Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by queenslander

  1. Do you have any ideas about where the OAP/Avast conflict is, and is there a workaround? I have done a search on Avast forum, but nothing came up.
  2. Another edit. I removed Avast from the OA exclusions and it all slowed down again, although not as much as removing the OA exclusion in Avast and having no exclusions in either.
  3. Wow, OA disabled and it made a HUGE difference to the speed on internet loading. superxv.com was as painfully slow as a dial up connection, now it comes up in no time. I am reluctant to add Avast to OA exceptions as I am given to understand that doing so negates Banking Mode. Would adding OA to Avast exceptions do the same? Edit: So,this technically challenged and cowardly old fart took the bull by the horns and excluded OA in Avast and Avast in OA. It did make some difference to the speed (roughly half as quick), but not as much as disabling OA
  4. I hope that I got this attchment right Kevin as the zip icon didn't show on the "Log" folder when I browsed to it. Edit I tried to clear the wrong file, but it wouldn't go away. Appologies for the stuff up. It's as they say RTBI, - as in Read The Bloody Instructions.
  5. Still running slowly most of the time with the occassional web site being OK. I don't know if there is any significance - in the past, a site wouldn't load until the IE link was clicked a second time, or alternatively the Refresh button. The last two days this has happend more often.
  6. It's old age that made me label the OTL file as May19 instead of May14, well that's my excuse OTL run without a CCleaner run this time.
  7. Files from ADW and JRT attached. This thread no quicker to open from IE favourites link. Edit Having said that, the main and other forums are much quicker
  8. Just a quick note Kevin. It's Mother's Day on Sunday here in Aus, and offspring have turned up to surprise Mum, so will be busy entertaining. I'll run the programs as soon as I can. Appologies for the delay.
  9. Done. To keep things the same, after logging off I ran CCleaner again before running OTL. I happened to notice that during the scan it showed a scan of Yontoo, which I thought I had used Remove Programs to get rid of it.
  10. File attached. This forum not any quicker. After each internet session I run CCleaner to remove Internet cookies and temp files and System temp files. Is this having a negtive effect on anything? I really appreciate all your ongoing help, and especially patience
  11. OTL scan with no changes in the settings
  12. Sorry about pasting mate. This was my first port of call today. I got interupted and had to log off. When I came back, the screenshots TDSS.3, .5, and .7 wouldn't load. Anyway, I copied your post to a Word file to have it handy to refer to if needed. All the .png shots appeared in the Word file. Weird? TDSSKiller ran successfully, with 14 suspicious files found I also said "Yes" to TDSS being added to the Autoruns. Is that OK? And keep getting the window attached (called Warning) about leaving a secure site. Can I set that to "Ignore" with safety? Log dutifully attached
  13. Combofix log, as requested. Gee I'm glad that you know what it all means OA Premium said Combofix want to be added to the Autoruns. I said "Yes" - is that OK? Using the Main Forum as a measure, not running any faster ComboFix 13-05-04.01 - HP_Administrator 05/05/2013 16:31:38.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1180 [GMT 10:00] Running from: c:\documents and settings\HP_Administrator\Desktop\EEK\Combo-Fix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\WINDOWS c:\documents and settings\UpdatusUser\WINDOWS c:\program files\xp-AntiSpy c:\program files\xp-AntiSpy\Uninstall.exe c:\program files\xp-AntiSpy\xp-AntiSpy.chm c:\program files\xp-AntiSpy\xp-AntiSpy.exe c:\program files\xp-AntiSpy\xp-AntiSpy.url c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\FF05DA0D.dll c:\windows\system32\ps2.bat c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_usnjsvc . . ((((((((((((((((((((((((( Files Created from 2013-04-05 to 2013-05-05 ))))))))))))))))))))))))))))))) . . 2013-05-04 03:02 . 2013-05-04 03:02 -------- d-----w- C:\_OTL 2013-05-04 02:48 . 2013-05-04 02:48 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-04 02:48 . 2013-05-04 02:48 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-04 02:47 . 2013-05-04 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2013-04-26 06:14 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-04-26 06:14 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-04-26 06:14 . 2013-03-06 23:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-04-26 06:13 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-04-26 06:13 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-04-26 06:13 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-26 06:13 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-26 06:13 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-04-26 06:12 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr 2013-04-26 00:21 . 2013-04-26 00:21 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-26 00:15 . 2013-04-26 00:15 -------- d-----w- C:\Driver 2013-04-26 00:15 . 2013-04-26 00:16 -------- d-----w- c:\program files\Common Files\Ulead Systems 2013-04-26 00:15 . 2013-04-26 00:15 -------- d-----w- c:\program files\Ulead Systems 2013-04-26 00:15 . 2013-04-26 00:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yontoo 2013-04-26 00:15 . 2013-04-26 00:15 -------- d-----w- c:\program files\Yontoo 2013-04-26 00:14 . 2013-04-26 00:14 -------- d-----w- c:\windows\system32\searchplugins 2013-04-26 00:14 . 2013-04-26 00:14 -------- d-----w- c:\windows\system32\Extensions 2013-04-23 02:56 . 2013-04-26 00:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Foxit Software 2013-04-23 02:56 . 2013-04-23 02:56 -------- d-----w- c:\program files\Foxit Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-04 02:48 . 2012-04-21 03:44 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-04 02:48 . 2012-04-21 03:44 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-06 23:32 . 2013-03-04 03:12 228600 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-28 01:52 . 2012-03-02 03:21 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yontoo Desktop"="c:\documents and settings\HP_Administrator\Application Data\Yontoo\YontooDesktop.exe" [2013-03-06 42784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2012-10-03 2415104] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464] "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-11 98304] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] . c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-17 823296] Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-17 65536] Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-17 102400] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2012-10-03 366440] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 4" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 01:43 69632 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP] 2005-08-02 13:19 77312 ----a-w- c:\windows\arpwrmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 10:56 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-06-09 10:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] 2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2004-08-10 11:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2005-05-04 14:21 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2005-05-11 00:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] 2004-08-10 11:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2004-08-10 11:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 2004-08-10 11:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2004-04-14 20:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] 2002-02-04 12:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2004-12-13 15:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-06-08 21:42 14565376 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-10-11 06:39 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [26/04/2013 4:13 PM 49248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/04/2013 4:13 PM 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/04/2013 4:14 PM 368176] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [11/10/2006 4:08 PM 4064] R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [11/10/2005 4:19 PM 11970] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/08/2009 11:55 AM 208320] R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [20/09/2010 3:08 PM 44992] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/08/2009 11:55 AM 27648] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/08/2009 11:55 AM 31920] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 2:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 7:55 AM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 9:38 AM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/04/2013 4:14 PM 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [26/04/2013 4:13 PM 66336] R2 BrowserProtect;BrowserProtect;c:\documents and settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [27/04/2013 11:14 AM 2569168] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/08/2009 11:55 AM 216072] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\OAsrv.exe [19/09/2011 11:47 AM 4463864] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [11/10/2005 4:19 PM 133696] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [11/10/2005 4:19 PM 296515] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [11/10/2005 4:19 PM 140865] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [11/10/2005 4:19 PM 613204] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [11/10/2005 4:19 PM 30528] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [26/04/2013 4:13 PM 164736] S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [18/03/2006 10:39 AM 18088] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-08-22 04:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 04:18] . 2013-05-05 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-26 23:32] . 2006-04-09 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 06:46] . 2013-05-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 03:55] . 2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:49] . 2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:49] . 2013-05-04 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 07:04] . 2013-05-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 07:04] . 2013-05-05 c:\windows\Tasks\User_Feed_Synchronization-{544A588C-2ADA-42F4-A6D0-B0F583251023}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 18:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q405&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q405&bd=pavilion&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 TCP: Interfaces\{DE35CCC2-20D1-40DE-8806-54D8B888379D}: NameServer = FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xycyw5aw.default\ FF - prefs.js: browser.search.selectedEngine - Delta Search FF - prefs.js: browser.startup.homepage - hxxp://go.bigpond.com/home/index.jsp FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 8ccd12370000000000000013d4d5e602 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15772 FF - user.js: extensions.delta.vrsn - FF - user.js: extensions.delta.vrsni - FF - user.js: extensions.delta.vrsnTs - FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0\bin\jusched.exe AddRemove-12133444-BF36-4d4e-B7FB-A3424C645DE4 - c:\program files\GemMaster\uninstallgemmaster.exe AddRemove-B3EE3001-DC24-4cd1-8743-5692C716659F - c:\program files\EnglishOtto\uninstallotto.exe AddRemove-HijackThis - c:\docume~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 3 for HiJackThis.zip\HijackThis.exe AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-05 16:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-614357371-1467982061-3277721984-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3408) c:\windows\system32\WININET.dll c:\program files\NVIDIA Corporation\nView\nview.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\windows\arservice.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\dllhost.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\rundll32.exe c:\program files\Tall Emu\Online Armor\OAhlp.exe . ************************************************************************** . Completion time: 2013-05-05 16:55:01 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-05 06:54 . Pre-Run: 91,124,756,480 bytes free Post-Run: 90,944,131,072 bytes free . - - End Of File - - 07D637BDAC706467027F157B382E3DDC
  14. Done. Computer running marginally quicker, but that could be due to 1. phone line problems in recent days. Telco says they are all fixed now 2. probably need to clean up the old machine. All processes killed ========== OTL ========== Service Yontoo Desktop Updater stopped successfully! Service Yontoo Desktop Updater deleted successfully! File File not found not found. Service WMPNetworkSvc stopped successfully! Service WMPNetworkSvc deleted successfully! File File not found not found. Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Service SASENUM stopped successfully! Service SASENUM deleted successfully! File C:\Program Files\SUPERAntiSpyware\SASENUM.SYS File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! File File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Service BDRsDrv stopped successfully! Service BDRsDrv deleted successfully! File C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys File not found not found. Service BDFsDrv stopped successfully! Service BDFsDrv deleted successfully! File C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Family Tree Builder Installer deleted successfully. Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616} C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WPDShServiceObj deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\ not found. D:\Autorun.inf moved successfully. C:\WINDOWS\msdownld.tmp folder deleted successfully. Unable to delete ADS C:\Documents and Settings\HP_Administrator\My Documents\ZippedVideoCameraDriver.zip: SummaryInformation . ========== FILES ========== C:\WINDOWS\system32\sub.mgf moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 728073 bytes ->Temporary Internet Files folder emptied: 517316 bytes User: All Users User: Default User ->Temp folder emptied: 18150 bytes ->Temporary Internet Files folder emptied: 32768 bytes ->Flash cache emptied: 84 bytes User: HP_Administrator ->Temp folder emptied: 273907 bytes ->Temporary Internet Files folder emptied: 5894458 bytes ->Java cache emptied: 109193855 bytes ->FireFox cache emptied: 504850950 bytes ->Flash cache emptied: 31891 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 2936317 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: UpdatusUser ->Temp folder emptied: 18150 bytes ->Temporary Internet Files folder emptied: 32768 bytes ->Flash cache emptied: 84 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 283900982 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 150793754 bytes Total Files Cleaned = 1,010.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User ->Flash cache emptied: 0 bytes User: HP_Administrator ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User User: HP_Administrator ->Java cache emptied: 0 bytes User: LocalService User: NetworkService User: UpdatusUser Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version log created on 05042013_130221 Files\Folders moved on Reboot... C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Word8.0\MSForms.exd moved successfully. File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6372.tmp not found! File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF940.tmp not found! File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB9C.tmp not found! C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~WRD0001.doc moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~WRF0000.tmp moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\JGHUI74T\BFYYPB1F\Offline\0x00000001_R moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\JGHUI74T\BFYYPB1F\Offline\0x00000003_R moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\JGHUI74T\BFYYPB1F\Offline\HashFile.dat moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\10955CC2.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\1CC9B96C.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\58795A20.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\697D01DB.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\6DC4E693.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\8B394778.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\9B99652E.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\A53253A1.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\BA1B8A1F.jsp moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\C3879E5A.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\DF1A7119.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\E6987757.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\E8D8B446.wmf moved successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.MSO\F1AB727D.wmf moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  15. All went well until I tried to attach C:\_OTL I did a "Send to" to send it to My Documents. There's a folder there called OTL and when I open it there's another folder called "Moved Files". Open that and there's another folder 05042013 130221 and a text document 05042013 130221. I'm assuming that it is the text document that you want, but when I try to attach it there is an error message "Error No file was selected for upload." Clicking on the Moved file folder shows as per the attached file, and I have no idea what to do with that, or how to get the OTL file to you Trust me to stuff things up!
  16. These are the reports requested. And the file in my original post did not appear in the list of files found?? Many thanks for ongoing assistance.
  17. I downloaded the Emergency Kit, and when I tried to unzip I got this error message. Yet when I looked at the Properties it showed this:- This 74yr old pensioner is now confused and lost, and doesn't know what to do. All help will be much appreciated. It will be tomorrow before I can come back here. Sorry for the trouble I'm causing.
  18. I ran the emergency kit yesterday and it found - c:\windows\system32\sub,mgf. There was a message that it could not be removed and to post in the support forum for help in removing it. help please. There were also two files (i forgot to write their names) that it was suggested that I submit them for analasys, which I did. Will you guys know it came from me, and will I get feedback on them. TIA
  19. If Banking Mode doesn't work properly and my account gets emptied, I'm stuffed. I appreciate the help about Avast, and have previously sorted it out via their forum Cheers
  20. The idea of having Banking Mode functioning is to protect my banking activities - isn't it? So why neutralise it and leave myself at risk?
  21. Thanks GT, especially for the list of OA to exclude in Avast. I don't really want to exclude Avast in OA as I read in one post somewhere that Banking Mode doesn't work when that is done.
  22. Bet your life he does This morning I was unable to get on to the internet, and wanted to see if Banking Mode had been left on by accident. Right click the icon didn't work, nor did any other click on OA icons. So my simple mind said "OA has locked up for some reason.Uninstal it and start again with a new instal" Went to All Programs > OA > uninstal. The little green and yellow boxes did their thing, then nothing. Went to Control Panel .> Add remove programs > Remove OA. The window initiall said "Size 154MB; Used - Rarely; Last used 7/1/2010 Tried the Remove function and got the error message C:\Prog Files\Tall Emu\Online Armour\uninstal 900.dat could not be opened, Cannot uninstal. Remove error 5 Went to Set Program Access and Defaults. Didn't mean a thing to me, so went to the Add Remove Programs link in that window. > OA > and the window said Last used 26/04/2013. Same error as before about Remove error 5. So I went back to a system restore for 1st April, did a manual update of Signatures and Rules and all seems to be well now with OA. However, the Avast Free anti-virus tells me that my trail period for Avast Pro has not been activated. That doesn't surprise me as I haven't activated the trial. I have posted on their forum to find out what the heck has gone on. The only change I have made was to update to the latest version of Foxit Reader on the 23rd Good old Murphy up to his tricks again.
  23. Will do, GT. Although I live on Murphy St, and his law often applies
  24. FYI I was looking at the forum when a window opened up with "OA update and a red X" - I assume the update failed for some reason.. I went to the GUI and updated manually, seemingly OK. From time to time over the last week or so the update has failed, and manual operation was OK.
  25. OOps, sorry. Myappologies, I didn't notice the PM. I'll respond via PMs
  • Create New...