Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: CNNIC.Searchbar

  1. 2011-11-05, 15:43 #11
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi noblemind,

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services

:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O33 - MountPoints2\{39ecf085-225b-11e0-b5b6-0018deb066f1}\Shell - "" = AutoRun
O33 - MountPoints2\{39ecf085-225b-11e0-b5b6-0018deb066f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{39ecf085-225b-11e0-b5b6-0018deb066f1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2008/11/10 12:11:46 | 000,009,793 | -H-- | C] () -- C:\WINDOWS\t49f4d98.dat
[2008/11/10 12:11:40 | 000,000,266 | -H-- | C] () -- C:\WINDOWS\f49f4d98.dat
[2008/11/10 12:11:15 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\t49d5g545.dat

:Files
ipconfig /flushdns /c

:Commands
[purity]
[clearallrestorepoints]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  2. 2011-11-05, 19:50 #12
    noblemind
    noblemind is offline
    Member
    Join Date
    Mar 2010
    Posts
    33

    Default

    Here is the log from the runfix:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39ecf085-225b-11e0-b5b6-0018deb066f1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39ecf085-225b-11e0-b5b6-0018deb066f1}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39ecf085-225b-11e0-b5b6-0018deb066f1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39ecf085-225b-11e0-b5b6-0018deb066f1}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39ecf085-225b-11e0-b5b6-0018deb066f1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39ecf085-225b-11e0-b5b6-0018deb066f1}\ not found.
    File F:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\LaunchU3.exe -a not found.
    C:\WINDOWS\t49f4d98.dat moved successfully.
    C:\WINDOWS\f49f4d98.dat moved successfully.
    C:\WINDOWS\t49d5g545.dat moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Owner.furbus\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner.furbus\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    Restore points cleared and new OTL Restore Point set!
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    User: Owner.furbus
    ->Temp folder emptied: 1054604 bytes
    ->Temporary Internet Files folder emptied: 37538211 bytes
    ->Java cache emptied: 150181931 bytes
    ->FireFox cache emptied: 472267451 bytes
    ->Flash cache emptied: 3399880 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 39138 bytes
    %systemroot%\System32 .tmp files removed: 346641 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5371978 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 132575132 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 766.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11052011_143037

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  3. 2011-11-05, 20:00 #13
    noblemind
    noblemind is offline
    Member
    Join Date
    Mar 2010
    Posts
    33

    Default

    Rescan log:
    OTL logfile created on: 11/5/2011 2:52:26 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.furbus\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.11 Mb Total Physical Memory | 624.64 Mb Available Physical Memory | 61.59% Memory free
    2.38 Gb Paging File | 2.13 Gb Available in Paging File | 89.59% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.20 Gb Total Space | 118.15 Gb Free Space | 83.09% Space Free | Partition Type: NTFS
    Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.87% Space Free | Partition Type: FAT32

    Computer Name: FURBUS | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner.furbus\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
    PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
    PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
    MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
    MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
    SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
    DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
    DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
    DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
    DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    FF - prefs.js..network.proxy.no_proxies_on: ""

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 16:22:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 11:29:21 | 000,000,000 | ---D | M]

    [2008/12/17 22:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.furbus\Application Data\Mozilla\Extensions
    [2011/10/28 17:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.furbus\Application Data\Mozilla\Firefox\Profiles\65e9x6n0.default\extensions
    [2010/04/28 08:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.furbus\Application Data\Mozilla\Firefox\Profiles\65e9x6n0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/01 18:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/29 00:09:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/14 14:42:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER.FURBUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\65E9X6N0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2010/03/25 16:02:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/10/07 16:22:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/07 16:22:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/11/05 14:30:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - Startup: C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47...abblecubes.cab (ScrabbleCubes Control)
    O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54...ms/zengems.cab (ZenGems Control)
    O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinner.com/games/v41/mines/mines.cab (Mines Control)
    O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53...alornodeal.cab (DealOrNoDeal Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinner.com/games/v47...amesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48...t/brickout.cab (Brickout Control)
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB (PogoWebLauncher Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinner.com/games/v45.../moneylist.cab (MoneyList Control)
    O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinner.com/games/v56...ialpursuit.cab (TrivialPursuit Control)
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46.../bejeweled.cab (Bejeweled Control)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56...rsolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49.../blockwerx.cab (Blockwerx Control)
    O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56...y/jeopardy.cab (Jeopardy Control)
    O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} http://games.myspace.com/gameshell/g.../abcisland.cab (AtlBoxWordCtlAttrib Class)
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41...l/freecell.cab (FreeCell Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/lau...0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/po...esLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46...o/wordmojo.cab (WordMojo Control)
    O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51...weledtwist.cab (BejeweledTwist Control)
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41...an/hangman.cab (Hangman Control)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42...y/tilecity.cab (Tilecity Control)
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50.../dinerdash.cab (DinerDash Control)
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45.../mysterypi.cab (MysteryPI Control)
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47...familyfeud.cab (FamilyFeud Control)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/G...onGameHost.cab (Oberon Flash Game Host)
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44...ol/golfsol.cab (GolfSol Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/bingame/swet/def...a.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DBC8AD6-7628-4E16-BD30-53CED7BA2176}: DhcpNameServer = 68.87.68.166 68.87.74.166
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/03/25 15:08:04 | 000,000,053 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/05 14:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/11/04 15:34:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.furbus\Desktop\OTL.exe
    [2011/11/04 14:45:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/11/04 14:41:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/04 14:41:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/04 14:41:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/04 14:41:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/04 14:41:26 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/11/04 14:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/04 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Administrative Tools
    [2011/11/01 19:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking
    [2011/11/01 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
    [2011/11/01 15:19:08 | 000,000,000 | -HSD | C] -- C:\found.001
    [2011/10/21 19:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.furbus\Application Data\PhotoFiltre
    [2011/10/14 14:16:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/10/13 15:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.furbus\My Documents\october amazon sales

    ========== Files - Modified Within 30 Days ==========

    [2011/11/05 14:48:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/05 14:48:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/05 14:48:12 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/05 14:30:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/11/05 14:26:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/04 15:34:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.furbus\Desktop\OTL.exe
    [2011/11/04 15:15:37 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Desktop\Shortcut to ComboFix.lnk
    [2011/11/04 14:45:09 | 000,000,352 | RHS- | M] () -- C:\boot.ini
    [2011/11/01 19:39:35 | 000,000,312 | ---- | M] () -- C:\Boot.bak
    [2011/11/01 16:19:33 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/11/01 16:19:28 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Desktop\NTREGOPT.lnk
    [2011/11/01 16:19:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Desktop\ERUNT.lnk
    [2011/11/01 14:49:06 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\Install Unlocker.lnk
    [2011/11/01 10:58:33 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/10/23 20:37:20 | 000,012,082 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\description.odt
    [2011/10/23 15:17:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\Adobe Reader 9.lnk
    [2011/10/23 15:16:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/10/19 23:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/10/17 14:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/10/15 15:15:22 | 001,727,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/14 14:18:56 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/14 14:18:56 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/11 17:08:30 | 000,049,188 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Application Data\wklnhst.dat
    [2011/10/11 17:08:30 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\songs.wps

    ========== Files Created - No Company Name ==========

    [2011/11/04 15:15:37 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Desktop\Shortcut to ComboFix.lnk
    [2011/11/04 14:41:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/04 14:41:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/04 14:41:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/04 14:41:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/04 14:41:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/01 16:19:33 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/11/01 16:19:28 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Desktop\NTREGOPT.lnk
    [2011/11/01 16:19:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Desktop\ERUNT.lnk
    [2011/11/01 14:48:57 | 000,001,071 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\My Documents\Install Unlocker.lnk
    [2011/10/23 20:37:20 | 000,012,082 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\My Documents\description.odt
    [2011/10/23 15:17:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\My Documents\Adobe Reader 9.lnk
    [2011/07/21 21:28:03 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2011/01/12 17:19:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\housecall.guid.cache
    [2010/10/07 15:27:22 | 000,070,700 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2008/03/24 14:00:46 | 000,049,188 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Application Data\wklnhst.dat
    [2008/02/27 16:33:15 | 000,001,298 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/07/13 22:15:01 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\fusioncache.dat
    [2007/07/10 23:39:01 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/01 00:49:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2007/02/01 00:06:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/12/02 16:34:23 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
    [2006/12/02 16:26:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/12/02 16:24:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
    [2006/12/02 16:21:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/21 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/21 05:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
    [2006/06/17 05:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/06/17 05:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/06/17 05:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/06/17 05:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2006/06/17 05:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/06/17 05:23:22 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2006/06/17 05:23:22 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/06/17 05:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/06/17 05:23:22 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/06/17 05:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/06/17 05:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/06/17 05:23:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ntlanui.dll
    [2006/06/17 05:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/06/17 05:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/06/17 05:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/06/17 05:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/06/17 05:23:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
    [2006/06/17 05:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/06/17 05:23:08 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
    [2006/06/17 05:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/06/16 22:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/06/16 22:30:47 | 001,727,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    < End of report >
  4. 2011-11-05, 21:21 #14
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi noblemind,

    Good job running OTL.

    Let's try to run ComboFix again, but before you do please delete ComboFix from your Desktop and download a fresh copy from one of the links I provided earlier. Once it finishes, post the log that is created into your next reply.
  5. 2011-11-06, 05:21 #15
    noblemind
    noblemind is offline
    Member
    Join Date
    Mar 2010
    Posts
    33

    Default

    Hey there Jeff,
    I uninstalled the combofix and downloaded and installed a version from link 2. When I ran the program, it got through stage 6, then the computer restarted itself and I never received a log from it. I uninstalled that combofix version and downloaded, installed and ran the combofix from link 1. It too got through stage 6 and then the computer did the same thing as the last. That is all that I have done; thought I should post that to you.
  6. 2011-11-06, 18:01 #16
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi noblemind,

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    ----------

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



    The log can also be found here:
    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------

    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Push Finish

    http://www.eset.com/onlinescan/
    ----------

    In your next reply please post the logs created by OTL, Malwarebytes and ESET online scanner.
  7. 2011-11-06, 18:31 #17
    noblemind
    noblemind is offline
    Member
    Join Date
    Mar 2010
    Posts
    33

    Default

    Here is my new log:

    OTL logfile created on: 11/6/2011 12:24:04 PM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.furbus\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.11 Mb Total Physical Memory | 619.91 Mb Available Physical Memory | 61.13% Memory free
    2.38 Gb Paging File | 2.14 Gb Available in Paging File | 89.70% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.20 Gb Total Space | 118.08 Gb Free Space | 83.04% Space Free | Partition Type: NTFS
    Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.87% Space Free | Partition Type: FAT32

    Computer Name: FURBUS | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner.furbus\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
    PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
    PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
    MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
    MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
    SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
    DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
    DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
    DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
    DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    FF - prefs.js..network.proxy.no_proxies_on: ""

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 15:22:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 10:29:21 | 000,000,000 | ---D | M]

    [2008/12/17 21:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.furbus\Application Data\Mozilla\Extensions
    [2011/10/28 16:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.furbus\Application Data\Mozilla\Firefox\Profiles\65e9x6n0.default\extensions
    [2010/04/28 07:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.furbus\Application Data\Mozilla\Firefox\Profiles\65e9x6n0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/01 17:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/28 23:09:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/14 13:42:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER.FURBUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\65E9X6N0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2010/03/25 15:02:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/10/07 15:22:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/07 15:22:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/11/05 13:30:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - Startup: C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47...abblecubes.cab (ScrabbleCubes Control)
    O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54...ms/zengems.cab (ZenGems Control)
    O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinner.com/games/v41/mines/mines.cab (Mines Control)
    O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53...alornodeal.cab (DealOrNoDeal Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinner.com/games/v47...amesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48...t/brickout.cab (Brickout Control)
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB (PogoWebLauncher Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinner.com/games/v45.../moneylist.cab (MoneyList Control)
    O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinner.com/games/v56...ialpursuit.cab (TrivialPursuit Control)
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46.../bejeweled.cab (Bejeweled Control)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56...rsolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49.../blockwerx.cab (Blockwerx Control)
    O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56...y/jeopardy.cab (Jeopardy Control)
    O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} http://games.myspace.com/gameshell/g.../abcisland.cab (AtlBoxWordCtlAttrib Class)
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41...l/freecell.cab (FreeCell Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/lau...0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/po...esLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46...o/wordmojo.cab (WordMojo Control)
    O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51...weledtwist.cab (BejeweledTwist Control)
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41...an/hangman.cab (Hangman Control)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42...y/tilecity.cab (Tilecity Control)
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50.../dinerdash.cab (DinerDash Control)
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45.../mysterypi.cab (MysteryPI Control)
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47...familyfeud.cab (FamilyFeud Control)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/G...onGameHost.cab (Oberon Flash Game Host)
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44...ol/golfsol.cab (GolfSol Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/bingame/swet/def...a.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DBC8AD6-7628-4E16-BD30-53CED7BA2176}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/03/25 15:08:04 | 000,000,053 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/05 23:07:12 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/11/05 13:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/11/04 14:34:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.furbus\Desktop\OTL.exe
    [2011/11/04 13:45:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/11/04 13:41:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/04 13:41:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/04 13:41:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/04 13:41:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/04 13:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Administrative Tools
    [2011/11/01 18:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking
    [2011/11/01 18:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
    [2011/11/01 14:19:08 | 000,000,000 | -HSD | C] -- C:\found.001
    [2011/10/21 18:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.furbus\Application Data\PhotoFiltre
    [2011/10/14 13:16:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/10/13 14:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.furbus\My Documents\october amazon sales

    ========== Files - Modified Within 30 Days ==========

    [2011/11/06 12:27:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/06 12:22:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/06 12:22:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/06 12:22:35 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/05 13:30:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/11/04 14:34:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.furbus\Desktop\OTL.exe
    [2011/11/04 13:45:09 | 000,000,352 | RHS- | M] () -- C:\boot.ini
    [2011/11/01 18:39:35 | 000,000,312 | ---- | M] () -- C:\Boot.bak
    [2011/11/01 15:19:33 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/11/01 15:19:28 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Desktop\NTREGOPT.lnk
    [2011/11/01 15:19:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Desktop\ERUNT.lnk
    [2011/11/01 13:49:06 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\Install Unlocker.lnk
    [2011/11/01 09:58:33 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/10/23 19:37:20 | 000,012,082 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\description.odt
    [2011/10/23 14:17:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\Adobe Reader 9.lnk
    [2011/10/23 14:16:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/10/19 22:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/10/17 13:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/10/15 14:15:22 | 001,727,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/14 13:18:56 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/14 13:18:56 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/11 16:08:30 | 000,049,188 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\Application Data\wklnhst.dat
    [2011/10/11 16:08:30 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner.furbus\My Documents\songs.wps

    ========== Files Created - No Company Name ==========

    [2011/11/04 13:41:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/04 13:41:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/04 13:41:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/04 13:41:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/04 13:41:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/01 15:19:33 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/11/01 15:19:28 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Desktop\NTREGOPT.lnk
    [2011/11/01 15:19:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Desktop\ERUNT.lnk
    [2011/11/01 13:48:57 | 000,001,071 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\My Documents\Install Unlocker.lnk
    [2011/10/23 19:37:20 | 000,012,082 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\My Documents\description.odt
    [2011/10/23 14:17:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\My Documents\Adobe Reader 9.lnk
    [2011/07/21 20:28:03 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2011/01/12 16:19:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\housecall.guid.cache
    [2010/10/07 14:27:22 | 000,070,700 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2008/03/24 13:00:46 | 000,049,188 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Application Data\wklnhst.dat
    [2008/02/27 15:33:15 | 000,001,298 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/07/13 21:15:01 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\fusioncache.dat
    [2007/07/10 22:39:01 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner.furbus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/01/31 23:49:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2007/01/31 23:06:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/12/02 15:34:23 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
    [2006/12/02 15:26:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/12/02 15:24:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
    [2006/12/02 15:21:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/21 04:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
    [2006/06/17 04:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/06/17 04:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/06/17 04:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2006/06/17 04:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/06/17 04:23:22 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2006/06/17 04:23:22 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/06/17 04:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/06/17 04:23:22 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/06/17 04:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/06/17 04:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/06/17 04:23:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ntlanui.dll
    [2006/06/17 04:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/06/17 04:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/06/17 04:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/06/17 04:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/06/17 04:23:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
    [2006/06/17 04:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/06/17 04:23:08 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
    [2006/06/17 04:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/06/16 21:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/06/16 21:30:47 | 001,727,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    < End of report >
  8. 2011-11-06, 23:39 #18
    noblemind
    noblemind is offline
    Member
    Join Date
    Mar 2010
    Posts
    33

    Default

    Hi Jeff,
    I tried to run the malwarebytes and the ESET, but the computer restarted itself each time I tried to run them. I also got an error message saying that there is a windows system file that is corrupted. I was considering using my system restore disk, as I do not really have any programs that I cannot reinstall. I wanted to run that past you first before I do use it.
  9. 2011-11-07, 00:22 #19
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi noblemind,

    First open an elevated command prompt > Click Start and type cmd in Start Search.
    When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.


    Copy the contents of the code box > right click in the command window and select paste
    Code:
    sfc /scannow
    Press Enter
  10. 2011-11-07, 03:20 #20
    noblemind
    noblemind is offline
    Member
    Join Date
    Mar 2010
    Posts
    33

    Default

    I attempted to restore the computer and it blue-screened again and restarted.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules