Avast - Win32-adware-gen

[seedy21]

hello

 

My parents Pc have this virus on there computer and am wanting to get rid of it. Avast finds it as a Win32-adware-gen and looks like its controling the WinSock on the pc. It would let the user update any anti-virus software that i run on it. Avast, comodo , ashampoo anti-malware , Malwarebytes' Anti-Malware nothing. I have tried to remove the virus with avast, yes it does remove it (it says) and reboots the pc and then the problems come. It would let you connect to the internet although it lets you connect to the ISP.

 

Current antivirus on pc Comodo free

 

Am going to run hjackthis and post it in 5 minutes

 

Hope you can help and hope starbucks can :D

 

Seedy21

[seedy21]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:16:27, on 26/07/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

K:\StartCodySafe.exe

K:\CodySafe\Launcher.exe

K:\PortableApps\Mx One.exe

K:\Program Files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing UK

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Search Marketing UK

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Internet Explorer Plugin - {AAE3E3EC-9663-4953-9B95-DE5B85912782} - splv3.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing)

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S24B.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ashampoo Anti-Malware Guard] "K:\Program Files\Ashampoo Anti-Malware\AAMW_Guard.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{293984DE-740C-443B-8FA6-AA116C38C545}: NameServer = 212.139.132.105 212.139.132.107

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe

O23 - Service: Ashampoo Anti-Malware Service (AAMWService) - Unknown owner - K:\Program Files\Ashampoo Anti-Malware\AAMW_Service.exe

O23 - Service: Ashampoo Anti-Malware WSC Service (AAMW_WSC_Service_XP) - Unknown owner - K:\Program Files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 11117 bytes

 

 

OS windows Xp Home SP3

[schrauber]

Hello, seedy21

Welcome to the FreePcHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

 

 

 

Please take note of some guidelines for this fix:

 

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  
• Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.
  

 

 

 

 

 

 

 

1. Please download OTL from one of the following mirrors:
   
   • This is THE Mirror
     

 

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

• OTL.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

 

 

 

 

 

 

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

 

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "No", save the log and post back the results.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

 

 

 

 

 

 

Download MBRCheck.exe to your desktop

XP users > double click on MBRCheck.exe to run it

Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator

It will show a black screen with some data on it

Click on the black C:\ in the upper left hand corner of the black screen

Choose Edit > Select All > Press Enter to copy the data to your clip board

Press Enter again to close MBRCheck

Now open up notepad or wordpad and paste the data in (press Control+V)

 

Post the results in your reply

[seedy21]

OTL logfile created on: 27/07/2010 09:42:18 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

503.00 Mb Total Physical Memory | 318.00 Mb Available Physical Memory | 63.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.39 Gb Total Space | 92.91 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: YOUR-D65BBC6695

Current User Name: HP_Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - [2010/07/27 09:41:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

PRC - [2010/06/02 16:00:48 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2010/06/02 16:00:45 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2010/04/01 15:57:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\HP_Owner\My Documents\a2usb\a2service.exe

PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/06/26 17:13:40 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/06/26 17:13:24 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2006/05/06 13:01:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2004/05/20 10:47:18 | 000,249,856 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe

PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/07/27 09:41:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

MOD - [2010/06/02 16:00:49 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll

MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - File not found [Auto | Stopped] -- K:\Program Files\Ashampoo Anti-Malware\AAMW_Service.exe -- (AAMWService)

SRV - File not found [Auto | Stopped] -- K:\Program Files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe -- (AAMW_WSC_Service_XP)

SRV - [2010/06/02 16:00:48 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2010/04/01 15:57:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe -- (a2free)

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)

SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/06/02 16:00:49 | 000,133,064 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)

DRV - [2010/06/02 16:00:49 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)

DRV - [2010/06/02 16:00:49 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/06 17:05:31 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/02/19 13:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2009/02/19 13:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009/02/19 13:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/02/19 13:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/04/03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)

DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)

DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)

DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)

DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)

DRV - [2005/04/25 02:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)

DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/07/19 18:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2004/07/17 05:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2001/08/17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing UK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Internet Explorer Plugin) - {AAE3E3EC-9663-4953-9B95-DE5B85912782} - File not found

O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found

O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ashampoo Anti-Malware Guard] K:\Program Files\Ashampoo Anti-Malware\AAMW_Guard.exe File not found

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)

O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] File not found

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/01/02 02:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 13:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{6e88eb7a-6314-11de-8bee-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{6e88eb7a-6314-11de-8bee-000e50950826}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6e88eb7a-6314-11de-8bee-000e50950826}\Shell\AutoRun\command - "" = J:\AUTORUN.EXE -- File not found

O33 - MountPoints2\{9d1d1e7e-6f33-11dc-88b3-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{9d1d1e7e-6f33-11dc-88b3-000e50950826}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9d1d1e7e-6f33-11dc-88b3-000e50950826}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{f95f4128-a81b-11dc-8919-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{f95f4128-a81b-11dc-8919-000e50950826}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f95f4129-a81b-11dc-8919-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{f95f4129-a81b-11dc-8919-000e50950826}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17746534284132352)

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010/07/27 09:41:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

[2010/07/26 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\FAST BROWSER SEARCH

[2010/07/26 16:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com

[2010/07/26 16:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/07/26 14:11:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

[2010/07/26 13:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ashampoo

[2010/07/23 22:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\JinglePlayer 1.1

[2010/07/19 10:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\EmsisoftEmergencyKit

[2010/07/19 09:51:20 | 109,029,224 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\HP_Owner\My Documents\ashampoo_anti-malware_1.20_sm.exe

[2010/06/08 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/06/08 19:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/06/07 19:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/06/02 15:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2010/05/23 09:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\NOS

[2010/05/23 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010/07/27 09:41:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

[2010/07/27 09:05:05 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/07/27 09:05:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/07/27 09:04:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/27 09:04:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/27 09:04:25 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/26 20:47:03 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat

[2010/07/26 20:47:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini

[2010/07/26 14:11:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

[2010/07/23 18:17:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/07/23 18:17:33 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/07/22 10:26:40 | 000,008,264 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Christian Seed's CV.rtf

[2010/07/19 09:54:37 | 108,968,331 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\EmsisoftEmergencyKit.zip

[2010/07/19 09:51:36 | 109,029,224 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\HP_Owner\My Documents\ashampoo_anti-malware_1.20_sm.exe

[2010/06/22 10:53:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2010/06/22 10:53:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm

[2010/06/22 10:33:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2010/06/22 10:33:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm

[2010/06/22 10:32:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2010/06/22 10:32:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm

[2010/06/21 10:19:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2010/06/16 17:52:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2010/06/16 17:52:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm

[2010/06/14 15:09:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/06/13 12:13:56 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\HP_Owner\jagex_runescape_preferences.dat

[2010/06/13 12:13:47 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\HP_Owner\jagex_runescape_preferences2.dat

[2010/06/11 19:19:10 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2010/06/11 14:10:16 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/10 18:17:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/08 20:24:55 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/06/07 10:58:23 | 101,928,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\a2usb.zip

[2010/06/02 16:32:18 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Windows Live Messenger.lnk

[2010/06/02 16:13:26 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2010/06/02 16:02:21 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk

[2010/06/02 10:38:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm

[2010/06/02 10:37:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/07/19 09:54:20 | 108,968,331 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\EmsisoftEmergencyKit.zip

[2010/06/14 15:09:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/06/11 19:19:10 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2010/06/07 10:48:38 | 101,928,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\a2usb.zip

[2010/06/02 16:02:21 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk

[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2008/11/07 18:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/09/05 16:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2007/11/10 17:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2006/12/27 13:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2006/12/27 13:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini

[2006/03/04 11:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/10/11 17:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2005/06/05 19:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2005/04/13 20:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2005/01/31 15:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini

[2005/01/01 17:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini

[2005/01/01 17:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini

[2005/01/01 17:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL

[2004/12/28 10:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini

[2004/12/28 10:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2004/12/28 10:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI

[2004/12/28 10:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2004/06/29 06:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/01/02 09:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/01/02 08:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/01/02 06:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2004/01/02 06:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2004/01/02 04:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2004/01/02 04:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2004/01/02 04:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/01/02 04:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/01/02 04:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/01/02 04:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/01/02 03:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2004/01/02 03:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2004/01/02 03:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2004/01/02 03:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2004/01/02 03:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2004/01/02 03:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2004/01/02 03:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/01/02 02:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/01/02 02:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/01/02 02:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/01/02 02:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/01/01 19:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll

[2003/07/16 12:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003/03/06 23:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll

 

========== LOP Check ==========

 

[2010/06/08 19:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/09/30 14:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success

[2009/09/25 21:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training

[2009/06/07 11:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2004/01/02 03:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2009/06/07 12:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2006/12/27 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2010/01/06 09:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/05/03 13:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2009/07/11 14:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}

[2010/03/17 19:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2005/03/31 20:14:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/08/28 22:39:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2008/08/28 22:39:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/08/28 22:39:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2008/08/28 22:39:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

< End of report >

 

OTL Extras logfile created on: 27/07/2010 09:42:18 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

503.00 Mb Total Physical Memory | 318.00 Mb Available Physical Memory | 63.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.39 Gb Total Space | 92.91 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: YOUR-D65BBC6695

Current User Name: HP_Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\yahoo!\messenger\ypager.exe"" = C:\Program Files\yahoo!\messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Documents and Settings\HP_Owner\My Documents\tightvnc-1.3.9_x86\WinVNC.exe" = C:\Documents and Settings\HP_Owner\My Documents\tightvnc-1.3.9_x86\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"C:\Documents and Settings\HP_Owner\Application Data\U3\00001628C3733796\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\HP_Owner\Application Data\U3\00001628C3733796\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium

"{01EEBF41-0FB1-4C85-BAD2-F2D7CF2BE877}" = Travelmanager UK and Ireland 2004

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200

"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600

"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices

"{1B602410-D983-4947-98FE-EE749073D15E}" = GamingHarbor Toolbar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite

"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6DBB0348-544A-42DC-AD30-B8C4B107DD6A}" = SymNet

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0

"{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530

"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER

"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution

"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2

"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0

"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436

"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)

"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"COMODO Internet Security" = COMODO Internet Security

"Cool Edit Pro 2.0" = Cool Edit Pro 2.0

"Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)

"Creative Photo Manager" = Creative Photo Manager

"Creative WebCam Center" = Creative WebCam Center

"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)

"CSN media Jingleplayer" = CSN media Jingleplayer

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"ESDX5000_CX4900 User's Guide" = ESDX5000_CX4900 User's Guide

"GamingHarbor Toolbar" = GamingHarbor Toolbar

"Help and Support Additions" = Help and Support Additions

"HP Photo & Imaging" = HP Image Zone 4.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mplayer.com" = Mplayer.com

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer

"SiS VGA Driver" = SiS VGA Utilities

"Trillian" = Trillian

"Ulead iPhoto Express 1.1" = Ulead iPhoto Express 1.1

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WebCam Instant Product Registration" = WebCam Instant Product Registration

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip Self-Extractor" = WinZip Self-Extractor

"XviD" = XviD MPEG-4 Codec

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 27/07/2010 04:06:41 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 27/07/2010 04:07:08 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 27/07/2010 04:07:08 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 27/07/2010 04:07:09 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 27/07/2010 04:07:09 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 27/07/2010 04:07:12 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 27/07/2010 04:07:12 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 27/07/2010 04:07:13 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 27/07/2010 04:07:13 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 27/07/2010 04:07:14 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

[ System Events ]

Error - 21/06/2010 04:22:02 | Computer Name = YOUR-D65BBC6695 | Source = ipnathlp | ID = 30013

Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since

the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses

are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,

please

change the scope to include the IP address, or change the IP address to fall within

the scope.

 

Error - 21/06/2010 04:25:13 | Computer Name = YOUR-D65BBC6695 | Source = ipnathlp | ID = 30013

Description = The DHCP allocator has disabled itself on IP address 169.254.139.196,

since

the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses

are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,

please

change the scope to include the IP address, or change the IP address to fall within

the scope.

 

Error - 21/06/2010 04:52:08 | Computer Name = YOUR-D65BBC6695 | Source = ipnathlp | ID = 31012

Description = The DNS proxy agent encountered an error while obtaining the local

list of name-resolution servers. Some DNS or WINS servers may be inaccessible to

clients on the local network. The data is the error code.

 

Error - 21/06/2010 04:52:08 | Computer Name = YOUR-D65BBC6695 | Source = ipnathlp | ID = 31012

Description = The DNS proxy agent encountered an error while obtaining the local

list of name-resolution servers. Some DNS or WINS servers may be inaccessible to

clients on the local network. The data is the error code.

 

Error - 21/06/2010 04:52:16 | Computer Name = YOUR-D65BBC6695 | Source = ipnathlp | ID = 31012

Description = The DNS proxy agent encountered an error while obtaining the local

list of name-resolution servers. Some DNS or WINS servers may be inaccessible to

clients on the local network. The data is the error code.

 

Error - 26/07/2010 09:14:51 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7034

Description = The Ashampoo Anti-Malware Service service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 26/07/2010 12:18:58 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware Service service failed to start due to the

following error: %%3

 

Error - 26/07/2010 12:18:58 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware WSC Service service failed to start due

to the following error: %%3

 

Error - 27/07/2010 04:04:36 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware Service service failed to start due to the

following error: %%3

 

Error - 27/07/2010 04:04:36 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware WSC Service service failed to start due

to the following error: %%3

 

 

< End of report >

 

 

Going to run the other 2 know and ill post back when there are complete

 

Seedy21

[seedy21]

The Report for Gmer Is RapidShare: 1-CLICK Web hosting - Easy Filehosting

 

I couldnt post it on here as the file size is too big and cant post as i would be htere for days lol

 

 

 

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

After completing this i tryied connecting to the internet to post this and when i did i couldnt browse the web something about could not connect and run the diainostic tool in internet explorer. I pinged google and that worked too. I have to restart the computer to get it working again

 

Thanks for the help so far Tom :D

 

Seedy21

[schrauber]

Hi,

 

 

http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

 

Double Click mbam-setup.exe to install the application.

 

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

 

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

 

 

 

 

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[seedy21]

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29/07/2010 14:22:53

mbam-log-2010-07-29 (14-22-53).txt

Scan type: Quick scan

Objects scanned: 162632

Time elapsed: 29 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{94ea03c3-5988-4428-a5bf-5ab34c82c806} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{aae3e3ec-9663-4953-9b95-de5b85912782} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{94ea03c3-5988-4428-a5bf-5ab34c82c806} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aae3e3ec-9663-4953-9b95-de5b85912782} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0b9b6dea-57f3-4d5e-adf8-1c23062fcc8a} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{0b9b6dea-57f3-4d5e-adf8-1c23062fcc8a} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{94ea03c3-5988-4428-a5bf-5ab34c82c806} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{aae3e3ec-9663-4953-9b95-de5b85912782} (Password.Stealer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aae3e3ec-9663-4953-9b95-de5b85912782} (Password.Stealer) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

 

 

I cant run the download scanner as it cant download the virus database. I think am going to run superantispyware and see what that comes up with

 

Thanks tom

 

Seedy21

[seedy21]

Good idea that i had to scan it with SAS it found over 200 threats that malwarebytes didnt

 

heres the log

 

 

SUPERAntiSpyware Scan Log

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 07/29/2010 at 02:57 PM

Application Version : 4.41.1000

Core Rules Database Version : 5283

Trace Rules Database Version: 3095

Scan type : Quick Scan

Total Scan Time : 00:23:41

Memory items scanned : 488

Memory threats detected : 0

Registry items scanned : 1801

Registry threats detected : 44

File items scanned : 12466

File threats detected : 203

Adware.HBHelper

HKU\S-1-5-21-3161066389-1223575792-422791487-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

HKCR\URLSearchHook.ToolbarURLSearchHook.1

HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID

HKCR\URLSearchHook.ToolbarURLSearchHook

HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS

HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR

C:\PROGRAM FILES\FAST BROWSER SEARCH\IE\TBHELPER.DLL

HKU\S-1-5-21-3161066389-1223575792-422791487-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.Tracking Cookie

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@smartadserver[2].txt

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.gmodules[2].txt

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@xiti[1].txt

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@invitemedia[1].txt

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adtech[1].txt

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt

C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt

2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

as-us.falkag.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

atdmt.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

cdn5.specificclick.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

directtrack.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

ec.atdmt.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

googleads.g.doubleclick.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

ia.media-imdb.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

img-cdn.mediaplex.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

interclick.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

m.uk.2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

m1.2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

m1.emea.2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

macromedia.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

media.fliptrack.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

media.scanscout.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

media.tattomedia.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

media01.kyte.tv [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

media1.break.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

mediaplex.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

objects.tremormedia.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

oddcast.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

pornotube.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

s0.2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

secure-us.imrworldwide.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

serving-sys.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

sexgamesfree.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

spe.atdmt.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

static.2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

uk.2mdn.net [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

Welcome To Bigcockteenaddiction! [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

Free Porn Videos & Pussy Movies- Sex Videos, Porno, Porn Tube, XXX and Pussy Porn. [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

Sexy and Funny - Sexy Videos, Hot Girls, Funny and Sexy Photos/Animations [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\AUZCYTV4 ]

C:\Documents and Settings\Gary\Cookies\gary@www3.addfreestats[1].txt

C:\Documents and Settings\Gary\Cookies\gary@stats.matraxis[1].txt

C:\Documents and Settings\Gary\Cookies\gary@revsci[2].txt

C:\Documents and Settings\Gary\Cookies\gary@cdn5.specificclick[2].txt

C:\Documents and Settings\Gary\Cookies\gary@cdn4.specificclick[2].txt

C:\Documents and Settings\Gary\Cookies\gary@stats.matraxis[2].txt

C:\Documents and Settings\Gary\Cookies\gary@e-2dj6wfk4wgazako.stats.esomniture[2].txt

C:\Documents and Settings\Gary\Cookies\gary@primediabusiness.122.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@tacoda[2].txt

C:\Documents and Settings\Gary\Cookies\gary@adxpose[1].txt

C:\Documents and Settings\Gary\Cookies\gary@t.p.y.cltomedia[1].txt

C:\Documents and Settings\Gary\Cookies\gary@archant.122.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@www.windowsmedia[2].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.us.e-planning[1].txt

C:\Documents and Settings\Gary\Cookies\gary@adserver.warpradio[1].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.uknetguide.co[2].txt

C:\Documents and Settings\Gary\Cookies\gary@www.burstbeacon[2].txt

C:\Documents and Settings\Gary\Cookies\gary@server.lon.liveperson[4].txt

C:\Documents and Settings\Gary\Cookies\gary@tribalfusion[2].txt

C:\Documents and Settings\Gary\Cookies\gary@atdmt[1].txt

C:\Documents and Settings\Gary\Cookies\gary@server.lon.liveperson[1].txt

C:\Documents and Settings\Gary\Cookies\gary@server.lon.liveperson[3].txt

C:\Documents and Settings\Gary\Cookies\gary@click.yottacash[1].txt

C:\Documents and Settings\Gary\Cookies\gary@serving-sys[2].txt

C:\Documents and Settings\Gary\Cookies\gary@www.burstnet[2].txt

C:\Documents and Settings\Gary\Cookies\gary@commedia.org[2].txt

C:\Documents and Settings\Gary\Cookies\gary@findarticles[2].txt

C:\Documents and Settings\Gary\Cookies\gary@ad.usingenglish[2].txt

C:\Documents and Settings\Gary\Cookies\gary@track.adform[2].txt

C:\Documents and Settings\Gary\Cookies\gary@eas.apm.emediate[1].txt

C:\Documents and Settings\Gary\Cookies\gary@apmebf[1].txt

C:\Documents and Settings\Gary\Cookies\gary@wsclick.infospace[1].txt

C:\Documents and Settings\Gary\Cookies\gary@centerparcs.112.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@cltomedia[1].txt

C:\Documents and Settings\Gary\Cookies\gary@content.yieldmanager[2].txt

C:\Documents and Settings\Gary\Cookies\gary@content.yieldmanager[3].txt

C:\Documents and Settings\Gary\Cookies\gary@ad12.bannerbank[1].txt

C:\Documents and Settings\Gary\Cookies\gary@e-2dj6wfkowhcjsgq.stats.esomniture[2].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.silverdisc.co[1].txt

C:\Documents and Settings\Gary\Cookies\gary@www.googleadservices[2].txt

C:\Documents and Settings\Gary\Cookies\gary@www.hamiltonadvertiser.co[1].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.ad4game[1].txt

C:\Documents and Settings\Gary\Cookies\gary@advertising[2].txt

C:\Documents and Settings\Gary\Cookies\gary@e-2dj6wnk4ckdzwao.stats.esomniture[2].txt

C:\Documents and Settings\Gary\Cookies\gary@overture[2].txt

C:\Documents and Settings\Gary\Cookies\gary@media6degrees[2].txt

C:\Documents and Settings\Gary\Cookies\gary@doubleclick[1].txt

C:\Documents and Settings\Gary\Cookies\gary@mediaplex[1].txt

C:\Documents and Settings\Gary\Cookies\gary@audience2media[2].txt

C:\Documents and Settings\Gary\Cookies\gary@fidelity.rotator.hadj7.adjuggler[1].txt

C:\Documents and Settings\Gary\Cookies\gary@e-2dj6wgmyamd5cfo.stats.esomniture[2].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.audience2media[1].txt

C:\Documents and Settings\Gary\Cookies\gary@mediametrics.mpsa[1].txt

C:\Documents and Settings\Gary\Cookies\gary@bs.serving-sys[1].txt

C:\Documents and Settings\Gary\Cookies\gary@invitemedia[1].txt

C:\Documents and Settings\Gary\Cookies\gary@e-2dj6waloklczadq.stats.esomniture[2].txt

C:\Documents and Settings\Gary\Cookies\gary@fastclick[1].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.maroonspider[1].txt

C:\Documents and Settings\Gary\Cookies\gary@adbrite[1].txt

C:\Documents and Settings\Gary\Cookies\gary@122.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@ad.yieldmanager[2].txt

C:\Documents and Settings\Gary\Cookies\gary@adserver.adtechus[1].txt

C:\Documents and Settings\Gary\Cookies\gary@ads.ctasnet[1].txt

C:\Documents and Settings\Gary\Cookies\gary@burstbeacon[2].txt

C:\Documents and Settings\Gary\Cookies\gary@ice.112.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@imrworldwide[2].txt

C:\Documents and Settings\Gary\Cookies\gary@kontera[1].txt

C:\Documents and Settings\Gary\Cookies\gary@newsquestdigitalmedia.122.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@oasn-en1.247realmedia[1].txt

C:\Documents and Settings\Gary\Cookies\gary@trinitymirror.112.2o7[1].txt

C:\Documents and Settings\Gary\Cookies\gary@videoegg.adbureau[2].txt

C:\Documents and Settings\Gary\Cookies\gary@www.smartadserver[1].txt

C:\Documents and Settings\Gary\Cookies\gary@yadro[1].txt

C:\Documents and Settings\Gary\Cookies\gary@yieldmanager[1].txt

149.memecounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

acvs.mediaonenetwork.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

ads1.msn.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

atdmt.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

broadcast.piximedia.fr [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

burstnet.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

cde.cerosmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

cdn5.specificclick.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

cloud.video.unrulymedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

crackle.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

ds.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

ec.atdmt.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

googleads.g.doubleclick.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

ia.media-imdb.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

img-cdn.mediaplex.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

interclick.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

m.uk.2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

m1.2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

m1.emea.2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

macromedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.gamefudge.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.jambocast.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.mtvnservices.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.resulthost.org [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.scanscout.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.splicemusic.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

media.tattomedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

mediaplex.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

memecounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

msntest.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

objects.tremormedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

oddcast.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

s0.2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

spe.atdmt.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

stat.radioblogclub.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

stat.tvblogclub.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

static.2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

uk.2mdn.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

video.unrulymedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

videomedia.ign.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

virginmedia.a.mms.mavenapps.net [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

Free Porn Videos & Pussy Movies- Sex Videos, Porno, Porn Tube, XXX and Pussy Porn. [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

Trackitdown - Dance Music MP3/WAV/Merchandise Distribution Centre [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

yo.static.presidiomedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

zedo.com [ C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\RM65FTLK ]

Browser Hijacker.Deskbar

HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}

HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0

HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0

HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32

HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS

HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}

HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid

HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32

HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib

HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version

HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}

HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid

HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32

HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib

HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version

HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid

HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32

HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib

HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Adware.Flash Tracking Cookie

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\DS.SERVING-SYS.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MSNTEST.SERVING-SYS.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\SERVING-SYS.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\149.MEMECOUNTER.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEMECOUNTER.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\ACVS.MEDIAONENETWORK.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\BROADCAST.PIXIMEDIA.FR

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\CDE.CEROSMEDIA.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\IA.MEDIA-IMDB.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\IMG-CDN.MEDIAPLEX.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIA.GAMEFUDGE.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIA.MTVNSERVICES.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIA.RESULTHOST.ORG

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIA.SCANSCOUT.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIA.SPLICEMUSIC.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIA.TATTOMEDIA.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\MEDIAPLEX.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\OBJECTS.TREMORMEDIA.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\VIDEOMEDIA.IGN.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\VIRGINMEDIA.A.MMS.MAVENAPPS.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\Trackitdown - Dance Music MP3/WAV/Merchandise Distribution Centre

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\INTERCLICK.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\STAT.RADIOBLOGCLUB.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\STAT.TVBLOGCLUB.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\ADS1.MSN.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\ATDMT.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\EC.ATDMT.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\SPE.ATDMT.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\ZEDO.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\BURSTNET.COM

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\M.UK.2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\M1.2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\M1.EMEA.2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\S0.2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\STATIC.2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\UK.2MDN.NET

C:\Documents and Settings\HP_Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RM65FTLK\SECURE-US.IMRWORLDWIDE.COM

Adware.Generic

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\CE8732D\3E688669\PRODUCTINFO.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\MFILEBAGIDE.DLL\BAG\PRODUCTINFO.DLL

 

Waiting for you response if all can be deleted

 

Seedy21

[schrauber]

Hi,

 

Remove them all, then do this please:

 

 

Please run a BitDefender Online Scan

 

• Click I Agree to agree to the EULA.
  
• Allow the ActiveX control to install when prompted.
  
• Click Click here to scan to begin the scan.
  
• Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  
• When the scan is finished, click on Click here to export the scan results.
  
• Save the report to your desktop so you can post it in your next reply.
  

 

 

 

 

Also please reopen OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.

[seedy21]

ill do it next week am going on holiday so the next time ill have access to that pc is next week

 

 

all the best

 

seedy21

[schrauber]

Ok :)

[seedy21]

OTL logfile created on: 13/08/2010 16:05:08 - Run 2

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

503.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 33.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.39 Gb Total Space | 91.54 Gb Free Space | 63.40% Space Free | Partition Type: NTFS

Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: YOUR-D65BBC6695

Current User Name: HP_Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/07/27 09:41:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

PRC - [2010/06/02 16:00:48 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2010/06/02 16:00:45 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/01 15:57:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\HP_Owner\My Documents\a2usb\a2service.exe

PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/06/26 17:13:40 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/06/26 17:13:24 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2006/05/06 13:01:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2004/05/20 10:47:18 | 000,249,856 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe

PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/07/27 09:41:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

MOD - [2010/06/02 16:00:49 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll

MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - File not found [Auto | Stopped] -- K:\Program Files\Ashampoo Anti-Malware\AAMW_Service.exe -- (AAMWService)

SRV - File not found [Auto | Stopped] -- K:\Program Files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe -- (AAMW_WSC_Service_XP)

SRV - [2010/06/02 16:00:48 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/01 15:57:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe -- (a2free)

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010/03/11 09:01:02 | 000,153,736 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)

SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)

SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/06/02 16:00:49 | 000,133,064 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)

DRV - [2010/06/02 16:00:49 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)

DRV - [2010/06/02 16:00:49 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/06 17:05:31 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/02/19 13:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2009/02/19 13:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009/02/19 13:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/02/19 13:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/04/03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)

DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)

DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)

DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)

DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)

DRV - [2005/04/25 02:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)

DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/07/19 18:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2004/07/17 05:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2001/08/17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing UK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found

O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ashampoo Anti-Malware Guard] K:\Program Files\Ashampoo Anti-Malware\AAMW_Guard.exe File not found

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] File not found

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/01/02 02:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 13:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{6e88eb7a-6314-11de-8bee-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{6e88eb7a-6314-11de-8bee-000e50950826}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6e88eb7a-6314-11de-8bee-000e50950826}\Shell\AutoRun\command - "" = J:\AUTORUN.EXE -- File not found

O33 - MountPoints2\{f95f4128-a81b-11dc-8919-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{f95f4128-a81b-11dc-8919-000e50950826}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f95f4129-a81b-11dc-8919-000e50950826}\Shell - "" = AutoRun

O33 - MountPoints2\{f95f4129-a81b-11dc-8919-000e50950826}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/08/13 10:54:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2010/08/11 16:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2010/08/11 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010/08/11 16:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010/08/11 16:50:16 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2010/08/11 16:50:16 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2010/08/11 16:50:16 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll

[2010/08/11 16:50:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2010/08/11 16:50:15 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll

[2010/08/11 16:50:15 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2010/08/11 16:50:14 | 000,000,000 | ---D | C] -- C:\a2ad8f56c6b42c3afc8424

[2010/08/11 09:35:27 | 000,000,000 | ---D | C] -- C:\92609aacc4400e4dd21f82

[2010/08/11 09:35:21 | 000,000,000 | ---D | C] -- C:\3f8d7288f5a1e45fc4ccad1bc358e225

[2010/08/09 17:52:18 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2010/08/08 17:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared

[2010/08/08 17:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation

[2010/08/08 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2010/08/08 17:14:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2010/08/08 17:14:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010/08/08 17:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2010/08/08 17:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2010/08/08 17:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2010/08/07 19:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\COMODO

[2010/07/29 14:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\lspfix

[2010/07/29 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/07/29 10:58:40 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Owner\My Documents\mbam-setup-1.46.exe

[2010/07/27 09:41:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

[2010/07/26 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\FAST BROWSER SEARCH

[2010/07/26 16:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com

[2010/07/26 16:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/07/26 14:11:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

[2010/07/26 13:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ashampoo

[2010/07/19 21:46:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010/07/19 10:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\EmsisoftEmergencyKit

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/08/13 15:55:03 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/08/13 15:54:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/13 15:49:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/13 15:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/13 15:49:47 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/13 15:48:29 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat

[2010/08/13 15:48:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini

[2010/08/13 15:35:39 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:35:39 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCF

[2010/08/13 15:31:31 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:31 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/12 09:49:36 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/11 17:03:33 | 000,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/11 17:03:33 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/11 17:03:33 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/08 17:28:31 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk

[2010/08/08 17:16:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/08/08 17:15:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/08/08 17:14:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/08/08 17:00:54 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk

[2010/07/29 14:31:33 | 011,104,736 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\SAS_636D7680.COM

[2010/07/29 14:15:03 | 000,201,030 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\lspfix.zip

[2010/07/29 10:58:43 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Owner\My Documents\mbam-setup-1.46.exe

[2010/07/27 10:04:39 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\MBRCheck.exe

[2010/07/27 10:04:27 | 000,293,376 | ---- | M] () -- C:\ufd8fjzz.exe

[2010/07/27 09:41:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll

[2010/07/26 14:11:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

[2010/07/23 18:17:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/07/23 18:17:33 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/07/22 10:26:40 | 000,008,264 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Christian Seed's CV.rtf

[2010/07/19 09:54:37 | 108,968,331 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\EmsisoftEmergencyKit.zip

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/08/13 15:35:39 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:35:39 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCF

[2010/08/13 15:31:31 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:31 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:25 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/13 15:31:15 | 000,026,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\E_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCFE_FCF0BVE.UCF

[2010/08/09 10:10:36 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc

[2010/08/08 17:28:31 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk

[2010/08/08 17:14:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/08/08 17:00:54 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk

[2010/07/29 14:31:32 | 011,104,736 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\SAS_636D7680.COM

[2010/07/29 14:15:02 | 000,201,030 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\lspfix.zip

[2010/07/27 10:04:39 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\MBRCheck.exe

[2010/07/27 10:04:26 | 000,293,376 | ---- | C] () -- C:\ufd8fjzz.exe

[2010/07/19 09:54:20 | 108,968,331 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\EmsisoftEmergencyKit.zip

[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/11/07 18:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/09/05 16:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2007/11/10 17:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2006/12/27 13:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2006/12/27 13:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini

[2006/03/04 11:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/10/11 17:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2005/06/05 19:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2005/04/13 20:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2005/01/31 15:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini

[2005/01/01 17:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini

[2005/01/01 17:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini

[2005/01/01 17:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL

[2004/12/28 10:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini

[2004/12/28 10:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2004/12/28 10:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI

[2004/12/28 10:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2004/06/29 06:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/01/02 09:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/01/02 08:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/01/02 06:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2004/01/02 06:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2004/01/02 04:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2004/01/02 04:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2004/01/02 04:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/01/02 04:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/01/02 04:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/01/02 04:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/01/02 03:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2004/01/02 03:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2004/01/02 03:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2004/01/02 03:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2004/01/02 03:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2004/01/02 03:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2004/01/02 03:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/01/02 02:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/01/02 02:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/01/02 02:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/01/02 02:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/01/01 19:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll

[2003/07/16 12:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003/03/06 23:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll

< End of report >

 

 

OTL Extras logfile created on: 13/08/2010 16:05:08 - Run 2

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

503.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 33.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.39 Gb Total Space | 91.54 Gb Free Space | 63.40% Space Free | Partition Type: NTFS

Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: YOUR-D65BBC6695

Current User Name: HP_Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\yahoo!\messenger\ypager.exe"" = C:\Program Files\yahoo!\messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Documents and Settings\HP_Owner\My Documents\tightvnc-1.3.9_x86\WinVNC.exe" = C:\Documents and Settings\HP_Owner\My Documents\tightvnc-1.3.9_x86\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"C:\Documents and Settings\HP_Owner\Application Data\U3\00001628C3733796\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\HP_Owner\Application Data\U3\00001628C3733796\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium

"{01EEBF41-0FB1-4C85-BAD2-F2D7CF2BE877}" = Travelmanager UK and Ireland 2004

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200

"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600

"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices

"{1B602410-D983-4947-98FE-EE749073D15E}" = GamingHarbor Toolbar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6DBB0348-544A-42DC-AD30-B8C4B107DD6A}" = SymNet

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0

"{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530

"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader

"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER

"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution

"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2

"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.115

"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"COMODO Internet Security" = COMODO Internet Security

"Cool Edit Pro 2.0" = Cool Edit Pro 2.0

"Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)

"Creative Photo Manager" = Creative Photo Manager

"Creative WebCam Center" = Creative WebCam Center

"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"ESDX5000_CX4900 User's Guide" = ESDX5000_CX4900 User's Guide

"ESET Online Scanner" = ESET Online Scanner v3

"GamingHarbor Toolbar" = GamingHarbor Toolbar

"Help and Support Additions" = Help and Support Additions

"HP Photo & Imaging" = HP Image Zone 4.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mplayer.com" = Mplayer.com

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer

"SiS VGA Driver" = SiS VGA Utilities

"Trillian" = Trillian

"Ulead iPhoto Express 1.1" = Ulead iPhoto Express 1.1

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WebCam Instant Product Registration" = WebCam Instant Product Registration

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip Self-Extractor" = WinZip Self-Extractor

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XviD" = XviD MPEG-4 Codec

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13/08/2010 10:57:13 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 13/08/2010 10:57:15 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 13/08/2010 10:57:15 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 13/08/2010 10:57:25 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 13/08/2010 10:57:25 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 13/08/2010 10:57:26 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 13/08/2010 10:57:26 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 13/08/2010 10:57:27 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 13/08/2010 10:57:27 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 13/08/2010 10:57:27 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

[ System Events ]

Error - 13/08/2010 04:06:50 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware Service service failed to start due to the

following error: %%3

 

Error - 13/08/2010 04:06:50 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware WSC Service service failed to start due

to the following error: %%3

 

Error - 13/08/2010 05:33:38 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware Service service failed to start due to the

following error: %%3

 

Error - 13/08/2010 05:33:38 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware WSC Service service failed to start due

to the following error: %%3

 

Error - 13/08/2010 09:39:45 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware Service service failed to start due to the

following error: %%3

 

Error - 13/08/2010 09:39:45 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware WSC Service service failed to start due

to the following error: %%3

 

Error - 13/08/2010 09:52:46 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM

Service service to connect.

 

Error - 13/08/2010 09:52:46 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The IMAPI CD-Burning COM Service service failed to start due to the

following error: %%1053

 

Error - 13/08/2010 10:49:57 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware Service service failed to start due to the

following error: %%3

 

Error - 13/08/2010 10:49:57 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000

Description = The Ashampoo Anti-Malware WSC Service service failed to start due

to the following error: %%3

 

 

< End of report >

 

 

have removed the stuff from SuperAntiSpyware and still cant update any anitviruses

 

 

Seedy21

[schrauber]

Hi,

 

Please uninstall Ashampoo Antimalware.

 

Do you use a router?

 

 

Please download this file

 

http://download.bleepingcomputer.com/bats/routeexp.bat

 

to your desktop and run it with doubleclick. A logfile will open, please post the content here in the thread.

[seedy21]

Ashampoo is not installed on the computer i ran it off my memory stick to see if it could find anything and no the computer is not running though a router its a usb moderm

 

Thanks

 

Seedy21

[seedy21]

The computer is know running even more slower then before. Dad is getting a bit angry as it is now finding hard to load up web pages on the Internet in IE8

 

Thanks Seedy21

[schrauber]

Please follow the rest of the instructions above. Also please do this:

 

 

 

Download MBRCheck.exe to your desktop

XP users > double click on MBRCheck.exe to run it

Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator

It will show a black screen with some data on it

Click on the black C:\ in the upper left hand corner of the black screen

Choose Edit > Select All > Press Enter to copy the data to your clip board

Press Enter again to close MBRCheck

Now open up notepad or wordpad and paste the data in (press Control+V)

 

Post the results in your reply

[seedy21]

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

 

 

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

 

Seedy21

[schrauber]

Hi,

 

Please go here and have a look how you can disable your security software.

 

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

 

Link 1

Link 2

 

 

 

--------------------------------------------------------------------

 

Double click on the renamed Combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

 

If you need help, see this link:

A guide and tutorial on using ComboFix

[seedy21]

sorry about it been so late i havent had accdess to the PC in a long time. Here is the log and it couldnt download and install windfows recovery console from of the virus and not been able to download it.

 

 

 

bComboFix 10-08-31.02 - HP_Owner 01/09/2010 15:02:39.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.287 [GMT 1:00]

Running from: c:\documents and settings\HP_Owner\Desktop\schrauber.exe

AV: Ashampoo Anti-MalWare *On-access scanning disabled* (Outdated) {91BDFB4E-BA7E-4ABC-9472-A79BA394CA4B}

AV: COMODO Antivirus *On-access scanning disabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\Uninstall

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\pi.exe

c:\windows\system32\_000124_.tmp.dll

c:\windows\system32\fsc.txt

c:\windows\system32\ide.txt

c:\windows\system32\klgd.bmp

c:\windows\system32\lpe.txt

c:\windows\system32\msxmlm.dll.tmp

c:\windows\system32\qks.txt

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))

.

2010-08-13 09:54 . 2010-08-13 14:11 -------- d-----w- c:\windows\BDOSCAN8

2010-08-11 15:52 . 2010-08-11 15:52 -------- d-----w- c:\windows\system32\XPSViewer

2010-08-11 15:52 . 2010-08-11 15:52 -------- d-----w- c:\program files\MSBuild

2010-08-11 15:52 . 2010-08-11 15:52 -------- d-----w- c:\program files\Reference Assemblies

2010-08-11 15:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-11 15:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-11 15:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-11 15:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-11 15:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-11 15:50 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-08-11 15:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-11 15:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-11 15:50 . 2010-08-11 15:51 -------- d-----w- C:\a2ad8f56c6b42c3afc8424

2010-08-11 08:35 . 2010-08-11 08:35 -------- d-----w- C:\92609aacc4400e4dd21f82

2010-08-11 08:35 . 2010-08-11 08:35 -------- d-----w- C:\3f8d7288f5a1e45fc4ccad1bc358e225

2010-08-08 16:29 . 2010-08-08 17:18 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\Sony

2010-08-08 16:28 . 2010-08-08 16:28 -------- d-----w- c:\program files\Common Files\Sony Shared

2010-08-08 16:27 . 2010-08-08 16:27 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\Downloaded Installations

2010-08-08 16:27 . 2010-08-14 17:30 -------- d-----w- c:\program files\Sony

2010-08-08 16:27 . 2010-08-08 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2010-08-08 16:14 . 2010-08-08 16:15 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-08-08 16:14 . 2010-08-08 16:14 -------- d-----w- c:\windows\system32\LogFiles

2010-08-08 16:13 . 2010-08-08 16:13 -------- d-----w- c:\windows\SxsCaPendDel

2010-08-08 16:08 . 2010-08-08 16:28 -------- d-----w- c:\documents and settings\Gary\Application Data\Sony

2010-08-07 18:37 . 2010-08-07 18:37 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\COMODO

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-17 11:13 . 2007-09-30 09:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3

2010-08-14 17:36 . 2010-01-06 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-08-08 17:13 . 2010-01-06 17:12 -------- d-----w- c:\program files\Nokia

2010-08-08 16:27 . 2010-08-08 16:27 10134 ----a-r- c:\documents and settings\Gary\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe

2010-08-08 16:00 . 2004-01-02 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-29 12:59 . 2010-07-29 12:59 -------- d-----w- c:\program files\ESET

2010-07-29 09:59 . 2009-08-31 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-27 09:04 . 2010-07-27 09:04 293376 ----a-w- C:\ufd8fjzz.exe

2010-07-26 15:30 . 2010-07-26 15:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com

2010-07-26 15:30 . 2010-07-26 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-30 12:31 . 2004-01-01 18:30 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-01-01 18:31 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-01-01 18:31 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-01-01 18:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-01-01 18:29 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-01-01 18:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 14:09 . 2010-06-14 14:09 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-14 07:41 . 2004-01-01 18:30 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-13 11:13 . 2008-07-07 15:14 45 ----a-w- c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat

2010-06-13 11:13 . 2009-10-12 16:16 87 ----a-w- c:\documents and settings\HP_Owner\jagex_runescape_preferences2.dat

2004-12-31 16:50 . 2004-12-31 16:50 0 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 136600]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]

"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 180269]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 1800464]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [02/06/2010 16:00 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/06/2010 16:00 25160]

R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\HP_Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

R2 a2free;a-squared Free Service;c:\documents and settings\HP_Owner\My Documents\a2usb\a2service.exe [19/05/2009 16:49 1858144]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19/02/2010 17:00 148744]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/08/2009 15:50 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/08/2009 15:50 20952]

S2 AAMW_WSC_Service_XP;Ashampoo Anti-Malware WSC Service;k:\program files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe --> k:\program files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe [?]

S2 AAMWService;Ashampoo Anti-Malware Service;k:\program files\Ashampoo Anti-Malware\AAMW_Service.exe --> k:\program files\Ashampoo Anti-Malware\AAMW_Service.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2005-03-31 c:\windows\Tasks\Easy Internet Sign-up.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-06-21 21:19]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop

IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html

IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

TCP: {293984DE-740C-443B-8FA6-AA116C38C545} = 212.139.132.25 212.139.132.27

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-VTTimer - VTTimer.exe

HKLM-Run-Ashampoo Anti-Malware Guard - k:\program files\Ashampoo Anti-Malware\AAMW_Guard.exe

AddRemove-Trillian - l:\system\Apps\58EA136C-7E57-4416-B59E-394C46DD505B\Exec\Trillian.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-01 15:35

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]

@DACL=(02 0000)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(884)

c:\windows\system32\guard32.dll

.

Completion time: 2010-09-01 15:47:47

ComboFix-quarantined-files.txt 2010-09-01 14:47

Pre-Run: 97,225,555,968 bytes free

Post-Run: 98,681,204,736 bytes free

- - End Of File - - B6AD7A930D87BE44D43E5571F539FEFA

 

 

Waiting for next reply

 

 

Seedy21

[seedy21]

hello are you still here????

 

 

seedy21