seedy21 Posted March 15, 2011 Posted March 15, 2011 Hello, I am having a problem on my parents computer on activating KIS 2011. I enter in the licence code and click activate and them it cant connect to the server. This computer has been having problems update free anti-virus definitions as well. I have ran MBAM and the computer comes up clean , the computer is not going though a proxy server so has access to all websites, have ran the kk.exe scan on to look for the net worm and that didn't come up with anything. The only change i have done from this log is removed avira personnal free. Thanks in advance, Heres the OTL log i run yesturday OTL logfile created on: 14/03/2011 11:23:47 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 503.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 25.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.39 Gb Total Space | 90.08 Gb Free Space | 62.38% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-D65BBC6695 Current User Name: HP_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\HP_Owner\My Documents\a2usb\a2service.exe (Emsi Software GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium) ========== Modules (SafeList) ========== MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AAMWService) -- K:\Program Files\Ashampoo Anti-Malware\AAMW_Service.exe File not found SRV - (AAMW_WSC_Service_XP) -- K:\Program Files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (a2free) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe (Emsi Software GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (upperdev) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (catchme) -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys File not found DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (SASKUTIL) -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\saskutil.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (PCDRSRVC) -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms (PC-Doctor, Inc.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation ) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/09/01 14:34:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011/03/14 09:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/14 09:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/14 09:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/03/14 09:16:50 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/03/14 08:47:48 | 119,045,240 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/03 09:00:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/03/03 09:00:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/03/03 09:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/03/02 21:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Avira [2011/02/27 11:59:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/14 09:36:09 | 000,151,492 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:20:30 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/03/14 09:19:49 | 000,115,465 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 09:15:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/14 09:12:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011/03/14 09:12:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/14 09:12:05 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys [2011/03/14 09:11:24 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat [2011/03/14 09:10:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini [2011/03/14 09:03:30 | 042,989,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/14 08:47:57 | 119,045,240 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/09 17:21:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/03 09:00:17 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/28 20:29:11 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011/02/28 20:29:11 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/28 20:29:11 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/02/27 10:10:29 | 000,000,656 | ---- | M] () -- C:\WINDOWS\win.ini [2011/02/27 10:10:29 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini [2011/02/12 13:49:44 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/14 09:31:47 | 000,151,492 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:19:49 | 000,115,465 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,545 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/14 09:03:26 | 042,989,471 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/03 09:00:17 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/11/07 17:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/09/05 15:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007/11/10 16:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2006/12/27 12:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/12/27 12:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini [2006/03/04 10:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/11 16:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005/06/05 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/04/13 19:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005/01/31 14:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini [2005/01/01 16:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini [2005/01/01 16:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini [2005/01/01 16:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2004/12/28 09:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2004/12/28 09:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2004/12/28 09:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2004/12/28 09:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/01/02 08:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/01/02 07:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/01/02 05:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2004/01/02 05:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004/01/02 03:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004/01/02 03:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004/01/02 03:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/01/02 03:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2004/01/02 03:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2004/01/02 03:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2004/01/02 02:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004/01/02 02:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004/01/02 02:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004/01/02 02:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004/01/02 02:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/01/02 01:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2004/01/02 01:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2004/01/02 01:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/01/02 01:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/01/01 18:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll [2003/07/16 11:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll ========== LOP Check ========== [2010/06/08 18:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/09/30 13:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2009/09/25 20:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2010/09/06 20:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED [2009/06/07 10:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2004/01/02 02:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2011/03/14 08:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES [2009/06/07 11:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/03/14 08:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS [2011/03/14 08:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/12/27 12:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/08/14 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/05/03 12:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/07/11 13:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C} [2010/03/17 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2005/03/31 19:14:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job ========== Purity Check ========== ========== Custom Scans ========== < Code: > < %SYSTEMDRIVE%\*.* > [2009/08/28 15:54:29 | 000,012,858 | ---- | M] () -- C:\ASLog.txt [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/09/07 06:20:56 | 000,000,194 | -HS- | M] () -- C:\boot.ini [2010/09/01 14:47:57 | 000,013,883 | ---- | M] () -- C:\ComboFix.txt [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/03/14 09:12:05 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys [2004/01/02 01:16:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/06/13 09:11:27 | 000,000,319 | -H-- | M] () -- C:\IPH.PH [2004/01/02 01:16:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/28 21:45:13 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/03/14 09:12:00 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2007/11/10 16:50:57 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010/06/22 09:33:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2010/06/22 09:53:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2010/03/31 13:33:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2010/04/01 10:46:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2010/04/01 15:01:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2010/04/08 12:44:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2010/04/08 12:45:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2010/04/08 13:07:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2010/04/09 08:38:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2010/04/09 08:52:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2010/04/09 14:40:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2010/04/09 14:42:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2010/04/09 14:43:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2010/04/10 08:03:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2010/04/12 15:33:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2010/04/19 16:44:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2010/04/26 15:44:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2010/06/02 09:38:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2010/06/16 16:52:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2010/06/22 09:32:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2010/06/22 09:33:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/06/22 09:53:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2010/03/31 13:33:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2010/04/01 10:46:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2010/04/01 15:01:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2010/04/08 12:44:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2010/04/08 12:45:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2010/04/08 13:07:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2010/04/09 08:38:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2010/04/09 08:52:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2010/04/09 14:40:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2010/04/09 14:42:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2010/04/09 14:43:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2010/04/10 08:03:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2010/04/12 15:33:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2010/04/19 16:44:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2010/04/26 15:44:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2010/06/02 09:37:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2010/06/16 16:52:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2010/06/22 09:32:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2010/07/27 09:04:27 | 000,293,376 | ---- | M] () -- C:\ufd8fjzz.exe < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2008/04/14 00:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll [2010/10/05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll [2008/04/14 00:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys < %systemroot%\system32\*.exe /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2004/01/02 01:08:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2004/01/02 01:08:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2004/01/02 01:08:06 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %PROGRAMFILES%\* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < End of report > I am learning malware removal so this is the fix i think i should run ( but not going to run it as again am in training :) Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found :Services SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AAMWService) -- K:\Program Files\Ashampoo Anti-Malware\AAMW_Service.exe File not found SRV - (AAMW_WSC_Service_XP) -- K:\Program Files\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe File not found DRV - (upperdev) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (catchme) -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys File not found :files ipconfig /flushdns /c :commands [purity] [emptytemp] [EMPTYFLASH] [RESETHOSTS] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Step 2 They is still elements of the Norton Sercurity on the system Please download Norton removaltool Click on the product you had installed Download Run the product Step 3 It looks like your computer requries more ram. ( i will try and get some soon :D Thanks Seedy21 Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Starbuck Posted March 15, 2011 Posted March 15, 2011 Hi seedy21 I am learning malware removal so this is the fix i think i should run But you missed something and what about this: OTL logfile created on: 14/03/2011 11:23:47 - Run 3OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Owner\Desktop Surely you should give all the info and use an up to date program! Version 3.2.9.1 is very out of date. and because it's the 3rd run ... where's the extras.txt? Also.... why are you removing Services in the report that way? I suggest you read the OTL Tutorial Let's get that sorted first and also sort out those Avira lines you missed: PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) So yes, run the Norton Removal tool. The run the Avira AntiVir Registry Cleaner Tool Remove your copy of OTL and get a fresh copy from: Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL as you have run OTL before, make sure that : Under Extra Registry section, Use SafeList is selected. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Once we have the fresh reports, we can take another look. Thanks Quote Member of:UNITE
seedy21 Posted March 16, 2011 Author Posted March 16, 2011 why are you removing Services in the report that way? Just to clear up a bit more space on the ram as it running slow as it is :) Ok i have run the avira removaltool but the norton removaltool i can't download it takes me to this link ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe then i cant download the file as internet explorer cant display the page :( here is the OTL log and the extra log has come up this time dont know y it didnt before OTL logfile created on: 16/03/2011 09:44:40 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 503.00 Mb Total Physical Memory | 195.00 Mb Available Physical Memory | 39.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.39 Gb Total Space | 89.28 Gb Free Space | 61.83% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32 Computer Name: YOUR-D65BBC6695 | User Name: HP_Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/16 09:35:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe PRC - [2009/01/09 08:28:30 | 001,077,248 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/05/06 12:01:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2004/05/20 09:47:18 | 000,249,856 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe ========== Modules (SafeList) ========== MOD - [2011/03/16 09:35:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - File not found [Disabled | Stopped] -- -- (AAMWService) SRV - File not found [Disabled | Stopped] -- -- (AAMW_WSC_Service_XP) SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010/04/01 14:57:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe -- (a2free) SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2007/12/10 12:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL) DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV) DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/05/06 16:05:31 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS) DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2008/10/01 10:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2005/04/25 01:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID) DRV - [2005/03/04 11:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/07/19 17:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2004/07/17 04:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2004/04/16 03:30:48 | 000,021,024 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms -- (PCDRSRVC) DRV - [2003/12/12 06:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139) DRV - [2001/08/17 19:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/09/01 14:34:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OCRAWARE.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/16 09:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\en-us [2011/03/16 09:35:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr [2011/03/14 22:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011 [2011/03/14 22:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/14 22:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Avira [2011/03/14 22:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011/03/14 09:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/14 09:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/14 09:16:50 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/03/14 08:47:48 | 119,045,240 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/03 09:00:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/03/03 09:00:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/03/03 09:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/27 11:59:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/16 09:40:07 | 000,120,640 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\HP_Owner\My Documents\RegCleaner.exe [2011/03/16 09:40:07 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\build.dat [2011/03/16 09:35:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr [2011/03/16 09:18:56 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/03/16 09:18:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/16 09:16:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/16 09:16:43 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys [2011/03/16 09:16:43 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/03/14 15:37:22 | 000,000,194 | -HS- | M] () -- C:\boot.ini [2011/03/14 14:49:08 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\avira_antivir_personal_en.exe [2011/03/14 09:36:09 | 000,151,492 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:19:49 | 000,115,465 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 09:03:30 | 042,989,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/14 08:47:57 | 119,045,240 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/09 17:21:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/03 09:00:17 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/28 20:29:11 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/28 20:29:11 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/14 14:48:13 | 049,788,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\avira_antivir_personal_en.exe [2011/03/14 09:31:47 | 000,151,492 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:19:49 | 000,115,465 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,545 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/14 09:03:26 | 042,989,471 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/03 09:00:17 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/04 16:51:22 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2010/08/09 09:10:36 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2010/06/14 14:09:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/05 16:24:08 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/04/04 19:46:49 | 000,007,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini [2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/11/07 17:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/09/05 15:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007/11/10 16:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2007/06/08 16:38:29 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/04/12 08:36:40 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/01/23 16:00:50 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc [2006/12/27 12:46:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2006/12/27 12:46:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006/12/27 12:46:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2006/12/27 12:46:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2006/12/27 12:46:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2006/12/27 12:46:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2006/12/27 12:46:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2006/12/27 12:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/12/27 12:46:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2006/12/27 12:46:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2006/12/27 12:46:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2006/12/27 12:46:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2006/12/27 12:46:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2006/12/27 12:46:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2006/12/27 12:46:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2006/12/27 12:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini [2006/03/04 10:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/11 16:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005/06/13 09:11:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/06/05 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/04/13 19:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005/02/20 14:42:28 | 000,020,450 | ---- | C] () -- C:\WINDOWS\SIFBPCALIB.DAT [2005/01/31 14:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini [2005/01/01 16:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini [2005/01/01 16:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini [2005/01/01 16:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2004/12/28 09:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2004/12/28 09:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2004/12/28 09:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2004/12/28 09:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/12/27 19:42:07 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat [2004/12/27 19:38:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat [2004/01/02 08:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/01/02 08:03:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/01/02 08:03:03 | 000,442,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/01/02 08:03:03 | 000,071,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/01/02 07:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/01/02 05:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2004/01/02 05:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004/01/02 05:10:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2004/01/02 03:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004/01/02 03:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004/01/02 03:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/01/02 03:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2004/01/02 03:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2004/01/02 03:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2004/01/02 02:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004/01/02 02:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004/01/02 02:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004/01/02 02:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004/01/02 02:46:18 | 000,094,372 | ---- | C] () -- C:\WINDOWS\HPHins03.dat [2004/01/02 02:46:18 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat [2004/01/02 02:40:50 | 000,104,159 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2004/01/02 02:40:50 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2004/01/02 02:33:57 | 000,089,076 | ---- | C] () -- C:\WINDOWS\hpdins01.dat [2004/01/02 02:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat [2004/01/02 02:28:04 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat [2004/01/02 02:28:04 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat [2004/01/02 02:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin [2004/01/02 02:10:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin [2004/01/02 01:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2004/01/02 01:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2004/01/02 01:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/01/02 01:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/01/02 01:18:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/01/02 01:14:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/01/02 01:09:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/01/02 01:08:36 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/01/01 18:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll [2004/01/01 18:30:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/01/01 18:30:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/01/01 18:30:32 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/01/01 18:30:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/01/01 18:30:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/01/01 18:30:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/01/01 18:30:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/01/01 18:29:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/01/01 18:28:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/07/16 11:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin [2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll < End of report > OTL Extras logfile created on: 16/03/2011 09:44:40 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 503.00 Mb Total Physical Memory | 195.00 Mb Available Physical Memory | 39.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.39 Gb Total Space | 89.28 Gb Free Space | 61.83% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32 Computer Name: YOUR-D65BBC6695 | User Name: HP_Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{01EEBF41-0FB1-4C85-BAD2-F2D7CF2BE877}" = Travelmanager UK and Ireland 2004 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200 "{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600 "{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices "{1B602410-D983-4947-98FE-EE749073D15E}" = GamingHarbor Toolbar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy "{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06 "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload "{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update "{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup "{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6DBB0348-544A-42DC-AD30-B8C4B107DD6A}" = SymNet "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1 "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0 "{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK "{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530 "{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0 "{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc "{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director "{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates "{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER "{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2 "{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print "{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare "{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software "{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager "{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm "{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436 "{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers "{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations "{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg "{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems PCI Soft Modem "Cool Edit Pro 2.0" = Cool Edit Pro 2.0 "Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425) "Creative Photo Manager" = Creative Photo Manager "Creative WebCam Center" = Creative WebCam Center "Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English) "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "ESDX5000_CX4900 User's Guide" = ESDX5000_CX4900 User's Guide "ESET Online Scanner" = ESET Online Scanner v3 "GamingHarbor Toolbar" = GamingHarbor Toolbar "Help and Support Additions" = Help and Support Additions "HP Photo & Imaging" = HP Image Zone 4.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PS2" = PS2 "Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions "Python 2.2.1" = Python 2.2.1 "QuickTime" = QuickTime "RealPlayer 6.0" = RealPlayer "SiS VGA Driver" = SiS VGA Utilities "Ulead iPhoto Express 1.1" = Ulead iPhoto Express 1.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WebCam Instant Product Registration" = WebCam Instant Product Registration "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinZip Self-Extractor" = WinZip Self-Extractor "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD" = XviD MPEG-4 Codec ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15/03/2011 17:12:12 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 15/03/2011 17:12:27 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 15/03/2011 17:21:04 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 15/03/2011 17:21:17 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 15/03/2011 17:21:28 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 15/03/2011 17:21:28 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 15/03/2011 17:41:16 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 15/03/2011 17:41:31 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 16/03/2011 03:35:00 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 16/03/2011 03:35:15 | Computer Name = YOUR-D65BBC6695 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. [ System Events ] Error - 15/03/2011 17:12:01 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%126 Error - 15/03/2011 17:12:03 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SISAGP viaagp1 Error - 16/03/2011 05:08:11 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus Service service to connect. Error - 16/03/2011 05:08:11 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000 Description = The Kaspersky Anti-Virus Service service failed to start due to the following error: %%1053 Error - 16/03/2011 05:08:11 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%126 Error - 16/03/2011 05:08:13 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SISAGP viaagp1 Error - 16/03/2011 05:17:21 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus Service service to connect. Error - 16/03/2011 05:17:21 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7000 Description = The Kaspersky Anti-Virus Service service failed to start due to the following error: %%1053 Error - 16/03/2011 05:17:21 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%126 Error - 16/03/2011 05:17:22 | Computer Name = YOUR-D65BBC6695 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SISAGP viaagp1 < End of report > Hope this helps Seedy21 Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
RandyL Posted March 16, 2011 Posted March 16, 2011 Starbuck that's twice now recently where a download link gives a page cannot be displayed as per posters. This one and a poster trying to download a NIC driver. I hope there is not an issue with malware causing this that is new. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted March 16, 2011 Posted March 16, 2011 Hi seedy21, Just to clear up a bit more space on the ram as it running slow as it is Removing the Services is not an issue. But you should remember that any line in the main.txt can be added for removal/modification just by adding it to the :Otl part of the scan. Any lines in a log from any of the standard scans or custom scans for files/folders can be copy/pasted directly into the :OTL section of a fix for removal. Generally :OTL will remove the entry and move the file at the same time. For processes, though, the file will not be moved and will need to be dealt with in the :FILES section. The :Services isn't really needed in this case. but the norton removaltool i can't download it takes me to this link ftp://ftp.symantec.com/public/englis...moval_Tool.exe The link you posted worked for me, but it's not the usual link i give. Step 1 Go to: Norton Removal Tool Download it to your 'Desktop'. Then click on the desktop icon to run the removal tool. If this doesn't work for you, we'll remove the lines with a script. Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 24 and save it to your desktop. Scroll down to where it says "Java SE 6 Update 24". Click the "Download JRE" button to the right. select 'Windows' from the Platform down arrow. Read the License Agreement and then check the box that says: "Accept License Agreement". Click Continue. The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 11 Java 2 Runtime Environment, SE v1.4.2_03 . Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Step 3 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl SRV - File not found [Disabled | Stopped] -- -- (AAMWService) SRV - File not found [Disabled | Stopped] -- -- (AAMW_WSC_Service_XP) O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OCRAWARE.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) [2011/03/14 22:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Avira [2011/03/14 22:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011/03/16 09:40:07 | 000,120,640 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\HP_Owner\My Documents\RegCleaner.exe :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 4 Let me have a fresh OTL report so that i can check the Norton lines. Just click the scan button as i don't really need the Extras.txt .... just the Main.txt In your next reply, please submit: Otl fix report and fresh Otl main report Thanks. Quote Member of:UNITE
seedy21 Posted March 17, 2011 Author Posted March 17, 2011 Hey, I can know update the anti-virus software. Thanks starbuck :D I ran into some problems with OTL and Norton Removaltool. OTL crashed on the rebuild of the hosts files and the norton removaltool crashed with the MSI on product code. here is the OTL fix report and running the otl scan now with malwarebytes :D Files\Folders moved on Reboot... C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\WTW9G8OC\ads[11].htm moved successfully. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\80NYQW0E\11458-KIS-2011-cant-connect-to-the-server-or-any-free-anti-virus[1].htm moved successfully. C:\WINDOWS\temp\kls3842.tmp moved successfully. C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. Registry entries deleted on Reboot... Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Starbuck Posted March 17, 2011 Posted March 17, 2011 Hi seedy21, Ok then, let me have the fresh OTL main.txt so that i can check if the other deletions took place. Thanks Quote Member of:UNITE
seedy21 Posted March 17, 2011 Author Posted March 17, 2011 OTL logfile created on: 17/03/2011 14:13:07 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 503.00 Mb Total Physical Memory | 189.00 Mb Available Physical Memory | 37.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.39 Gb Total Space | 89.47 Gb Free Space | 61.97% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32 Computer Name: YOUR-D65BBC6695 | User Name: HP_Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (a2free) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe (Emsi Software GmbH) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (PCDRSRVC) -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms (PC-Doctor, Inc.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation ) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 Hosts file not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/17 10:44:25 | 000,000,000 | ---D | C] -- C:\_OTL [2011/03/17 10:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/03/17 10:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/17 10:41:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/17 10:41:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/17 10:41:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/03/17 10:41:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/17 10:41:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/03/17 10:26:01 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u24-windows-i586.exe [2011/03/16 09:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\en-us [2011/03/16 09:35:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr [2011/03/14 22:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011 [2011/03/14 22:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/14 09:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/14 09:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/14 09:16:50 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/03/14 08:47:48 | 119,045,240 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/03 09:00:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/03/03 09:00:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/03/03 09:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/27 11:59:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe ========== Files - Modified Within 30 Days ========== [2011/03/17 13:57:05 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/03/17 13:56:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/17 13:55:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/17 13:55:39 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys [2011/03/17 11:00:08 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/17 11:00:07 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/17 10:41:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/17 10:41:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/17 10:41:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/17 10:41:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/03/17 10:41:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/03/17 10:26:01 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u24-windows-i586.exe [2011/03/16 09:40:07 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\build.dat [2011/03/16 09:35:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr [2011/03/16 09:16:43 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/03/14 15:37:22 | 000,000,194 | -HS- | M] () -- C:\boot.ini [2011/03/14 14:49:08 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\avira_antivir_personal_en.exe [2011/03/14 09:36:09 | 000,151,492 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 09:03:30 | 042,989,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/14 08:47:57 | 119,045,240 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/09 17:21:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/03 09:00:17 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/28 20:29:11 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/28 20:29:11 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2011/03/14 14:48:13 | 049,788,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\avira_antivir_personal_en.exe [2011/03/14 09:31:47 | 000,151,492 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:19:49 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/14 09:03:26 | 042,989,471 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/03 09:00:17 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/04 16:51:22 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2010/08/09 09:10:36 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2010/06/14 14:09:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/05 16:24:08 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/04/04 19:46:49 | 000,007,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini [2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/11/07 17:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/09/05 15:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007/11/10 16:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2007/06/08 16:38:29 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/04/12 08:36:40 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/01/23 16:00:50 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc [2006/12/27 12:46:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2006/12/27 12:46:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006/12/27 12:46:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2006/12/27 12:46:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2006/12/27 12:46:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2006/12/27 12:46:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2006/12/27 12:46:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2006/12/27 12:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/12/27 12:46:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2006/12/27 12:46:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2006/12/27 12:46:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2006/12/27 12:46:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2006/12/27 12:46:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2006/12/27 12:46:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2006/12/27 12:46:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2006/12/27 12:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini [2006/03/04 10:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/11 16:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005/06/13 09:11:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/06/05 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/04/13 19:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005/02/20 14:42:28 | 000,020,450 | ---- | C] () -- C:\WINDOWS\SIFBPCALIB.DAT [2005/01/31 14:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini [2005/01/01 16:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini [2005/01/01 16:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini [2005/01/01 16:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2004/12/28 09:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2004/12/28 09:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2004/12/28 09:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2004/12/28 09:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/12/27 19:42:07 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat [2004/12/27 19:38:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat [2004/01/02 08:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/01/02 08:03:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/01/02 08:03:03 | 000,442,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/01/02 08:03:03 | 000,071,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/01/02 07:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/01/02 05:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2004/01/02 05:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004/01/02 05:10:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2004/01/02 03:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004/01/02 03:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004/01/02 03:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/01/02 03:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2004/01/02 03:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2004/01/02 03:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2004/01/02 02:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004/01/02 02:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004/01/02 02:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004/01/02 02:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004/01/02 02:46:18 | 000,094,372 | ---- | C] () -- C:\WINDOWS\HPHins03.dat [2004/01/02 02:46:18 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat [2004/01/02 02:40:50 | 000,104,159 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2004/01/02 02:40:50 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2004/01/02 02:33:57 | 000,089,076 | ---- | C] () -- C:\WINDOWS\hpdins01.dat [2004/01/02 02:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat [2004/01/02 02:28:04 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat [2004/01/02 02:28:04 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat [2004/01/02 02:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin [2004/01/02 02:10:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin [2004/01/02 01:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2004/01/02 01:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2004/01/02 01:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/01/02 01:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/01/02 01:18:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/01/02 01:14:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/01/02 01:09:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/01/02 01:08:36 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/01/01 18:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll [2004/01/01 18:30:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/01/01 18:30:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/01/01 18:30:32 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/01/01 18:30:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/01/01 18:30:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/01/01 18:30:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/01/01 18:30:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/01/01 18:29:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/01/01 18:28:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/07/16 11:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin [2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll < End of report > Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Starbuck Posted March 17, 2011 Posted March 17, 2011 Hi seedy21, Ok, we'll get OTL to remove those Norton drivers. I see there's a service for A2 running, but the program isn't in the uninstall list. Has it been uninstalled? I've added it to the script, so if it is still there you can remove the line from the fix. Seems the previous fix didn't reset the hosts file, let's try that again. Also the Avira AV download is still showing as being on your desktop, you can manually delete that if it's still there. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl SRV - (a2free) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER\MY DOCUMENTS\A2USB\a2service.exe (Emsi Software GmbH) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present :commands [emptytemp] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Thanks Quote Member of:UNITE
seedy21 Posted March 18, 2011 Author Posted March 18, 2011 Hi, OTL failed again on the resethost command somthing about cant create and then the path to the hosts file. Malwarebytes show the computer is clean and now running a kaspersky scan as we speak. I also trying to run in cmd ipconfig /flushdns and that also failed. Heres the OTL fix report and a fresh OTL report. Files\Folders moved on Reboot... C:\WINDOWS\temp\klsA256.tmp moved successfully. Registry entries deleted on Reboot... OTL logfile created on: 18/03/2011 14:51:31 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 503.00 Mb Total Physical Memory | 228.00 Mb Available Physical Memory | 45.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.39 Gb Total Space | 89.50 Gb Free Space | 61.99% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32 Computer Name: YOUR-D65BBC6695 | User Name: HP_Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (Rasl2tp) WAN Miniport (L2TP) -- C:\WINDOWS\system32\drivers\rasl2tp.sys () DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (PCDRSRVC) -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms (PC-Doctor, Inc.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation ) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 Hosts file not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/17 10:44:25 | 000,000,000 | ---D | C] -- C:\_OTL [2011/03/17 10:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/03/17 10:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/17 10:41:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/17 10:41:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/17 10:41:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/03/17 10:41:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/17 10:41:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/03/17 10:26:01 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u24-windows-i586.exe [2011/03/16 09:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\en-us [2011/03/16 09:35:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr [2011/03/14 22:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011 [2011/03/14 22:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/14 09:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/14 09:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/14 09:16:50 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/03/14 08:47:48 | 119,045,240 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/03 09:00:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/03/03 09:00:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/03/03 09:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/27 11:59:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe ========== Files - Modified Within 30 Days ========== [2011/03/18 14:35:58 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/03/18 14:35:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/18 14:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/18 14:34:38 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys [2011/03/17 11:00:08 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/17 11:00:07 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/17 10:41:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/17 10:41:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/17 10:41:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/17 10:41:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/03/17 10:41:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/03/17 10:26:01 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u24-windows-i586.exe [2011/03/16 09:40:07 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\build.dat [2011/03/16 09:35:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr [2011/03/16 09:16:43 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/03/14 15:37:22 | 000,000,194 | -HS- | M] () -- C:\boot.ini [2011/03/14 14:49:08 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\avira_antivir_personal_en.exe [2011/03/14 09:36:09 | 000,151,492 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 09:03:30 | 042,989,471 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/14 08:47:57 | 119,045,240 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Owner\My Documents\kis11.0.2.556en_gb.exe [2011/03/09 17:21:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/03 09:00:17 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/28 20:29:11 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/28 20:29:11 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2011/03/14 14:48:13 | 049,788,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\avira_antivir_personal_en.exe [2011/03/14 09:31:47 | 000,151,492 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\GetSystemInfo_YOUR-D65BBC6695_HP_Owner_2011_03_14_09_31_18.zip [2011/03/14 09:19:49 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/14 09:03:26 | 042,989,471 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ivdf_fusebundle_nt_en.zip [2011/03/03 09:00:17 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/04 16:51:22 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2010/08/09 09:10:36 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2010/06/14 14:09:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/05 16:24:08 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/04/04 19:46:49 | 000,007,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini [2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/11/07 17:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/09/05 15:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007/11/10 16:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2007/06/08 16:38:29 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/04/12 08:36:40 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/01/23 16:00:50 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc [2006/12/27 12:46:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2006/12/27 12:46:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006/12/27 12:46:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2006/12/27 12:46:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2006/12/27 12:46:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2006/12/27 12:46:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2006/12/27 12:46:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2006/12/27 12:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/12/27 12:46:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2006/12/27 12:46:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2006/12/27 12:46:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2006/12/27 12:46:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2006/12/27 12:46:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2006/12/27 12:46:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2006/12/27 12:46:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2006/12/27 12:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini [2006/03/04 10:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/11 16:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005/06/13 09:11:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/06/05 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/04/13 19:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005/02/20 14:42:28 | 000,020,450 | ---- | C] () -- C:\WINDOWS\SIFBPCALIB.DAT [2005/01/31 14:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini [2005/01/01 16:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini [2005/01/01 16:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini [2005/01/01 16:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2004/12/28 09:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2004/12/28 09:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2004/12/28 09:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2004/12/28 09:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/12/27 19:42:07 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat [2004/12/27 19:38:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat [2004/01/02 08:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/01/02 08:03:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/01/02 08:03:03 | 000,442,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/01/02 08:03:03 | 000,071,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/01/02 07:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/01/02 05:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2004/01/02 05:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004/01/02 05:10:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2004/01/02 03:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004/01/02 03:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004/01/02 03:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/01/02 03:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2004/01/02 03:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2004/01/02 03:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2004/01/02 02:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004/01/02 02:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004/01/02 02:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004/01/02 02:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004/01/02 02:46:18 | 000,094,372 | ---- | C] () -- C:\WINDOWS\HPHins03.dat [2004/01/02 02:46:18 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat [2004/01/02 02:40:50 | 000,104,159 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2004/01/02 02:40:50 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2004/01/02 02:33:57 | 000,089,076 | ---- | C] () -- C:\WINDOWS\hpdins01.dat [2004/01/02 02:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat [2004/01/02 02:28:04 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat [2004/01/02 02:28:04 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat [2004/01/02 02:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin [2004/01/02 02:10:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin [2004/01/02 01:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2004/01/02 01:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2004/01/02 01:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/01/02 01:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/01/02 01:18:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/01/02 01:14:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/01/02 01:09:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/01/02 01:08:36 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/01/01 18:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll [2004/01/01 18:30:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/01/01 18:30:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/01/01 18:30:32 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/01/01 18:30:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/01/01 18:30:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/01/01 18:30:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/01/01 18:30:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/01/01 18:29:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/01/01 18:28:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/07/16 11:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin [2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll < End of report > Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Starbuck Posted March 18, 2011 Posted March 18, 2011 Hi seedy21 Under normal circumstances this shouldn't be a problem for OTL. i'm begining to suspect that a security program is blocking the changes to hosts file. The normal deletions are going through. Please disable Kaspersky and any other security program you are running and then try this: Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :commands [emptytemp] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles If this fails we'll try Download HostsXpert.zipExtract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert Double-click HostsXpert.exe to run the program. Click "Make Hosts Writable?" in the upper left corner (Only If available). Click "Restore Microsoft's Hosts file" and then click "OK". Click the X to exit the program. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. Quote Member of:UNITE
seedy21 Posted March 19, 2011 Author Posted March 19, 2011 OK this time it worked but still running slow on bootup Here is the fix log and a fresh OTL log All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gary ->Temp folder emptied: 56622 bytes ->Temporary Internet Files folder emptied: 4389508 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 639 bytes User: HP_Owner User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 93177 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 03192011_194625 Files\Folders moved on Reboot... C:\Documents and Settings\Gary\Local Settings\Temp\WCESLog.log moved successfully. C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\VYMS38KG\11458-KIS-2011-cant-connect-to-the-server-or-any-free-anti-virus[1].htm moved successfully. Registry entries deleted on Reboot... OTL logfile created on: 19/03/2011 19:58:12 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 503.00 Mb Total Physical Memory | 199.00 Mb Available Physical Memory | 39.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.39 Gb Total Space | 89.51 Gb Free Space | 61.99% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 0.90 Gb Free Space | 19.46% Space Free | Partition Type: FAT32 Computer Name: YOUR-D65BBC6695 | User Name: Gary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Gary\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe () PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Gary\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (PCDRSRVC) -- C:\WINDOWS\system32\drivers\pcdrsrvc.pkms (PC-Doctor, Inc.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation ) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011/03/19 19:46:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\Gary\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/01/02 01:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{a87a6c96-a0ec-11dc-890d-000e50950826}\Shell - "" = AutoRun O33 - MountPoints2\{a87a6c96-a0ec-11dc-890d-000e50950826}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a87a6c96-a0ec-11dc-890d-000e50950826}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs O33 - MountPoints2\{d1d8beb0-b0e5-11dd-8abc-000e50950826}\Shell\AutoRun\command - "" = K:\ O33 - MountPoints2\{d1d8beb0-b0e5-11dd-8abc-000e50950826}\Shell\linuxlive\command - "" = K:\VirtualBox\Virtualize_This_Key.exe O33 - MountPoints2\{d1d8beb0-b0e5-11dd-8abc-000e50950826}\Shell\linuxlive2\command - "" = K:\VirtualBox\VirtualBox.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/19 19:45:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.scr [2011/03/17 10:44:25 | 000,000,000 | ---D | C] -- C:\_OTL [2011/03/17 10:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/03/17 10:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/14 22:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011 [2011/03/14 22:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/14 09:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/14 09:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/14 09:16:50 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/14 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/03/03 09:00:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/03/03 09:00:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/03/03 09:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2011/03/19 19:51:49 | 000,002,659 | ---- | M] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2011/03/19 19:50:54 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/03/19 19:49:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/19 19:48:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/19 19:48:28 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys [2011/03/19 19:46:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/03/19 19:45:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.scr [2011/03/17 11:00:08 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/17 11:00:07 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/16 09:16:43 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/03/14 15:37:22 | 000,000,194 | -HS- | M] () -- C:\boot.ini [2011/03/14 09:16:50 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011/03/09 17:21:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/03 09:00:17 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/01 21:09:54 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/28 20:29:11 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/28 20:29:11 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2011/03/14 09:19:49 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/14 09:19:49 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/03 09:00:17 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/04 16:51:22 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2010/08/09 09:10:36 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2010/06/14 14:09:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/05 16:24:08 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/04/04 19:46:49 | 000,007,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini [2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009/02/27 19:58:44 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\ay6wYKYrtt.gif [2009/02/27 19:58:44 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\ay6wYKYrnn.gif [2009/02/27 19:58:44 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\ay6wYKYryy.gif [2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/11/07 17:20:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/09/05 15:46:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007/11/10 16:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2007/06/08 16:38:29 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/01/21 16:16:39 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc [2006/12/27 12:46:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2006/12/27 12:46:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006/12/27 12:46:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2006/12/27 12:46:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2006/12/27 12:46:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2006/12/27 12:46:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2006/12/27 12:46:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2006/12/27 12:46:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2006/12/27 12:46:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2006/12/27 12:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/12/27 12:46:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2006/12/27 12:46:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2006/12/27 12:46:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2006/12/27 12:46:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2006/12/27 12:46:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2006/12/27 12:46:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2006/12/27 12:46:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2006/12/27 12:42:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini [2006/03/04 10:20:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/11 16:26:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005/06/13 09:11:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/06/05 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/04/13 19:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005/02/20 14:42:28 | 000,020,450 | ---- | C] () -- C:\WINDOWS\SIFBPCALIB.DAT [2005/01/31 14:54:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini [2005/01/01 16:37:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini [2005/01/01 16:24:29 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ftree.ini [2005/01/01 16:24:28 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2004/12/31 15:09:27 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/12/28 09:55:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2004/12/28 09:26:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2004/12/28 09:26:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2004/12/28 09:23:00 | 000,000,777 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/12/27 23:04:35 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat [2004/12/27 19:38:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat [2004/01/02 08:03:28 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/01/02 08:03:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/01/02 08:03:03 | 000,442,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/01/02 08:03:03 | 000,071,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/01/02 07:06:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/01/02 05:50:22 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2004/01/02 05:50:22 | 000,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004/01/02 05:10:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2004/01/02 03:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004/01/02 03:17:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004/01/02 03:17:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/01/02 03:13:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2004/01/02 03:12:02 | 000,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2004/01/02 03:11:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2004/01/02 02:56:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004/01/02 02:56:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004/01/02 02:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004/01/02 02:56:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004/01/02 02:56:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004/01/02 02:46:18 | 000,094,372 | ---- | C] () -- C:\WINDOWS\HPHins03.dat [2004/01/02 02:46:18 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat [2004/01/02 02:40:50 | 000,104,159 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2004/01/02 02:40:50 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2004/01/02 02:33:57 | 000,089,076 | ---- | C] () -- C:\WINDOWS\hpdins01.dat [2004/01/02 02:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat [2004/01/02 02:28:04 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat [2004/01/02 02:28:04 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat [2004/01/02 02:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin [2004/01/02 02:10:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin [2004/01/02 02:10:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin [2004/01/02 01:36:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2004/01/02 01:36:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2004/01/02 01:36:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/01/02 01:19:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/01/02 01:18:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/01/02 01:14:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/01/02 01:09:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/01/02 01:08:36 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/01/01 18:30:40 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll [2004/01/01 18:30:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/01/01 18:30:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/01/01 18:30:32 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/01/01 18:30:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/01/01 18:30:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/01/01 18:30:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/01/01 18:30:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/01/01 18:29:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/01/01 18:28:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/07/16 11:09:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin [2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll ========== LOP Check ========== [2010/06/08 18:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/09/30 13:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2009/09/25 20:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2010/09/06 20:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED [2009/06/07 10:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2004/01/02 02:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2011/03/14 08:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES [2009/06/07 11:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/03/14 08:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS [2011/03/14 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/12/27 12:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/08/14 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/05/03 12:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2011/03/14 22:35:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C} [2010/03/17 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/02/27 20:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\EightyOne [2009/02/27 20:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\EPSON [2005/03/23 19:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Intervideo [2005/03/23 19:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech [2009/06/18 16:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nokia [2009/06/18 16:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PC Suite [2004/01/02 03:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SampleView [2010/08/08 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Sony [2005/03/17 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Template [2005/03/31 19:14:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Gary\My Documents\AnnualReport2004-5.pdf:�SummaryInformation < End of report > Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
seedy21 Posted March 29, 2011 Author Posted March 29, 2011 starbuck ???? Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Starbuck Posted March 30, 2011 Posted March 30, 2011 Sorry for the delay seedy21 I must have missed the email notification of your reply. Let's see if an online scan throws up anything, but i think a lot of the slowness at startup is due to the lack of Ram memory. You are running the bare minimum for XP SP3. You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.