32\suxbc.ini
[2008/02/27 22:47:21 | 000,000,534 | -HS- | C] () -- C:\WINDOWS\System32\yeturmgy.ini
[2008/02/27 08:09:35 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\insgwoyy.ini
[2008/02/27 08:08:32 | 000,174,669 | -HS- | C] () -- C:\WINDOWS\System32\nmnpo.ini2
[2008/02/27 08:08:29 | 000,174,669 | -HS- | C] () -- C:\WINDOWS\System32\nmnpo.ini
[2008/02/26 18:14:57 | 000,001,374 | -HS- | C] () -- C:\WINDOWS\System32\vwiovfsi.ini
[2008/02/25 00:26:50 | 000,001,194 | -HS- | C] () -- C:\WINDOWS\System32\dsnvrwqx.ini
[2008/02/23 23:53:53 | 000,001,074 | -HS- | C] () -- C:\WINDOWS\System32\xvjnngxp.ini
[2004/12/08 23:39:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/13 20:25:14 | 000,000,289 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/18 22:39:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/02/09 00:23:26 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2004/01/18 12:57:25 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2004/01/18 12:48:19 | 000,000,308 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2003/09/04 01:53:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/18 05:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2003/05/27 11:27:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/27 10:43:19 | 000,001,534 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/27 03:48:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8

< End of report >

Logged

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #15 on: January 24, 2011, 05:12:03 PM »
Here is the extras:

OTL Extras logfile created on: 24/01/2011 5:02:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.5    Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
479.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 64.00% Memory free
740.00 Mb Paging File | 673.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 52.95 Gb Free Space | 69.05% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-K0N3ZT9M2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(Sympatico Consumer)" = Visual IP InSight(Sympatico Consumer)
"{1DC02E08-5098-42CD-81E3-4A5C877C7902}" = UFile 2006
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2998FC3C-E41C-41D7-8527-D51B10363120}" = UFile Updater 2005
"{2A5C6AD0-F7B3-40A1-B140-23B085B1B8CE}" = UFile 2008
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}" = UFile 2007
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}" = UFile Updater 2007
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C9967B5A-6E08-4E79-BFBD-BBB07DB0CA04}" = UFile Updater 2008
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D46CF69E-A5E8-44A8-BDE6-48171C6CE691}" = SymNet
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{E19B632A-945B-4D1E-9BA9-97FCFD3F3071}" = UFile 2004
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F86AAA85-32B4-4686-9B42-8D4C3766BC73}" = UFile 2005
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BellCanada.MCCInstall" = Sympatico NetAssistant
"blubstershop.xml" = Blubster Support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05/01/2011 8:54:55 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 05/01/2011 8:54:55 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 05/01/2011 8:54:55 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 05/01/2011 8:54:55 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 05/01/2011 8:54:55 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 05/01/2011 8:54:55 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 05/01/2011 8:54:56 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 05/01/2011 8:54:56 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 05/01/2011 8:54:56 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The data is invalid.  
 
Error - 05/01/2011 8:54:56 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
[ System Events ]
Error - 20/01/2011 8:54:00 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 20/01/2011 8:54:00 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time.
 
Error - 20/01/2011 8:57:35 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 20/01/2011 8:57:35 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 20/01/2011 8:57:38 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 20/01/2011 8:57:38 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time.
 
Error - 20/01/2011 9:12:39 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 30  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 20/01/2011 9:12:39 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 29 minutes.  NtpClient has no source of accurate
 time.
 
Error - 24/01/2011 5:47:09 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 24/01/2011 5:48:23 PM | Computer Name = OWNER-K0N3ZT9M2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   eeCtrl  Fips  intelppm  SPBBCDrv  SRTSP  SRTSPX  SYMTDI
 
 
< End of report >
Logged

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #16 on: January 24, 2011, 06:09:48 PM »
Hi Guestsolo,

I have a question. When I rebooted from safemode back to normal to see if I can surf the web, I can. Mind you the modem was turned off for a couple of days and don't know if it is because of that, or entering the PC in safemode.

Anyhow, when i got back on in normal mode, the malwarebytes shortcut was there, but the OTC program and logs are not there. Can you explain to me why that is?

Thank you.

PS....Remember I want to install a lite antivirus with firewall if possible. I have been waiting here one hour for Norton to update. I know it is a slow and old computer but this is ridiculous.
Logged

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #17 on: January 24, 2011, 06:27:14 PM »
Me again:)

Don't know if it would be helpful to you, but here is the log file from the initial malwarebytes scan. I don't know how it got saved since I removed the program after I could not access the internet:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05/01/2011 7:49:39 PM
mbam-log-2011-01-05 (19-49-39).txt

Scan type: Quick scan
Objects scanned: 139083
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 48
Registry Values Infected: 6
Registry Data Items Infected: 6
Folders Infected: 8
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\E404.e404mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\E404.e404mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343CE214-9998-4B21-A151-FFE970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} (Trojan.Vundo) -> Value: {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} (Trojan.Vundo) -> Value: {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Value: some -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Value: rdomain -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Value: prodname -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> Value: compname -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (85.255.113.138) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (85.255.112.203) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36F7DF0A-DCD0-4B6A-97E8-DC5A3199EB08}\NameServer (Trojan.DNSChanger) -> Bad: (85.255.113.138,85.255.112.203) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{902D135E-8D74-4194-9016-CE46CBA8ECEF}\NameServer (Trojan.DNSChanger) -> Bad: (85.255.113.138,85.255.112.203) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{902D135E-8D74-4194-9016-CE46CBA8ECEF}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (85.255.113.138,85.255.112.203) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\winsecureav (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
c:\winsecureav\AVQuar (Rogue.WinSecureAv) -> Quarantined and deleted successfully.

Files Infected:
c:\downloads\brainteasers1-dm[1].exe (Adware.TryMedia) -> Quarantined and deleted successfully.
c:\documents and settings\user\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\bmef8b5c69.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\bmef8b5c69.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\011D90E2.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Not able to instal programs
« Reply #18 on: January 25, 2011, 12:39:57 AM »
Can you do the following please
Double  click on OTL.exe and Run it
  • Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {2B9A2F4B-E636-4C40-A422-DF4CAAE800A2} - No CLSID value found.
    O2 - BHO: (no name) - {2EFDBF2A-6563-4DFC-BFCA-34F2677A5C01} - No CLSID value found.
    O2 - BHO: (no name) - {BB3E753A-140C-4385-A351-BC12C06F0856} - No CLSID value found.
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - No CLSID value found.
    O2 - BHO: (no name) - {E3DB17F5-A378-41BC-BBF7-B6A07F360F60} - No CLSID value found.
    O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
    O4 - HKLM..\Run: [QuickTime Task] File not found
    O18 - Protocol\Filter\text/html - No CLSID value found
    O20 - Winlogon\Notify\iiijigh: DllName - iiijigh.dll - File not found
    [2008/04/17 12:28:18 | 000,001,230 | -HS- | C] () -- C:\WINDOWS\System32\rntqsueq.ini
    [2008/04/15 22:42:14 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\dkugiqog.ini
    [2008/04/15 22:32:58 | 000,157,813 | -HS- | C] () -- C:\WINDOWS\System32\jmnmp.ini2
    [2008/04/15 22:32:57 | 000,157,813 | -HS- | C] () -- C:\WINDOWS\System32\jmnmp.ini
    [2008/04/14 22:33:13 | 000,000,826 | -HS- | C] () -- C:\WINDOWS\System32\bwwfuyth.ini
    [2008/04/14 22:27:09 | 000,187,343 | -HS- | C] () -- C:\WINDOWS\System32\qsstv.ini2
    [2008/04/14 22:27:08 | 000,187,343 | -HS- | C] () -- C:\WINDOWS\System32\qsstv.ini
    [2008/04/14 19:17:51 | 000,000,646 | -HS- | C] () -- C:\WINDOWS\System32\llthyrxc.ini
    [2008/04/13 19:20:33 | 000,000,526 | -HS- | C] () -- C:\WINDOWS\System32\jadqlfgw.ini
    [2008/04/12 19:16:06 | 000,000,466 | -HS- | C] () -- C:\WINDOWS\System32\mujooknm.ini
    [2008/04/12 19:06:53 | 000,174,717 | -HS- | C] () -- C:\WINDOWS\System32\fillm.ini
    [2008/04/12 19:06:53 | 000,174,587 | -HS- | C] () -- C:\WINDOWS\System32\fillm.ini2
    [2008/04/11 20:18:27 | 000,000,998 | -HS- | C] () -- C:\WINDOWS\System32\npupgxwb.ini
    [2008/04/10 20:10:13 | 000,000,766 | -HS- | C] () -- C:\WINDOWS\System32\cfvppvjg.ini
    [2008/04/10 20:04:01 | 000,182,208 | -HS- | C] () -- C:\WINDOWS\System32\mmnpo.ini2
    [2008/04/10 20:04:00 | 000,182,328 | -HS- | C] () -- C:\WINDOWS\System32\mmnpo.ini
    [2008/04/10 18:43:34 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\fydajndn.ini
    [2008/04/07 21:49:59 | 000,000,586 | -HS- | C] () -- C:\WINDOWS\System32\qekwvtiw.ini
    [2008/04/07 21:49:56 | 000,085,056 | ---- | C] () -- C:\WINDOWS\System32\witvwkeq.dll
    [2008/04/06 17:48:16 | 000,000,526 | -HS- | C] () -- C:\WINDOWS\System32\jopykjtv.ini
    [2008/04/03 20:01:40 | 000,006,362 | -HS- | C] () -- C:\WINDOWS\System32\vxwvw.ini2
    [2008/04/03 20:01:39 | 000,006,362 | -HS- | C] () -- C:\WINDOWS\System32\vxwvw.ini
    [2008/04/02 19:32:46 | 000,000,774 | -HS- | C] () -- C:\WINDOWS\System32\cvuxgfoh.ini
    [2008/04/01 19:29:09 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\tkshywqk.ini
    [2008/04/01 19:23:07 | 000,173,526 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini2
    [2008/04/01 19:23:07 | 000,173,526 | -HS- | C] () -- C:\WINDOWS\System32\wvutv.ini
    [2008/04/01 18:06:06 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\mxflokte.ini
    [2008/04/01 18:02:50 | 000,165,162 | -HS- | C] () -- C:\WINDOWS\System32\cedgh.ini2
    [2008/04/01 18:02:50 | 000,165,162 | -HS- | C] () -- C:\WINDOWS\System32\cedgh.ini
    [2008/03/30 10:53:47 | 000,002,986 | -HS- | C] () -- C:\WINDOWS\System32\tkoshxfv.ini
    [2008/03/29 10:49:03 | 000,002,686 | -HS- | C] () -- C:\WINDOWS\System32\clmxmulr.ini
    [2008/03/29 10:46:00 | 000,223,116 | -HS- | C] () -- C:\WINDOWS\System32\dddgh.ini2
    [2008/03/29 10:46:00 | 000,223,116 | -HS- | C] () -- C:\WINDOWS\System32\dddgh.ini
    [2008/03/29 08:57:03 | 000,002,506 | -HS- | C] () -- C:\WINDOWS\System32\mbbfgabp.ini
    [2008/03/27 18:34:25 | 000,002,326 | -HS- | C] () -- C:\WINDOWS\System32\iptvikkp.ini
    [2008/03/27 18:28:22 | 000,160,921 | -HS- | C] () -- C:\WINDOWS\System32\twxbc.ini2
    [2008/03/27 18:28:21 | 000,160,972 | -HS- | C] () -- C:\WINDOWS\System32\twxbc.ini
    [2008/03/27 17:46:47 | 000,002,086 | -HS- | C] () -- C:\WINDOWS\System32\prhunlqg.ini
    [2008/03/17 18:23:41 | 000,001,966 | -HS- | C] () -- C:\WINDOWS\System32\theabnwq.ini
    [2008/03/17 17:26:41 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\blejwrkm.ini
    [2008/03/09 00:40:22 | 000,001,726 | -HS- | C] () -- C:\WINDOWS\System32\pmjsmbrg.ini
    [2008/03/08 11:58:16 | 000,001,306 | -HS- | C] () -- C:\WINDOWS\System32\gxnmcwvr.ini
    [2008/03/06 20:21:59 | 000,000,894 | -HS- | C] () -- C:\WINDOWS\System32\vvrrpebw.ini
    [2008/03/04 20:16:20 | 000,000,714 | -HS- | C] () -- C:\WINDOWS\System32\wwparwxv.ini
    [2008/03/02 00:58:11 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\uaakuipe.ini
    [2008/03/01 22:15:28 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\ufbimqwi.ini
    [2008/02/28 19:31:26 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\kjsojfkd.ini
    [2008/02/28 08:11:29 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\bipmroyg.ini
    [2008/02/28 08:10:20 | 000,166,674 | -HS- | C] () -- C:\WINDOWS\System32\suxbc.ini2
    [2008/02/28 08:10:19 | 000,166,674 | -HS- | C] () -- C:\WINDOWS\System32\suxbc.ini
    [2008/02/27 22:47:21 | 000,000,534 | -HS- | C] () -- C:\WINDOWS\System32\yeturmgy.ini
    [2008/02/27 08:09:35 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\insgwoyy.ini
    [2008/02/27 08:08:32 | 000,174,669 | -HS- | C] () -- C:\WINDOWS\System32\nmnpo.ini2
    [2008/02/27 08:08:29 | 000,174,669 | -HS- | C] () -- C:\WINDOWS\System32\nmnpo.ini
    [2008/02/26 18:14:57 | 000,001,374 | -HS- | C] () -- C:\WINDOWS\System32\vwiovfsi.ini
    [2008/02/25 00:26:50 | 000,001,194 | -HS- | C] () -- C:\WINDOWS\System32\dsnvrwqx.ini
    [2008/02/23 23:53:53 | 000,001,074 | -HS- | C] () -- C:\WINDOWS\System32\xvjnngxp.ini
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
    :Reg
    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    [Reboot]

  • Then click the [color="#FF0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

AfDownload ComboFix from the following location

[color="#0000FF"]Link 1[/color]
Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline rinoscar

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
Not able to instal programs
« Reply #19 on: January 27, 2011, 07:11:52 PM »
Hello Guestsolo,

I ran the OTL with the fix then rebooted and a notepad file appeared and that is it!! The computer stopped, the ICONS..IE, recycling bin, the my computer icon... did not show up. I managed to get back on the site to download the combo fix, saved it to my desktop, but it did not. I rebooted thinking maybe it was a glitch, nopw nothing again. No Icons, just a blank screen, with the start button on the bottom and with Norton running. So, I rebooted again in safe mode.

The OTL file is saved there. I will post it in the next reply. I am thinking was I supposed to run those fixes(OTL) in safemode? I am debating if I should download combofix in safe mode and run it from there?
Logged
Pages: [1] 2
« previous next »