Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
virus
Options
-
25-07-2013 8:31pmhi can someone help i think i have a virus on my laptop its running very slow,pop-ups everywhere,& at times stops me from going online. the name i have noticed is search assistant websearch 1.74 i tried to check this out & some are saying its a virus . any help would be appreciated thanks0
Comments
-
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
ok going to try that now (hope i can do it right i have very little comp exp ) !0
-
OTL logfile created on: 25/07/2013 21:00:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Elaine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 66.05% Memory free
3.74 Gb Paging File | 2.82 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 202.38 Gb Free Space | 87.45% Space Free | Partition Type: NTFS
Drive | 1.46 Gb Total Space | 1.43 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/25 20:55:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Elaine\Downloads\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,312,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/09/22 15:20:28 | 000,437,248 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - [2013/07/23 18:32:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E88597-019C-40BC-A5B6-417EF0672F52}\MpKsle57d19c0.sys -- (MpKsle57d19c0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/03/07 09:49:20 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/12/27 15:57:50 | 000,319,592 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/09/19 15:05:56 | 000,035,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtDashPt.sys -- (RtDashPt)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 CA F1 00 B7 5A CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcllbdofjadllanblcjbnpfgfaljja\1\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (saafe ssaVea) - {0C3E805B-6ABE-5842-B895-D6F70E744B1D} - C:\ProgramData\saafe ssaVea\51e07b2d19bc1.dll ()
O2 - BHO: (SSearcyh-aNewTab) - {58680211-5A0A-4655-32DA-90D7B419A8C2} - C:\ProgramData\SSearcyh-aNewTab\51e07b48de32e.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1128D869-D5CA-43E1-9F73-DD3FC0E39F02}: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9163A812-B42C-45D8-9293-F47B3FC28981}: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\safesa~1\sprote~1.dll) - c:\Program Files\SafeSaver\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Program Files\WebSearch\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/25 18:29:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/23 18:31:40 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Adobe
[2013/07/15 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013/07/15 14:10:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\HpUpdate
[2013/07/15 14:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/07/15 14:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/07/15 14:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/07/15 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\HP
[2013/07/12 22:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSearcyh-aNewTab
[2013/07/12 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SSearcyh-aNewTab
[2013/07/12 22:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/07/12 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
[2013/07/12 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\SafeSaver
[2013/07/12 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafe ssaVea
[2013/07/12 22:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\saafe ssaVea
[2013/07/12 22:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\X86
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\AMD64
[2013/07/12 22:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/07/10 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
[2013/07/10 19:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/07/10 19:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2013/07/10 19:05:40 | 021,331,096 | ---- | C] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
[2013/07/05 18:11:01 | 000,000,000 | -HSD | C] -- C:\found.000
========== Files - Modified Within 30 Days ==========
[2013/07/25 20:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 20:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 20:20:39 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 20:20:39 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 19:42:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 19:42:33 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RtlDashSrvStart.job
[2013/07/25 18:25:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/25 18:25:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/25 18:20:42 | 000,000,822 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/25 18:20:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 18:20:26 | 1876,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 18:21:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/15 19:56:34 | 000,002,436 | ---- | M] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:11:08 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/13 11:33:58 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 11:10:24 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 19:07:20 | 000,000,857 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | M] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/07/10 19:06:06 | 021,331,096 | ---- | M] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
========== Files Created - No Company Name ==========
[2013/07/15 19:56:34 | 000,002,436 | ---- | C] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:13:44 | 000,000,822 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/15 14:11:08 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:48 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/10 19:07:20 | 000,000,857 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | C] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/05/29 12:39:11 | 000,018,944 | ---- | C] () -- C:\Users\Elaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/27 10:27:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2013/05/27 10:27:13 | 002,498,216 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2013/05/27 10:27:13 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2013/05/27 10:27:13 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2013/05/27 10:27:13 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2013/05/26 18:59:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/05/26 18:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/05/25 13:50:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/05/24 18:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/24 17:49:36 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/05/24 17:10:38 | 000,000,680 | ---- | C] () -- C:\Users\Elaine\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/12 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\MusicNet
[2013/07/10 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
========== Purity Check ==========
< End of report >0 -
OTL Extras logfile created on: 25/07/2013 21:00:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Elaine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 66.05% Memory free
3.74 Gb Paging File | 2.82 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 202.38 Gb Free Space | 87.45% Space Free | Partition Type: NTFS
Drive | 1.46 Gb Total Space | 1.43 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CA73B8D-4269-4CD8-A094-D0636AC3FEF2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{549506DC-8AA6-45CD-844B-D1DA581CF01C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63E8DD48-317D-4628-BB61-2F581118EC89}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A02E3247-7BD0-4B32-B2AF-EF160E2BB380}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4ED0977B-BE94-4418-A90F-12665F0DAA0E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{7A77294A-B6C8-4D66-AB91-45576BE2EF6D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{876FEAF7-C1A7-4E6C-A8F3-EEE52BA89B09}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{879666A6-4F3D-4B77-96BA-BA0BC1B907CD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{87A61D43-8C51-41A9-9DDD-B14E1E882322}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{8A056A1A-6B2F-4F7B-BEFC-718EF641AE28}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE73F525-422F-4A8F-BE53-827E018016FC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F1F882FF-B9A3-4B2D-BD3C-9529607C8DC9}" = dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{F93543F1-B5E5-4699-A36C-F95E62A65369}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1" = EZDownloader
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91EA9C6F-1666-4426-9C80-85019A7A0D62}" = RtkDashClientInstaller
"{924C3DC2-8E4E-432E-F973-9A2174A39774}" = saafe ssaVea
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SSearcyh-aNewTab
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"EaseUS Partition Master_is1" = EaseUS Partition Master 9.2.2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PhotoScape" = PhotoScape
"SP_0bdf5975" = SafeSaver 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04/07/2013 09:43:18 | Computer Name = Elaine-PC | Source = ESENT | ID = 455
Description = wuaueng.dll (1092) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 05/07/2013 13:16:31 | Computer Name = Elaine-PC | Source = ESENT | ID = 454
Description = wuaueng.dll (1104) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -509.
Error - 10/07/2013 17:38:03 | Computer Name = Elaine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11/07/2013 19:14:44 | Computer Name = Elaine-PC | Source = EventSystem | ID = 4621
Description =
Error - 15/07/2013 09:53:11 | Computer Name = Elaine-PC | Source = Application Error | ID = 1000
Description = Faulting application HP-DQEX5.exe, version 0.0.0.0, time stamp 0x4ce364d7,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0004a152, process id 0x17e0, application start time
0x01ce815c1df33e28.
Error - 17/07/2013 10:40:57 | Computer Name = Elaine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 17/07/2013 12:33:03 | Computer Name = Elaine-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 28.0.1500.72, time stamp
0x51e03646, faulting module chrome.dll, version 28.0.1500.72, time stamp 0x51e035ce,
exception code 0x80000003, fault offset 0x0060fdf6, process id 0xef4, application
start time 0x01ce830b48b520a6.
Error - 17/07/2013 13:24:38 | Computer Name = Elaine-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 28.0.1500.72, time stamp
0x51e03646, faulting module chrome.dll, version 28.0.1500.72, time stamp 0x51e035ce,
exception code 0x80000003, fault offset 0x0060fdf6, process id 0x6f8, application
start time 0x01ce83127d2f9706.
Error - 24/07/2013 14:29:56 | Computer Name = Elaine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 4c0 Start Time: 01ce889b453a63b0 Termination Time: 40
Error - 24/07/2013 14:30:46 | Computer Name = Elaine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1034 Start Time: 01ce889bcbdad620 Termination Time: 30
[ System Events ]
Error - 25/07/2013 13:03:51 | Computer Name = Elaine-PC | Source = DCOM | ID = 10010
Description =
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:20:34 | Computer Name = Elaine-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:17:24 on 25/07/2013 was unexpected.
Error - 25/07/2013 13:36:28 | Computer Name = Elaine-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source
Path: Signature Type: %%886 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine
Version: Previous Engine Version: Error code: 0x8007042c Error description: The
dependency service or group failed to start.
Error - 25/07/2013 13:36:28 | Computer Name = Elaine-PC | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine. New Engine
Version: Previous Engine Version: Engine Type: %%886 User: NT AUTHORITY\SYSTEM Error
Code: 0x8007042c Error description: The dependency service or group failed to start.
Error - 25/07/2013 13:37:19 | Computer Name = Elaine-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
< End of report >0 -
hope i have done that right0
-
Advertisement
-
open OTL copy and paste this in the custom scan/fixes box
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid...77&lg=EN&cc=IE
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur-esult.info/?l=1...77&lg=EN&cc=IE
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur-esult.info/?l=1...77&lg=EN&cc=IE
CHR - homepage: http://websearch.pur-esult.info/?pid...77&lg=EN&cc=IE
O2 - BHO: (saafe ssaVea) - {0C3E805B-6ABE-5842-B895-D6F70E744B1D} - C:\ProgramData\saafe ssaVea\51e07b2d19bc1.dll ()
O2 - BHO: (SSearcyh-aNewTab) - {58680211-5A0A-4655-32DA-90D7B419A8C2} - C:\ProgramData\SSearcyh-aNewTab\51e07b48de32e.dll ()
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (c:\progra~1\safesa~1\sprote~1.dll) - c:\Program Files\SafeSaver\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Program Files\WebSearch\sprotector.dll ()
[2013/07/12 22:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSearcyh-aNewTab
[2013/07/12 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SSearcyh-aNewTab
[2013/07/12 22:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/07/12 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
[2013/07/12 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\SafeSaver
[2013/07/12 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafe ssaVea
[2013/07/12 22:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\saafe ssaVea
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix post the log it gives0 -
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C3E805B-6ABE-5842-B895-D6F70E744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C3E805B-6ABE-5842-B895-D6F70E744B1D}\ deleted successfully.
C:\ProgramData\saafe ssaVea\51e07b2d19bc1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58680211-5A0A-4655-32DA-90D7B419A8C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58680211-5A0A-4655-32DA-90D7B419A8C2}\ deleted successfully.
C:\ProgramData\SSearcyh-aNewTab\51e07b48de32e.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\safesa~1\sprote~1.dll deleted successfully.
c:\Program Files\SafeSaver\sprotector.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\websea~1\sprote~1.dll deleted successfully.
c:\Program Files\WebSearch\sprotector.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSearcyh-aNewTab folder moved successfully.
C:\ProgramData\SSearcyh-aNewTab folder moved successfully.
C:\ProgramData\StarApp\Setup folder moved successfully.
C:\ProgramData\StarApp folder moved successfully.
C:\Program Files\WebSearch folder moved successfully.
C:\Program Files\SafeSaver folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafe ssaVea folder moved successfully.
C:\ProgramData\saafe ssaVea folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Elaine
->Temp folder emptied: 143688475 bytes
->Temporary Internet Files folder emptied: 254096781 bytes
->Google Chrome cache emptied: 381402524 bytes
->Flash cache emptied: 15241 bytes
User: Public
User: Shauna
->Temp folder emptied: 18764180 bytes
->Temporary Internet Files folder emptied: 36422518 bytes
->FireFox cache emptied: 403783325 bytes
->Google Chrome cache emptied: 361985659 bytes
->Flash cache emptied: 11087 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77456031 bytes
RecycleBin emptied: 6942391 bytes
Total Files Cleaned = 1,607.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Elaine
->Flash cache emptied: 0 bytes
User: Public
User: Shauna
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Elaine
User: Public
User: Shauna
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 07252013_223928
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...0 -
did i do that right0
-
ya, how's it running now, any problems ?0
-
internet explorer seems fine but when i go onto google chrome Ads come up and instead of google it starts up on this link: http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE0
-
Advertisement
-
run adwcleaner
http://www.bleepingcomputer.com/download/adwcleaner/
post the log and tell me if its still there0 -
hi internet explore seems ok but when i go onto google chrome ads come up & instead of google it starts up with this link http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE0
-
oops sorry il do that now0
-
AdwCleaner v2.306 - Logfile created 07/25/2013 at 23:19:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Elaine - ELAINE-PC
# Boot Mode : Normal
# Running from : C:\Users\Elaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5MSW8DX\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Registry is clean.
-\\ Google Chrome v28.0.1500.72
File : C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.22] : icon_url = "hxxp://websearch.pur-esult.info/favicon.ico",
Found [l.25] : keyword = "websearch",
Found [l.29] : search_url = "hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE",
Found [l.2202] : homepage = "hxxp://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE",
Found [l.2614] : urls_to_restore_on_startup = [ "hxxp://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE" ]
File : C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2107 octets] - [25/07/2013 23:19:20]
########## EOF - C:\AdwCleaner[R1].txt - [2167 octets] ##########0 -
hows it running0
-
went onto google chrome & its still there0
-
In my experience you are better off doing a clean install0
-
i feel stupid but i dont know what that means0
-
open otl click quick scan post that log0
-
-
Advertisement
-
OTL logfile created on: 25/07/2013 23:38:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elaine\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 67.57% Memory free
3.74 Gb Paging File | 3.16 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 203.77 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
Drive | 1.46 Gb Total Space | 1.43 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/25 20:55:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe
PRC - [2013/07/23 18:32:36 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/09/22 15:20:28 | 000,437,248 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - [2013/07/23 18:32:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/07/25 22:46:00 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92160FD2-D2C4-4FC5-AF20-7D9183CB6278}\MpKsl8bf83ba4.sys -- (MpKsl8bf83ba4)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/03/07 09:49:20 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/12/27 15:57:50 | 000,319,592 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/09/19 15:05:56 | 000,035,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtDashPt.sys -- (RtDashPt)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 CA F1 00 B7 5A CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
CHR - default_search_provider: suggest_url = http://localhost
CHR - homepage: http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: saafe ssaVea = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcllbdofjadllanblcjbnpfgfaljja\1\
CHR - Extension: Gmail = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/07/25 22:43:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1128D869-D5CA-43E1-9F73-DD3FC0E39F02}: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9163A812-B42C-45D8-9293-F47B3FC28981}: DhcpNameServer = 89.101.160.4 89.101.160.5
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/25 22:39:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/25 20:55:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe
[2013/07/25 18:29:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/23 18:31:40 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Adobe
[2013/07/15 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013/07/15 14:10:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\HpUpdate
[2013/07/15 14:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/07/15 14:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/07/15 14:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/07/15 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\HP
[2013/07/12 22:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\X86
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\AMD64
[2013/07/12 22:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/07/10 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
[2013/07/10 19:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/07/10 19:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2013/07/10 19:05:40 | 021,331,096 | ---- | C] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
[2013/07/05 18:11:01 | 000,000,000 | -HSD | C] -- C:\found.000
========== Files - Modified Within 30 Days ==========
[2013/07/25 23:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 22:50:07 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/25 22:50:07 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/25 22:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 22:46:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 22:46:01 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RtlDashSrvStart.job
[2013/07/25 22:45:51 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 22:45:51 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 22:45:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 22:45:36 | 1876,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 22:43:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/07/25 20:55:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe
[2013/07/25 18:20:42 | 000,000,822 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/23 18:21:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/15 19:56:34 | 000,002,436 | ---- | M] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:11:08 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/13 11:33:58 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 11:10:24 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 19:07:20 | 000,000,857 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | M] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/07/10 19:06:06 | 021,331,096 | ---- | M] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
========== Files Created - No Company Name ==========
[2013/07/15 19:56:34 | 000,002,436 | ---- | C] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:13:44 | 000,000,822 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/15 14:11:08 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:48 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/10 19:07:20 | 000,000,857 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | C] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/05/29 12:39:11 | 000,018,944 | ---- | C] () -- C:\Users\Elaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/27 10:27:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2013/05/27 10:27:13 | 002,498,216 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2013/05/27 10:27:13 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2013/05/27 10:27:13 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2013/05/27 10:27:13 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2013/05/26 18:59:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/05/26 18:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/05/25 13:50:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/05/24 18:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/24 17:49:36 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/05/24 17:10:38 | 000,000,680 | ---- | C] () -- C:\Users\Elaine\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/12 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\MusicNet
[2013/07/10 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
========== Purity Check ==========0 -
should i be running OTL with all windows closed or should i be leaving them open0
-
close chrome when you do this. open otl copy and paste this in the custom scan/fixes box
:OTL
CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.pur-esult.info/?l=1...77&lg=EN&cc=IE
CHR - homepage: http://websearch.pur-esult.info/?pid...77&lg=EN&cc=IE
CHR - Extension: saafe ssaVea = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcllbdofjadllanblcjbnpfgfaljja\1\
click run fix post the log it gives. is it gone from chrome now ?0 -
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcllbdofjadllanblcjbnpfgfaljja\1 not found.
OTL by OldTimer - Version 3.2.69.0 log created on 07252013_2354230 -
didn't work its still there . starting to wreck my head now & i must be wrecking yours !0
-
You could try a clean install :-) or do this all night..0
-
my mistake, OTL wont remove those chrome settings. go to the settings option in chrome, go to the "Search" option > manage search engines, and remove anything with Web Search from there
then go to the extensions tab and remove "saafe ssaVea" from there.0 -
done all that & its still there even though i have removed it0
-
open CCleaner, click the tools tab, in the uninstall part, find these and click run uninstaller
"{924C3DC2-8E4E-432E-F973-9A2174A39774}" = saafe ssaVea
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SSearcyh-aNewTab
"SP_0bdf5975" = SafeSaver 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
if it remains, re-install chrome0 -
Advertisement
-
tried it & it wont let me remove them it just keeps saying :error3 the system cannot find the path specified0
Advertisement