spyware issues

View previous topic View next topic Go down

Re: spyware issues

Post by craigy crawford on Thu Jul 07, 2011 1:43 pm

OTL logfile created on: 7/7/2011 2:33:55 PM - Run 5
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\william\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.03% Memory free
3.74 Gb Paging File | 2.72 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 110.19 Gb Free Space | 74.94% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: william | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/22 20:30:19 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/17 20:53:53 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/12 16:02:20 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/04/03 15:34:20 | 000,733,184 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
PRC - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe


========== Modules (SafeList) ==========

MOD - [2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/06/22 17:16:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/12 18:05:27 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/06/12 01:28:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/11 19:54:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/09 15:52:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/06/09 15:52:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/06/09 15:52:39 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/09 15:52:39 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/06/09 15:52:39 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/06/09 15:52:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/06/09 15:52:39 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/06/04 23:49:16 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100909.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/01/20 22:18:24 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/24 09:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/07/03 23:09:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/08 12:39:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/19 04:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/25 13:52:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {70A38074-97A6-45DA-B1A1-34B0A34DC3FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [You must be registered and logged in to see this link.] (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6602D627-F946-4A6E-BD5F-DCF8A0FB8AD1} [You must be registered and logged in to see this link.] (FIR ActiveX Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 00:10:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\william\Desktop\aswMBR.exe
[2011/07/04 00:04:10 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/07/04 00:04:10 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/07/04 00:04:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/07/04 00:04:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/07/04 00:04:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/07/04 00:04:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/07/03 23:13:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
[2011/07/02 19:05:50 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2011/06/29 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/06/29 18:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/06/29 18:13:13 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Panda Security
[2011/06/29 18:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/06/29 18:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/06/29 18:10:56 | 000,000,000 | ---D | C] -- C:\temp
[2011/06/26 23:48:08 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\to be sorted
[2011/06/26 22:59:03 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\craigy crawford
[2011/06/26 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/26 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{F7F62BC0-275E-42F7-A1D7-6F28D1469D8C}
[2011/06/26 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\Revo Uninstaller
[2011/06/26 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Malwarebytes
[2011/06/26 08:35:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/26 08:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/26 08:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/26 08:34:56 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/26 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 08:21:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/06/26 08:21:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/06/26 08:21:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/06/26 06:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/06/26 06:53:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/26 06:53:16 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/26 06:49:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/06/26 06:49:19 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/26 06:49:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/26 06:48:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/06/26 06:48:45 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/06/26 06:48:42 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/06/26 06:48:42 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/06/26 06:45:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/26 06:45:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/26 06:45:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/26 06:45:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/26 06:45:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/26 06:45:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/26 06:45:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/26 06:45:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/26 06:45:10 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/26 06:45:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/26 06:45:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/26 06:44:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/06/26 06:44:24 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/06/26 03:53:06 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/06/26 03:53:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/06/26 03:53:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/06/26 03:28:50 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{D180DB35-2EF1-46F5-A5B3-047E0DDDA929}
[2011/06/26 03:24:20 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{E7CA60FF-62B8-4BBC-9361-7242504247EA}
[2011/06/26 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{3529ADE9-1F2E-481E-B0DB-FB10A3474D72}
[2011/06/26 02:10:16 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{7283AACF-51A9-4129-BD30-00C6B17EE51F}
[2011/06/25 15:06:58 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{8DA3618F-5088-4629-9FD2-09B560B95289}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 14:34:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 14:34:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 14:28:51 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 14:27:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/07 14:27:16 | 1504,149,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 03:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 00:12:01 | 000,000,512 | ---- | M] () -- C:\Users\william\Desktop\MBR.dat
[2011/07/06 00:10:14 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\william\Desktop\aswMBR.exe
[2011/07/06 00:05:09 | 003,784,236 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1008000.029\Cat.DB
[2011/07/05 23:57:46 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/03 23:25:26 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/03 23:25:26 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
[2011/06/26 21:01:02 | 000,000,752 | ---- | M] () -- C:\Users\william\Desktop\Revo Uninstaller.lnk
[2011/06/26 08:35:06 | 000,001,097 | ---- | M] () -- C:\Users\william\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 08:35:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 05:02:14 | 000,000,017 | ---- | M] () -- C:\Users\william\AppData\Local\resmon.resmoncfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 00:12:01 | 000,000,512 | ---- | C] () -- C:\Users\william\Desktop\MBR.dat
[2011/06/26 19:40:17 | 000,000,752 | ---- | C] () -- C:\Users\william\Desktop\Revo Uninstaller.lnk
[2011/06/26 08:35:06 | 000,001,097 | ---- | C] () -- C:\Users\william\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 08:35:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 05:02:14 | 000,000,017 | ---- | C] () -- C:\Users\william\AppData\Local\resmon.resmoncfg
[2010/11/08 12:24:44 | 000,165,939 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/09 15:53:35 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/21 08:55:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/12/21 08:55:37 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/22 10:34:36 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

Re: spyware issues

Post by Gabethebabe on Thu Jul 07, 2011 1:58 pm

Did you run this OTL script? It doesnīt appear so.

[You must be registered and logged in to see this link.] wrote:
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Windows\System32\Drivers\NIS
C:\Windows\System32\drivers\SYMEVENT.SYS
C:\Program Files\Common Files\Symantec Shared
C:\Windows\System32\drivers\SymIMV.sys
C:\ProgramData\Norton
C:\Users\william\AppData\Local\{F7F62BC0-275E-42F7-A1D7-6F28D1469D8C}
C:\Users\william\AppData\Local\{D180DB35-2EF1-46F5-A5B3-047E0DDDA929}
C:\Users\william\AppData\Local\{E7CA60FF-62B8-4BBC-9361-7242504247EA}
C:\Users\william\AppData\Local\{3529ADE9-1F2E-481E-B0DB-FB10A3474D72}
C:\Users\william\AppData\Local\{7283AACF-51A9-4129-BD30-00C6B17EE51F}
C:\Users\william\AppData\Local\{8DA3618F-5088-4629-9FD2-09B560B95289}
@C:\ProgramData\Temp:D1B5B4F1

:services
ccHP
SymEvent
eeCtrl
SymEFA
SRTSP
SYMTDI
SYMFW
SYMNDISV
SRTSPX
SymIM
IDSVix86
BHDrvx86

:otl
IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/07/03 23:09:33 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {70A38074-97A6-45DA-B1A1-34B0A34DC3FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

:commands
[reboot]
  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: spyware issues

Post by craigy crawford on Thu Jul 07, 2011 2:18 pm

OTL logfile created on: 7/7/2011 2:33:55 PM - Run 5
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\william\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.03% Memory free
3.74 Gb Paging File | 2.72 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 110.19 Gb Free Space | 74.94% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: william | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/22 20:30:19 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/17 20:53:53 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/12 16:02:20 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/04/03 15:34:20 | 000,733,184 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
PRC - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe


========== Modules (SafeList) ==========

MOD - [2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/06/22 17:16:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/12 18:05:27 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/06/12 01:28:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/11 19:54:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/09 15:52:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/06/09 15:52:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/06/09 15:52:39 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/09 15:52:39 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/06/09 15:52:39 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/06/09 15:52:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/06/09 15:52:39 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/06/04 23:49:16 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100909.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/01/20 22:18:24 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/24 09:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/07/03 23:09:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/08 12:39:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/19 04:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/25 13:52:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {70A38074-97A6-45DA-B1A1-34B0A34DC3FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [You must be registered and logged in to see this link.] (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6602D627-F946-4A6E-BD5F-DCF8A0FB8AD1} [You must be registered and logged in to see this link.] (FIR ActiveX Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 00:10:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\william\Desktop\aswMBR.exe
[2011/07/04 00:04:10 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/07/04 00:04:10 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/07/04 00:04:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/07/04 00:04:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/07/04 00:04:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/07/04 00:04:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/07/03 23:13:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
[2011/07/02 19:05:50 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2011/06/29 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/06/29 18:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/06/29 18:13:13 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Panda Security
[2011/06/29 18:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/06/29 18:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/06/29 18:10:56 | 000,000,000 | ---D | C] -- C:\temp
[2011/06/26 23:48:08 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\to be sorted
[2011/06/26 22:59:03 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\craigy crawford
[2011/06/26 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/26 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{F7F62BC0-275E-42F7-A1D7-6F28D1469D8C}
[2011/06/26 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\Revo Uninstaller
[2011/06/26 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Malwarebytes
[2011/06/26 08:35:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/26 08:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/26 08:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/26 08:34:56 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/26 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 08:21:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/06/26 08:21:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/06/26 08:21:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/06/26 06:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/06/26 06:53:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/26 06:53:16 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/26 06:49:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/06/26 06:49:19 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/26 06:49:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/26 06:48:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/06/26 06:48:45 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/06/26 06:48:42 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/06/26 06:48:42 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/06/26 06:45:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/26 06:45:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/26 06:45:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/26 06:45:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/26 06:45:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/26 06:45:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/26 06:45:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/26 06:45:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/26 06:45:10 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/26 06:45:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/26 06:45:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/26 06:44:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/06/26 06:44:24 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/06/26 03:53:06 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/06/26 03:53:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/06/26 03:53:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/06/26 03:28:50 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{D180DB35-2EF1-46F5-A5B3-047E0DDDA929}
[2011/06/26 03:24:20 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{E7CA60FF-62B8-4BBC-9361-7242504247EA}
[2011/06/26 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{3529ADE9-1F2E-481E-B0DB-FB10A3474D72}
[2011/06/26 02:10:16 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{7283AACF-51A9-4129-BD30-00C6B17EE51F}
[2011/06/25 15:06:58 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Local\{8DA3618F-5088-4629-9FD2-09B560B95289}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 14:34:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 14:34:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 14:28:51 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 14:27:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/07 14:27:16 | 1504,149,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 03:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 00:12:01 | 000,000,512 | ---- | M] () -- C:\Users\william\Desktop\MBR.dat
[2011/07/06 00:10:14 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\william\Desktop\aswMBR.exe
[2011/07/06 00:05:09 | 003,784,236 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1008000.029\Cat.DB
[2011/07/05 23:57:46 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/03 23:25:26 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/03 23:25:26 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
[2011/06/26 21:01:02 | 000,000,752 | ---- | M] () -- C:\Users\william\Desktop\Revo Uninstaller.lnk
[2011/06/26 08:35:06 | 000,001,097 | ---- | M] () -- C:\Users\william\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 08:35:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 05:02:14 | 000,000,017 | ---- | M] () -- C:\Users\william\AppData\Local\resmon.resmoncfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 00:12:01 | 000,000,512 | ---- | C] () -- C:\Users\william\Desktop\MBR.dat
[2011/06/26 19:40:17 | 000,000,752 | ---- | C] () -- C:\Users\william\Desktop\Revo Uninstaller.lnk
[2011/06/26 08:35:06 | 000,001,097 | ---- | C] () -- C:\Users\william\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 08:35:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 05:02:14 | 000,000,017 | ---- | C] () -- C:\Users\william\AppData\Local\resmon.resmoncfg
[2010/11/08 12:24:44 | 000,165,939 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/09 15:53:35 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/21 08:55:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/12/21 08:55:37 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/22 10:34:36 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

Re: spyware issues

Post by craigy crawford on Thu Jul 07, 2011 2:19 pm

OTL Extras logfile created on: 7/7/2011 2:33:55 PM - Run 5
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\william\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.03% Memory free
3.74 Gb Paging File | 2.72 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 110.19 Gb Free Space | 74.94% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: william | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Access" = Microsoft Office Access 2007
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"EXCEL" = Microsoft Office Excel 2007
"Football Manager 2011" = Football Manager 2011
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shop for HP Supplies" = Shop for HP Supplies
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV 0.9.18

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2011 4:04:14 PM | Computer Name = william-PC | Source = System Restore | ID = 8193
Description =

Error - 6/26/2011 4:11:24 PM | Computer Name = william-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 6/26/2011 6:38:23 PM | Computer Name = william-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/26/2011 6:38:23 PM | Computer Name = william-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1702127

Error - 6/26/2011 6:38:23 PM | Computer Name = william-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1702127

Error - 6/27/2011 12:48:52 PM | Computer Name = william-PC | Source = VSS | ID = 8194
Description =

Error - 6/27/2011 5:49:08 PM | Computer Name = william-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/27/2011 5:49:08 PM | Computer Name = william-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15672048

Error - 6/27/2011 5:49:08 PM | Computer Name = william-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15672048

Error - 6/27/2011 5:58:21 PM | Computer Name = william-PC | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 9/4/2010 2:53:44 PM | Computer Name = william-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2767
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/3/2011 6:04:05 PM | Computer Name = william-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/3/2011 6:04:05 PM | Computer Name = william-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/3/2011 6:04:05 PM | Computer Name = william-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/3/2011 6:04:05 PM | Computer Name = william-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/3/2011 6:04:42 PM | Computer Name = william-PC | Source = DCOM | ID = 10005
Description =

Error - 7/3/2011 6:28:11 PM | Computer Name = william-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Update for Windows 7 (KB2547666).

Error - 7/3/2011 6:28:16 PM | Computer Name = william-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Update for Windows 7 (KB2545698).

Error - 7/3/2011 7:01:40 PM | Computer Name = william-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 7/3/2011 7:01:40 PM | Computer Name = william-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 7/3/2011 7:04:51 PM | Computer Name = william-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 x86
(KB2518867).


< End of report >

craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

Re: spyware issues

Post by Gabethebabe on Thu Jul 07, 2011 2:27 pm

Are you pasting the script in the text field and clicking the RUN FIX button??

it doesnīt appear so, because it gives you a completely other type of log.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: spyware issues

Post by craigy crawford on Thu Jul 07, 2011 5:09 pm

you'll have to excuse me gabe im not to clever with all this tech stuff

i did as you asked hope this helps.


========== FILES ==========
File\Folder C:\Windows\System32\Drivers\NIS not found.
File\Folder C:\Windows\System32\drivers\SYMEVENT.SYS not found.
File\Folder C:\Program Files\Common Files\Symantec Shared not found.
File\Folder C:\Windows\System32\drivers\SymIMV.sys not found.
File\Folder C:\ProgramData\Norton not found.
File\Folder C:\Users\william\AppData\Local\{F7F62BC0-275E-42F7-A1D7-6F28D1469D8C} not found.
File\Folder C:\Users\william\AppData\Local\{D180DB35-2EF1-46F5-A5B3-047E0DDDA929} not found.
File\Folder C:\Users\william\AppData\Local\{E7CA60FF-62B8-4BBC-9361-7242504247EA} not found.
File\Folder C:\Users\william\AppData\Local\{3529ADE9-1F2E-481E-B0DB-FB10A3474D72} not found.
File\Folder C:\Users\william\AppData\Local\{7283AACF-51A9-4129-BD30-00C6B17EE51F} not found.
File\Folder C:\Users\william\AppData\Local\{8DA3618F-5088-4629-9FD2-09B560B95289} not found.
Unable to delete ADS C:\ProgramData\Temp:D1B5B4F1 .
========== SERVICES/DRIVERS ==========
Error: No service named ccHP was found to stop!
Service\Driver key ccHP not found.
Error: No service named SymEvent was found to stop!
Service\Driver key SymEvent not found.
Error: No service named eeCtrl was found to stop!
Service\Driver key eeCtrl not found.
Error: No service named SymEFA was found to stop!
Service\Driver key SymEFA not found.
Error: No service named SRTSP was found to stop!
Service\Driver key SRTSP not found.
Error: No service named SYMTDI was found to stop!
Service\Driver key SYMTDI not found.
Error: No service named SYMFW was found to stop!
Service\Driver key SYMFW not found.
Error: No service named SYMNDISV was found to stop!
Service\Driver key SYMNDISV not found.
Error: No service named SRTSPX was found to stop!
Service\Driver key SRTSPX not found.
Error: No service named SymIM was found to stop!
Service\Driver key SymIM not found.
Error: No service named IDSVix86 was found to stop!
Service\Driver key IDSVix86 not found.
Error: No service named BHDrvx86 was found to stop!
Service\Driver key BHDrvx86 not found.
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{70a38074-97a6-45da-b1a1-34b0a34dc3ff} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70a38074-97a6-45da-b1a1-34b0a34dc3ff}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}\ not found.
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{70A38074-97A6-45DA-B1A1-34B0A34DC3FF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70A38074-97A6-45DA-B1A1-34B0A34DC3FF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.25.0 log created on 07072011_180416



craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

Re: spyware issues

Post by Gabethebabe on Fri Jul 08, 2011 6:06 am

You donīt worry about not being a techie. It could be my fault not explaining the things too well Smile

Good! Looks like you run the fixes twice, because it appears to all have been removed.

Could you now run another OTL log (Run Scan) and post it to verify that we have successfully removed all active norton/symantec services from your computer?
You shbould be getting good at running OTL now Big Grin

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: spyware issues

Post by craigy crawford on Fri Jul 08, 2011 2:26 pm

lol haha i am learning something new everyday about this sometimes i need to get my girlfriend to help me though.

OTL logfile created on: 7/8/2011 3:20:18 PM - Run 6
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\william\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.63% Memory free
3.74 Gb Paging File | 2.71 Gb Available in Paging File | 72.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 116.39 Gb Free Space | 79.15% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: william | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/17 20:53:53 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/12 16:02:20 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/04/03 15:34:20 | 000,733,184 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
PRC - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe


========== Modules (SafeList) ==========

MOD - [2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/06/22 17:16:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/24 09:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/08 12:39:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/19 04:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/25 13:52:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [You must be registered and logged in to see this link.] (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6602D627-F946-4A6E-BD5F-DCF8A0FB8AD1} [You must be registered and logged in to see this link.] (FIR ActiveX Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\william\Documents\Sports Interactive
[2011/07/07 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2011/07/07 15:32:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/07/07 15:29:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/07/07 15:01:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 00:10:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\william\Desktop\aswMBR.exe
[2011/07/04 00:04:10 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/07/04 00:04:10 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/07/04 00:04:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/07/04 00:04:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/07/04 00:04:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/07/04 00:04:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/07/03 23:13:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
[2011/07/02 19:05:50 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2011/06/29 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/06/29 18:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/06/29 18:13:13 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Panda Security
[2011/06/29 18:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/06/29 18:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/06/29 18:10:56 | 000,000,000 | ---D | C] -- C:\temp
[2011/06/26 23:48:08 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\to be sorted
[2011/06/26 22:59:03 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\craigy crawford
[2011/06/26 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/26 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\william\Desktop\Revo Uninstaller
[2011/06/26 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\william\AppData\Roaming\Malwarebytes
[2011/06/26 08:35:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/26 08:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/26 08:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/26 08:34:56 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/26 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 08:21:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/06/26 08:21:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/06/26 08:21:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/06/26 06:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/06/26 06:53:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/26 06:53:16 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/26 06:49:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/06/26 06:49:19 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/26 06:49:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/26 06:48:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/06/26 06:48:45 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/06/26 06:48:42 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/06/26 06:48:42 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/06/26 06:45:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/26 06:45:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/26 06:45:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/26 06:45:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/26 06:45:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/26 06:45:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/26 06:45:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/26 06:45:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/26 06:45:10 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/26 06:45:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/26 06:45:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/26 06:44:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/06/26 06:44:24 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/06/26 03:53:06 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/06/26 03:53:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/06/26 03:53:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 15:21:25 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 15:21:24 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 15:16:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 15:16:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 15:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 15:13:21 | 1504,149,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 00:10:14 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\william\Desktop\aswMBR.exe
[2011/07/05 23:57:46 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/03 23:25:26 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/03 23:25:26 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/03 23:13:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\william\Desktop\OTL.exe
[2011/06/26 21:01:02 | 000,000,752 | ---- | M] () -- C:\Users\william\Desktop\Revo Uninstaller.lnk
[2011/06/26 08:35:06 | 000,001,097 | ---- | M] () -- C:\Users\william\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 08:35:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 05:02:14 | 000,000,017 | ---- | M] () -- C:\Users\william\AppData\Local\resmon.resmoncfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 19:40:17 | 000,000,752 | ---- | C] () -- C:\Users\william\Desktop\Revo Uninstaller.lnk
[2011/06/26 08:35:06 | 000,001,097 | ---- | C] () -- C:\Users\william\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 08:35:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 05:02:14 | 000,000,017 | ---- | C] () -- C:\Users\william\AppData\Local\resmon.resmoncfg
[2010/11/08 12:24:44 | 000,165,939 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/09 15:53:35 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/21 08:55:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/12/21 08:55:37 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/22 10:34:36 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat

< End of report >

craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

Re: spyware issues

Post by Gabethebabe on Fri Jul 08, 2011 10:27 pm

Good

All is gone

Now I hope your computer will be more stable.
I think you should try and install a new antivirus. One of those I recommended. Maybe make a system restore point before installing that.

[You must be registered and logged in to see this link.]

If your computer starts crashing again, I think you are going to need a windows troubleshooting expert, which I am not Sad tearing

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: spyware issues

Post by craigy crawford on Sun Jul 10, 2011 12:47 am

thanks Gabe
i downloaded avast and so far so good im unsure about the firewall as i was having all sorts of problems with them conflicting.

yet i still have a little issue.. when i try and do an update for Windows 7 Service Pack 1 it goes half way through the dowload then this error message appears stating a error code (80073712)failed update.

can you help please, craigy




craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

Re: spyware issues

Post by Gabethebabe on Sun Jul 10, 2011 6:58 am

If you have problems with firewalls conflicting, then donīt install one. Windows has its own built-in firewall and it is not bad.

About the WIN7 SP1 error message: this is the typical computer problem that Google will solve for you.

I googled "80073712 failed update" and found this page:
[You must be registered and logged in to see this link.]

See if that helps. If not, try any of the other results. Many have had this problem before you and many have solved it. Just a matter of finding their solution.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: spyware issues

Post by craigy crawford on Sun Jul 10, 2011 11:09 am

ok thanks alot gabe ill try that and let you know how i get on

craigy crawford
Novice
Novice

Status :
Online
Offline

Posts : 20
Joined : 2011-06-26
OS : windows vista

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum