Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security error message active desktop recovery message


  • This topic is locked This topic is locked
19 replies to this topic

#1 JJBlog

JJBlog

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 04:29 AM

Hi, this is my daughters computer  which I have brought to you before, she keeps downloading stuff (minecraft mods etc).  I suspect malware as we are getting  weird boxes appearing on start up, would you please check the logs - thank you

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.13.2
Run by hp at 10:21:07 on 2013-04-04
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3455.2776 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=4CD70019D2C01E73
uSearchAssistant = hxxp://www.google.com
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - c:\program files\singalong\singalng.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: holasearch Helper Object: {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - c:\program files\holasearch\holasearch\1.8.16.16\bh\holasearch.dll
TB: Holasearch Toolbar: {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - c:\program files\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354577964063
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3E817221-6807-4C81-B67C-C2A587DABD88} : DHCPNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-20 33112]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-1-11 36552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-1-11 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-1-11 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-1-11 83944]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2012-12-4 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-04-02 21:21:01 -------- d-----w- c:\documents and settings\hp\application data\PerformerSoft
2013-04-02 16:50:13 -------- d-----w- c:\documents and settings\hp\application data\NCH Software
2013-04-02 16:08:33 -------- d-----w- c:\windows\system32\searchplugins
2013-04-02 16:08:33 -------- d-----w- c:\windows\system32\Extensions
2013-04-02 16:07:59 -------- d-----w- c:\program files\holasearch
2013-04-02 16:07:58 -------- d-----w- c:\documents and settings\hp\application data\holasearch
2013-04-02 16:07:15 -------- d-----w- c:\program files\NCH Software
2013-04-01 17:43:16 -------- d-----w- C:\glassfish3
2013-03-31 14:41:47 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-30 17:28:42 18096 ----a-w- c:\windows\system32\roboot.exe
2013-03-29 14:54:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2013-03-21 19:20:44 -------- d-----w- C:\Minecraft_Backup
2013-03-21 18:27:05 -------- d-----w- c:\documents and settings\hp\application data\.minecraft
2013-03-21 18:03:22 -------- d-----w- c:\documents and settings\hp\application data\skyz
2013-03-15 18:35:33 -------- d-----w- c:\program files\Paint.NET
2013-03-15 18:35:31 -------- d-----w- c:\documents and settings\hp\local settings\application data\Paint.NET
2013-03-12 12:54:16 -------- d-----w- c:\documents and settings\hp\local settings\application data\Screencast-O-Matic
2013-03-12 12:49:55 49664 ----a-w- c:\windows\system32\CamCodec.dll
2013-03-12 12:49:55 -------- d-----w- c:\program files\CamStudio 2.6b
2013-03-12 12:48:25 -------- d-----w- c:\program files\SingAlong
2013-03-12 12:48:22 723230 ----a-w- c:\windows\unins000.exe
2013-03-12 12:33:47 -------- d-----w- c:\program files\CamStudio 2.7
2013-03-12 12:09:23 -------- d-----w- c:\windows\SxsCaPendDel
2013-03-12 12:07:18 -------- d--h--r- C:\AHCache
2013-03-11 18:00:55 -------- d-----w- C:\ my world
2013-03-11 17:47:46 -------- d-----w- c:\documents and settings\hp\application data\Blender Foundation
2013-03-06 16:22:57 -------- d-----w- c:\documents and settings\hp\application data\Solveig Multimedia
2013-03-06 16:14:48 -------- d-----w- c:\documents and settings\hp\local settings\application data\temp
2013-03-06 16:14:37 -------- d-----w- c:\documents and settings\hp\local settings\application data\Pokki
2013-03-06 16:14:04 -------- d-----w- c:\documents and settings\hp\local settings\application data\CRE
2013-03-06 16:13:35 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
.
==================== Find3M  ====================
.
2013-03-12 18:04:33 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 18:04:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-19 13:12:21 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-17 08:44:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-17 08:44:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-17 08:44:04 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-17 08:44:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 10:21:38.40 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:45 AM

Posted 04 April 2013 - 10:15 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

 

 

 

 

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

Hola Chrome Toolbar

holasearch toolbar

 

 

 

Download Malwarebytes' Anti-Malware to your desktop.
 

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

 

 

 

 

 

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in

 

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.


Please post both logfiles in your next reply.


Edited by Larusso, 04 April 2013 - 10:17 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 11:50 AM

Hi Daniel,

 

I removed Hola Chrome toolbar and Hola search toolbar.

 

Here is Malwarebytes log

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.04.04.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
hp :: NC6400 [administrator]
 
04/04/2013 17:22:27
mbam-log-2013-04-04 (17-22-27).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217340
Time elapsed: 8 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
When I try to download OTL on chrome it does not give me option to save only run so I opened internet explorer and first page it opens is hola search even though it is not installed on my computer according to control panel.  So I go back to google chrome and run OTL.  Here are logs.

OTL logfile created on: 04/04/2013 17:38:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\hp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.37 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 85.85% Memory free
5.21 Gb Paging File | 4.79 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 86.75 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NC6400 | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/04 17:36:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hp\My Documents\Downloads\OTL (1).exe
PRC - [2013/02/17 09:44:05 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/12 17:03:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/12 17:01:56 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/02/12 17:01:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/12 17:01:52 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/01/09 16:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/03/03 16:28:18 | 000,136,736 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
PRC - [2006/02/27 18:02:06 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/02/27 18:00:58 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006/02/27 18:03:28 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/03/12 19:04:35 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/17 09:44:05 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/12 17:03:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/12 17:01:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/02/19 14:12:21 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/27 11:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/22 16:51:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/11/22 16:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/01/06 21:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/06 21:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/25 01:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/03/21 17:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/12/14 10:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/10/31 11:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/09 14:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/03/02 13:53:20 | 001,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/27 17:48:20 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/27 17:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/27 17:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/27 17:40:16 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/11/29 17:56:28 | 000,036,768 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/21 12:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=4CD70019D2C01E73
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E92985E3-22B8-4C97-A049-67C7A5C24440}: "URL" = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=4cd738400000000000000019d2c01e73&q={searchTerms}&r=875
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\hp\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files\SingAlong\FF\ [2013/03/12 13:48:25 | 000,000,000 | ---D | M]
 
[2013/02/19 16:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Hola Search (Enabled)
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\hp\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Sing Along = C:\Documents and Settings\hp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.110_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\hp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
 
O1 HOSTS File: ([2013/02/19 18:47:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354577964063 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E817221-6807-4C81-B67C-C2A587DABD88}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IfxWlxEN: DllName - (IfxWlxEN.dll) - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O24 - Desktop WallPaper: C:\Documents and Settings\hp\My Documents\Downloads\creeper.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\hp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/03 11:22:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/03 18:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\spongebob houses
[2013/04/02 22:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\PerformerSoft
[2013/04/02 17:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\songs
[2013/04/02 17:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\NCH Software
[2013/04/02 17:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\mixpad stuff
[2013/04/02 17:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2013/04/02 17:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/04/02 17:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2013/04/02 17:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/04/02 17:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/04/02 17:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2013/04/02 09:21:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hp\Desktop\spy stuff
[2013/04/01 18:43:16 | 000,000,000 | ---D | C] -- C:\glassfish3
[2013/03/30 18:28:42 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2013/03/29 15:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2013/03/21 20:20:44 | 000,000,000 | ---D | C] -- C:\Minecraft_Backup
[2013/03/21 19:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\.minecraft
[2013/03/21 19:17:53 | 000,196,608 | ---- | C] (ICSharpCode.net) -- C:\Documents and Settings\hp\My Documents\ICSharpCode.SharpZipLib.dll
[2013/03/21 19:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\skyz
[2013/03/15 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/03/15 19:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\Application Data\Paint.NET
[2013/03/12 13:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\Application Data\Screencast-O-Matic
[2013/03/12 13:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/03/12 13:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2013/03/12 13:49:55 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2013/03/12 13:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.6b
[2013/03/12 13:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\SingAlong
[2013/03/12 13:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/03/12 13:09:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013/03/12 13:08:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2013/03/12 13:07:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/03/12 13:07:18 | 000,000,000 | RH-D | C] -- C:\AHCache
[2013/03/11 20:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\My Documents\.minecraft
[2013/03/11 19:00:55 | 000,000,000 | ---D | C] -- C:\ my world
[2013/03/11 18:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Blender Foundation
[2013/03/06 17:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Solveig Multimedia
[2013/03/06 17:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\My Documents\HyperCam3
[2013/03/06 17:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\Application Data\temp
[2013/03/06 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\Application Data\Pokki
[2013/03/06 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\Application Data\CRE
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 17:28:35 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A79C6E64-B59E-4203-9D68-B94E93E5743F}.job
[2013/04/04 17:21:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/04 17:21:04 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/04/04 17:20:26 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 17:20:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/04/04 17:20:26 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-1303643608-1801674531-1003.job
[2013/04/04 17:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/04 16:47:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 16:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/04 12:07:50 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\MixPadReminder.job
[2013/04/04 10:11:56 | 000,443,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/04 10:11:56 | 000,070,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/03 18:27:44 | 000,608,244 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\spongebob 3 houses!!.zip
[2013/04/02 17:57:52 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\Microsoft Word.lnk
[2013/04/02 17:07:16 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MixPad.lnk
[2013/04/02 09:48:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/01 09:15:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/31 15:30:22 | 028,693,711 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\CabooseCraft Puzzle V2 (1).rar
[2013/03/30 18:33:37 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\hp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/30 18:33:26 | 008,797,126 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\episode 2.wav
[2013/03/30 16:59:43 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-1303643608-1801674531-1003.job
[2013/03/29 17:20:59 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/29 17:10:51 | 001,719,958 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\Animation theme.wav
[2013/03/29 16:59:59 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\Sound Recorder.lnk
[2013/03/21 19:17:53 | 000,196,608 | ---- | M] (ICSharpCode.net) -- C:\Documents and Settings\hp\My Documents\ICSharpCode.SharpZipLib.dll
[2013/03/20 21:04:26 | 001,176,576 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\TooManyItems Mod Installer.exe
[2013/03/15 19:35:45 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2013/03/15 19:09:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/03/12 20:01:52 | 031,098,407 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\The Dreamv1.3.rar
[2013/03/12 18:32:05 | 028,693,711 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\CabooseCraft Puzzle V2.rar
[2013/03/12 14:15:41 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/03/12 13:54:32 | 000,002,148 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\Screencast-O-Matic.lnk
[2013/03/12 13:48:23 | 000,219,287 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2013/03/12 13:48:19 | 000,723,230 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2013/03/12 13:39:02 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\CamShapes.ini
[2013/03/12 13:39:02 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\CamLayout.ini
[2013/03/12 13:39:02 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\Camdata.ini
[2013/03/12 13:37:16 | 000,004,509 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\CamStudio.cfg
[2013/03/11 18:55:55 | 000,123,539 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\mineways-RGB.png
[2013/03/11 18:55:55 | 000,007,099 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\mineways-Alpha.png
[2013/03/11 18:55:54 | 103,122,253 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\mineways.obj
[2013/03/11 18:55:54 | 000,145,924 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\mineways-RGBA.png
[2013/03/11 18:55:54 | 000,016,296 | ---- | M] () -- C:\Documents and Settings\hp\My Documents\mineways.mtl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/04 12:07:50 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\MixPadReminder.job
[2013/04/03 18:26:56 | 000,608,244 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\spongebob 3 houses!!.zip
[2013/04/02 17:07:16 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MixPad.lnk
[2013/04/02 17:07:16 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MixPad.lnk
[2013/03/31 15:29:59 | 028,693,711 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\CabooseCraft Puzzle V2 (1).rar
[2013/03/30 18:33:26 | 008,797,126 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\episode 2.wav
[2013/03/30 18:11:53 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\Sound Recorder.lnk
[2013/03/29 17:10:51 | 001,719,958 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\Animation theme.wav
[2013/03/21 19:17:38 | 001,176,576 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\TooManyItems Mod Installer.exe
[2013/03/15 19:35:45 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2013/03/15 19:35:45 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2013/03/12 20:01:23 | 031,098,407 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\The Dreamv1.3.rar
[2013/03/12 18:32:04 | 028,693,711 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\CabooseCraft Puzzle V2.rar
[2013/03/12 14:15:37 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/03/12 13:54:32 | 000,002,148 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\Screencast-O-Matic.lnk
[2013/03/12 13:48:26 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/03/12 13:48:22 | 000,723,230 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/03/12 13:48:22 | 000,219,287 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/03/12 13:39:02 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\CamShapes.ini
[2013/03/12 13:39:02 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\CamLayout.ini
[2013/03/12 13:39:02 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\Camdata.ini
[2013/03/12 13:37:12 | 000,004,509 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\CamStudio.cfg
[2013/03/11 18:55:55 | 000,007,099 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\mineways-Alpha.png
[2013/03/11 18:55:54 | 000,145,924 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\mineways-RGBA.png
[2013/03/11 18:55:54 | 000,123,539 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\mineways-RGB.png
[2013/03/11 18:55:54 | 000,016,296 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\mineways.mtl
[2013/03/11 18:55:31 | 103,122,253 | ---- | C] () -- C:\Documents and Settings\hp\My Documents\mineways.obj
[2013/03/06 17:13:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/02/19 21:03:06 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\hp\jagex_cl_runescape_LIVE.dat
[2013/02/19 21:03:06 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\hp\random.dat
[2013/02/19 10:26:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/02/03 12:50:48 | 000,134,189 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2013/02/03 12:50:37 | 000,010,385 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2013/02/03 12:50:36 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2013/01/15 09:02:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/14 20:53:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/01/12 18:21:18 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\hp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/04 01:00:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/12/03 11:25:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/12/03 11:18:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/12/02 10:34:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/12/02 10:32:42 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/20 17:42:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/12/04 01:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2013/01/20 13:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/03/11 19:01:08 | 000,000,000 | ---D | M] -- C:\ my world
[2013/03/12 13:07:18 | 000,000,000 | RH-D | M] -- C:\AHCache
[2013/02/19 18:41:31 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2013/04/01 09:30:47 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2013/02/19 16:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2013/04/01 18:44:37 | 000,000,000 | ---D | M] -- C:\glassfish3
[2013/03/21 20:20:44 | 000,000,000 | ---D | M] -- C:\Minecraft_Backup
[2013/04/04 17:18:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/02/21 13:44:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/12/04 01:52:00 | 000,000,000 | ---D | M] -- C:\swsetup
[2013/04/04 17:39:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/03/11 19:45:35 | 000,000,000 | ---D | M] -- C:\tmp
[2013/04/02 22:20:56 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2013/04/01 09:06:44 | 000,000,000 | -HSD | M] -- C:\WINDOWS\installer\$PatchCache$
Invalid Environment Variable: localappdata
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 12:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: USER32.DLL  >
[2008/04/14 12:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/14 12:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 12:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< End of report >
 

OTL Extras logfile created on: 04/04/2013 17:38:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\hp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.37 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 85.85% Memory free
5.21 Gb Paging File | 4.79 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 86.75 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NC6400 | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Documents and Settings\hp\Application Data\File Scout\filescout.exe" /open "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe" = C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}" = HP Embedded Security for ProtectTools
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{739126B3-1C80-4F1F-8D19-312A19633E1A}_is1" = Screen Recorder
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blender" = Blender
"Coupon Companion Plugin" = Coupon Companion Plugin
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Map001" = 001 Game Creator 1.010.009
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MixPad" = MixPad
"singalong@xenophesoft.com" = Sing Along
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WordBiz_0" = WordBiz 1.8.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Screencast-O-Matic" = Screencast-O-Matic
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/03/2013 08:51:18 | Computer Name = NC6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12/03/2013 08:51:32 | Computer Name = NC6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12/03/2013 08:51:41 | Computer Name = NC6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12/03/2013 08:51:42 | Computer Name = NC6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12/03/2013 10:25:41 | Computer Name = NC6400 | Source = Application Error | ID = 1000
Description = Faulting application blender.exe, version 2.6.6.0, faulting module
 blender.exe, version 2.6.6.0, fault address 0x002e8b1b.
 
Error - 14/03/2013 14:10:09 | Computer Name = NC6400 | Source = Iminent | ID = 0
Description = 
 
Error - 15/03/2013 13:50:51 | Computer Name = NC6400 | Source = Iminent | ID = 0
Description = 
 
Error - 16/03/2013 04:15:54 | Computer Name = NC6400 | Source = CltMngSvc | ID = 1000
Description = 
 
Error - 16/03/2013 04:16:07 | Computer Name = NC6400 | Source = Application Error | ID = 1000
Description = Faulting application Umbrella.exe, version 3.4.5.2, faulting module
 Umbrella.exe, version 3.4.5.2, fault address 0x0006884b.
 
Error - 16/03/2013 04:16:19 | Computer Name = NC6400 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
[ System Events ]
Error - 02/04/2013 04:19:48 | Computer Name = NC6400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
 address 0019D2C01E73 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 02/04/2013 04:20:03 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 02/04/2013 04:21:13 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM 
Service service to connect.
 
Error - 02/04/2013 04:21:13 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
Error - 02/04/2013 17:08:35 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 02/04/2013 17:19:44 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 03/04/2013 05:12:44 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 03/04/2013 13:26:12 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 04/04/2013 05:07:37 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 04/04/2013 12:20:45 | Computer Name = NC6400 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
 
< End of report >
 
 
 


#4 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 11:56 AM

Ok I removed hola search from the home page setting on internet explorer, it still does not appear in programs in control panel.



#5 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:45 AM

Posted 04 April 2013 - 12:43 PM

Double click on the OTL icon to run it.
Copy/paste the entire contents of the codebox below into the Custom.jpg Box:
:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=4CD70019D2C01E73
IE - HKCU\..\SearchScopes\{876F5C08-D639-459C-A992-3199BF54CE45}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=0DC4330E-D04E-4D71-A5DC-6DA927BAF4F7&apn_sauid=BE25BBAF-B22B-49B3-9B02-FCC85A77B9C3
IE - HKCU\..\SearchScopes\{DBE653AF-70D3-433A-8D60-32B17C0C251F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN36144283031482858&UM=2
IE - HKCU\..\SearchScopes\{E92985E3-22B8-4C97-A049-67C7A5C24440}: "URL" = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=4cd738400000000000000019d2c01e73&q={searchTerms}&r=875
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll) -  File not found
DRV - [2013/02/19 14:12:21 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
:files
c:\program files\holasearch
c:\documents and settings\hp\application data\holasearch
:commands
[emptytemp]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Please post the log in your next reply.




    Change Chrome Homepage --> http://support.google.com/chromeos/bin/answer.py?hl=en&answer=95314
    Change default search provider --> http://support.google.com/chrome/bin/answer.py?hl=en&answer=95426



    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#6 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 01:04 PM

Here is OTL report- it did reboot.  On start up the little grey box titled HP protect Tools Embedded Security Manager say Resource file <C.SpURsD11>not found!

 

 

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{876F5C08-D639-459C-A992-3199BF54CE45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{876F5C08-D639-459C-A992-3199BF54CE45}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DBE653AF-70D3-433A-8D60-32B17C0C251F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBE653AF-70D3-433A-8D60-32B17C0C251F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E92985E3-22B8-4C97-A049-67C7A5C24440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E92985E3-22B8-4C97-A049-67C7A5C24440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\docume~1\alluse~1\applic~1\browse~1\261125~1.80\{c16c1~1\browse~1.dll deleted successfully.
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\WINDOWS\system32\drivers\avgtpx86.sys moved successfully.
========== FILES ==========
File\Folder c:\program files\holasearch not found.
File\Folder c:\documents and settings\hp\application data\holasearch not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: hp
->Temp folder emptied: 1034852266 bytes
->Temporary Internet Files folder emptied: 173210248 bytes
->Google Chrome cache emptied: 105386778 bytes
->Flash cache emptied: 1923 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 102820 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3360458 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 57540583 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4073840650 bytes
 
Total Files Cleaned = 5,198.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04042013_185544
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#7 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 02:14 PM

Here is ESET result

 

C:\Documents and Settings\hp\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
C:\Documents and Settings\hp\Desktop\mixpad stuff\pcpholasetup.exe a variant of Win32/InstallBrain.X application
C:\Documents and Settings\hp\My Documents\Downloads\cbsidlm-tr1_11-Adware_Remover-ORG-75720238.exe Win32/DownloadAdmin.G application
C:\Documents and Settings\hp\My Documents\Downloads\cbsidlm-tr1_11-HyperCam-ORG-75000937.exe Win32/DownloadAdmin.G application
C:\Documents and Settings\hp\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (1).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (10).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (11).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (12).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (13).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (14).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (15).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (16).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (17).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (18).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (19).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (2).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (20).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (21).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (22).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (23).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (24).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (25).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (26).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (27).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (28).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (29).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (3).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (30).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (31).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (32).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (33).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (34).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (35).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (36).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (37).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (38).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (39).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (4).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (40).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (41).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (42).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (43).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (44).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (45).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (46).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (47).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (48).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (49).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (5).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (50).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (51).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (52).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (53).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (54).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (55).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (56).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (57).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (58).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (59).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (6).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (60).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (61).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (62).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (63).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (64).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (7).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (8).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup (9).exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\minecraft setup.exe a variant of Win32/Soft32Downloader.C application
C:\Documents and Settings\hp\My Documents\Downloads\setup (1).exe multiple threats
C:\Documents and Settings\hp\My Documents\Downloads\SoftonicDownloader_for_minecraft-1-9 (1).exe a variant of Win32/SoftonicDownloader.E application
C:\Documents and Settings\hp\My Documents\Downloads\SoftonicDownloader_for_minecraft-1-9.exe a variant of Win32/SoftonicDownloader.E application
C:\Documents and Settings\hp\My Documents\Downloads\SoftonicDownloader_for_minecraft-server.exe a variant of Win32/SoftonicDownloader.E application
C:\Documents and Settings\hp\My Documents\Downloads\SoftonicDownloader_for_mixpad.exe a variant of Win32/SoftonicDownloader.E application
C:\Documents and Settings\hp\My Documents\Downloads\SoftonicDownloader_for_powerpaint.exe a variant of Win32/SoftonicDownloader.E application
C:\Documents and Settings\hp\My Documents\Downloads\SoftonicDownloader_for_windows-live-movie-maker.exe a variant of Win32/SoftonicDownloader.E application
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application


#8 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 02:16 PM

Also the active desktop recovery thing is still showing



#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:45 AM

Posted 04 April 2013 - 02:40 PM

Hy there

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

cmd /c reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components" > "%userprofile%\desktop\look.txt"


A look.txt will be created on your desktop. Please post its content here.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#10 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 02:47 PM

Hi Daniel,

 

I have followed instructions, I see a black box flash up on screen but it disappears immediately so I cannot post it ???



#11 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 02:50 PM

Ah found it

 
! REG.EXE VERSION 3.0
 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components
    DeskHtmlVersion REG_DWORD 0x110
    DeskHtmlMinorVersion REG_DWORD 0x5
    Settings REG_DWORD 0x1
    GeneralFlags REG_DWORD 0x0


#12 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:45 AM

Posted 04 April 2013 - 03:00 PM

Lets give it a shot.

Bring up the commandline again and copy the following single line command in it.

reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components" /v DeskHtmlVersion /t Reg_Dword /d 0 /f

Reboot and let me know.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#13 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 03:10 PM

Ah well done, the active desktop message has gone.  I am still getting the grey box HP protect message. Do we need to get rid of the 79 found threats?



#14 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:45 AM

Posted 04 April 2013 - 03:13 PM

I am still getting the grey box HP protect message

Not sure what you mean.


The detections of ESET are nothing. Time to clean your downloadfolder and avoid to use 3rd Party Software Downloader like from Softtonic.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#15 JJBlog

JJBlog
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2013 - 03:18 PM

I posted earlier about the grey box. On start up the little grey box titled HP protect Tools Embedded Security Manager say Resource file <C.SpURsD11>not found!

 

OK I will clean up the download folder and will instruct my daughter about 3rd party downloaders






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users