Jump to content

Recommended Posts

Having repeat attacks of various viruses. Seems like theres a program in thats isnt getting found that is creating problems. Got the dds log for you to see

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by HP_Administrator at 8:35:42 on 2011-11-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1209 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! antivirus 4.8.1368 [VPS 091230-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

Trusted Zone: trymedia.com

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{B606FFE5-E16C-4172-8ED4-2E9ECCB039C7} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator.super-pc\application data\mozilla\firefox\profiles\fae6wsge.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-30 114768]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl381c658a;MpKsl381c658a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{744bfbb6-c7fe-4068-b7ac-f88a942d4673}\mpksl381c658a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{744bfbb6-c7fe-4068-b7ac-f88a942d4673}\MpKsl381c658a.sys [?]

R1 MpKsl9bcda4bb;MpKsl9bcda4bb;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b908308-c3e9-4a12-90e8-2ed2fb460ab0}\MpKsl9bcda4bb.sys [2011-11-24 28752]

R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2006-11-1 6656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-30 20560]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-31 366152]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-11-1 82048]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-31 22216]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-11-1 468768]

S0 qqyhtp;qqyhtp;c:\windows\system32\drivers\iyhc.sys --> c:\windows\system32\drivers\iyhc.sys [?]

S1 ksnbpdui;ksnbpdui;\??\c:\windows\system32\drivers\ksnbpdui.sys --> c:\windows\system32\drivers\ksnbpdui.sys [?]

S1 MpKsl01a96b60;MpKsl01a96b60;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e910397e-4762-4d1d-a258-9adb64f522fd}\mpksl01a96b60.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e910397e-4762-4d1d-a258-9adb64f522fd}\MpKsl01a96b60.sys [?]

S1 MpKsl0970af0f;MpKsl0970af0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37a59dfe-ac83-4afa-ae11-1f98eb73734f}\mpksl0970af0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37a59dfe-ac83-4afa-ae11-1f98eb73734f}\MpKsl0970af0f.sys [?]

S1 MpKsl46754598;MpKsl46754598;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2bedf089-5c83-421d-9abe-8ee6450b8a1a}\mpksl46754598.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2bedf089-5c83-421d-9abe-8ee6450b8a1a}\MpKsl46754598.sys [?]

S1 MpKsl4f48919d;MpKsl4f48919d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d24b75f8-4de0-48dc-acd9-26384bd918fd}\mpksl4f48919d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d24b75f8-4de0-48dc-acd9-26384bd918fd}\MpKsl4f48919d.sys [?]

S1 MpKsl5ddf165c;MpKsl5ddf165c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadae0d9-7a7d-4a08-99d8-34899e2584a6}\mpksl5ddf165c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadae0d9-7a7d-4a08-99d8-34899e2584a6}\MpKsl5ddf165c.sys [?]

S1 MpKsl61238879;MpKsl61238879;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c68d83a7-b742-4972-ae91-845785b59c7a}\mpksl61238879.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c68d83a7-b742-4972-ae91-845785b59c7a}\MpKsl61238879.sys [?]

S1 MpKsl73a8ec0e;MpKsl73a8ec0e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{367c8981-2df5-4d4a-83f6-d4347bd1e6e0}\mpksl73a8ec0e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{367c8981-2df5-4d4a-83f6-d4347bd1e6e0}\MpKsl73a8ec0e.sys [?]

S1 MpKsl85dec8b2;MpKsl85dec8b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bf6620c-3e15-41ec-b8f9-4caf9ff5cdd9}\mpksl85dec8b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bf6620c-3e15-41ec-b8f9-4caf9ff5cdd9}\MpKsl85dec8b2.sys [?]

S1 MpKslae12730d;MpKslae12730d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{56bc665e-44bd-4a1c-bebb-4552a8872f60}\mpkslae12730d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{56bc665e-44bd-4a1c-bebb-4552a8872f60}\MpKslae12730d.sys [?]

S1 MpKsld5ae489e;MpKsld5ae489e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c8bd22b-8c9c-4902-8a33-9c7f428425ce}\mpksld5ae489e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c8bd22b-8c9c-4902-8a33-9c7f428425ce}\MpKsld5ae489e.sys [?]

S1 MpKslf0b08fd8;MpKslf0b08fd8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e910397e-4762-4d1d-a258-9adb64f522fd}\mpkslf0b08fd8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e910397e-4762-4d1d-a258-9adb64f522fd}\MpKslf0b08fd8.sys [?]

S2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashserv.exe" --> c:\program files\alwil software\avast4\ashServ.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]

S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]

S3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashwebsv.exe" /service --> c:\program files\alwil software\avast4\ashWebSv.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]

.

=============== Created Last 30 ================

.

2011-11-25 02:48:57 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b908308-c3e9-4a12-90e8-2ed2fb460ab0}\MpKsl9bcda4bb.sys

2011-11-25 02:48:40 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b908308-c3e9-4a12-90e8-2ed2fb460ab0}\offreg.dll

2011-11-25 02:48:34 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b908308-c3e9-4a12-90e8-2ed2fb460ab0}\mpengine.dll

2011-11-24 02:26:33 -------- d--h--w- c:\windows\Copy of $NtUninstallWIC$

2011-11-24 02:26:33 -------- d--h--w- c:\windows\Copy of $NtUninstallMSCompPackV1$

2011-11-24 02:26:11 -------- d--h--w- c:\windows\Copy of $NtUninstallKB2524375$

2011-11-24 01:48:50 -------- d-sh--w- c:\documents and settings\hp_administrator.super-pc\IECompatCache

2011-11-20 21:32:13 -------- d-----w- c:\program files\14F89

2011-11-20 21:09:12 -------- d-----w- c:\program files\LP

2011-11-20 21:09:12 -------- d-----w- c:\documents and settings\hp_administrator.super-pc\application data\90A14

2011-11-20 21:08:52 -------- d-----w- c:\documents and settings\hp_administrator.super-pc\application data\eUUVVelOBtxPyc

2011-11-20 21:08:52 -------- d-----w- c:\documents and settings\hp_administrator.super-pc\application data\bJJ66dEKKgRZ9Yw

2011-11-20 21:08:47 -------- d-----w- c:\documents and settings\hp_administrator.super-pc\application data\A88ggTZqjYCwIrz

2011-11-20 21:08:40 -------- d-----w- c:\documents and settings\hp_administrator.super-pc\application data\YwwjjUVelO

2011-11-12 16:30:07 442612 ----a-w- c:\windows\system32\PerfStringBackup.TMP

.

==================== Find3M ====================

.

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 8:36:08.40 ===============

Thank you very much for your time

Link to post
Share on other sites

Hello moozie! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please post the Attach.txt (from DDS).

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/30/2010 12:39:28 PM

System Uptime: 11/30/2011 1:46:34 AM (8 hours ago)

.

Motherboard: ASUSTek Computer INC. | | Basswood

Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 224 GiB total, 35.347 GiB free.

D: is FIXED (NTFS) - 233 GiB total, 232.456 GiB free.

E: is FIXED (FAT32) - 9 GiB total, 0.346 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP828: 9/1/2011 10:09:55 PM - Software Distribution Service 3.0

RP829: 9/2/2011 6:29:26 AM - Software Distribution Service 3.0

RP830: 9/2/2011 6:49:42 PM - Software Distribution Service 3.0

RP831: 9/2/2011 9:24:15 PM - Software Distribution Service 3.0

RP832: 9/5/2011 7:04:23 PM - Software Distribution Service 3.0

RP833: 9/5/2011 7:13:42 PM - Software Distribution Service 3.0

RP834: 9/6/2011 6:30:00 AM - Software Distribution Service 3.0

RP835: 9/6/2011 8:08:29 PM - Software Distribution Service 3.0

RP836: 9/7/2011 6:34:57 AM - Software Distribution Service 3.0

RP837: 9/8/2011 6:29:57 AM - Software Distribution Service 3.0

RP838: 9/8/2011 6:40:15 AM - Software Distribution Service 3.0

RP839: 9/9/2011 3:00:14 AM - Software Distribution Service 3.0

RP840: 9/9/2011 1:54:27 PM - Software Distribution Service 3.0

RP841: 9/10/2011 7:03:05 AM - Software Distribution Service 3.0

RP842: 9/10/2011 4:51:40 PM - Software Distribution Service 3.0

RP843: 9/11/2011 7:03:08 AM - Software Distribution Service 3.0

RP844: 9/11/2011 7:13:33 PM - Software Distribution Service 3.0

RP845: 9/12/2011 6:36:30 AM - Software Distribution Service 3.0

RP846: 9/13/2011 6:30:53 AM - Software Distribution Service 3.0

RP847: 9/14/2011 12:18:28 AM - Software Distribution Service 3.0

RP848: 9/14/2011 4:46:30 PM - Software Distribution Service 3.0

RP849: 9/15/2011 6:12:21 PM - Software Distribution Service 3.0

RP850: 9/16/2011 7:46:45 PM - Software Distribution Service 3.0

RP851: 9/17/2011 8:08:52 PM - Software Distribution Service 3.0

RP852: 9/18/2011 1:59:36 AM - Software Distribution Service 3.0

RP853: 9/18/2011 3:00:13 AM - Software Distribution Service 3.0

RP854: 9/19/2011 6:14:44 AM - Software Distribution Service 3.0

RP855: 9/19/2011 6:25:06 AM - Software Distribution Service 3.0

RP856: 9/20/2011 6:19:22 AM - Software Distribution Service 3.0

RP857: 9/20/2011 6:29:23 AM - Software Distribution Service 3.0

RP858: 9/21/2011 6:28:05 AM - Software Distribution Service 3.0

RP859: 9/21/2011 6:38:14 AM - Software Distribution Service 3.0

RP860: 9/22/2011 3:00:13 AM - Software Distribution Service 3.0

RP861: 9/22/2011 7:25:25 AM - Software Distribution Service 3.0

RP862: 9/23/2011 3:00:14 AM - Software Distribution Service 3.0

RP863: 9/23/2011 5:08:58 PM - Software Distribution Service 3.0

RP864: 9/24/2011 6:01:52 AM - Software Distribution Service 3.0

RP865: 9/24/2011 6:12:15 PM - Software Distribution Service 3.0

RP866: 9/25/2011 1:51:06 AM - Software Distribution Service 3.0

RP867: 9/25/2011 3:00:13 AM - Software Distribution Service 3.0

RP868: 9/26/2011 6:01:54 AM - Software Distribution Service 3.0

RP869: 9/26/2011 6:11:55 AM - Software Distribution Service 3.0

RP870: 9/27/2011 6:02:00 AM - Software Distribution Service 3.0

RP871: 9/27/2011 6:17:40 AM - Software Distribution Service 3.0

RP872: 9/28/2011 6:02:01 AM - Software Distribution Service 3.0

RP873: 9/28/2011 6:12:26 PM - Software Distribution Service 3.0

RP874: 9/29/2011 3:00:13 AM - Software Distribution Service 3.0

RP875: 9/30/2011 6:02:05 AM - Software Distribution Service 3.0

RP876: 9/30/2011 6:12:04 AM - Software Distribution Service 3.0

RP877: 10/1/2011 3:00:13 AM - Software Distribution Service 3.0

RP878: 10/1/2011 6:30:47 AM - Software Distribution Service 3.0

RP879: 10/2/2011 8:48:28 AM - Software Distribution Service 3.0

RP880: 10/2/2011 8:58:48 AM - Software Distribution Service 3.0

RP881: 10/3/2011 4:21:44 AM - Software Distribution Service 3.0

RP882: 10/3/2011 9:42:31 AM - Software Distribution Service 3.0

RP883: 10/4/2011 6:35:08 AM - Software Distribution Service 3.0

RP884: 10/4/2011 10:42:03 AM - Software Distribution Service 3.0

RP885: 10/4/2011 11:27:40 AM - Software Distribution Service 3.0

RP886: 10/5/2011 3:09:32 AM - Software Distribution Service 3.0

RP887: 10/5/2011 8:33:45 PM - Software Distribution Service 3.0

RP888: 10/6/2011 6:32:23 AM - Software Distribution Service 3.0

RP889: 10/7/2011 6:32:27 AM - Software Distribution Service 3.0

RP890: 10/7/2011 6:42:34 AM - Software Distribution Service 3.0

RP891: 10/8/2011 3:00:14 AM - Software Distribution Service 3.0

RP892: 10/8/2011 11:49:14 AM - Software Distribution Service 3.0

RP893: 10/9/2011 1:55:32 AM - Software Distribution Service 3.0

RP894: 10/9/2011 3:00:13 AM - Software Distribution Service 3.0

RP895: 10/10/2011 6:34:48 AM - Software Distribution Service 3.0

RP896: 10/11/2011 7:13:52 AM - System Checkpoint

RP897: 10/11/2011 7:18:00 PM - Software Distribution Service 3.0

RP898: 10/12/2011 6:35:49 AM - Software Distribution Service 3.0

RP899: 10/13/2011 6:54:24 AM - Software Distribution Service 3.0

RP900: 10/13/2011 8:59:36 AM - Software Distribution Service 3.0

RP901: 10/14/2011 9:05:00 AM - Software Distribution Service 3.0

RP902: 10/15/2011 10:12:36 AM - System Checkpoint

RP903: 10/15/2011 11:39:26 AM - Software Distribution Service 3.0

RP904: 10/15/2011 2:06:26 PM - Software Distribution Service 3.0

RP905: 10/16/2011 4:19:23 PM - System Checkpoint

RP906: 10/16/2011 5:45:55 PM - Software Distribution Service 3.0

RP907: 10/17/2011 6:40:34 AM - Software Distribution Service 3.0

RP908: 10/17/2011 7:35:25 PM - Software Distribution Service 3.0

RP909: 10/18/2011 4:56:04 AM - Software Distribution Service 3.0

RP910: 10/19/2011 4:56:09 AM - Software Distribution Service 3.0

RP911: 10/19/2011 5:06:20 AM - Software Distribution Service 3.0

RP912: 10/20/2011 4:56:13 AM - Software Distribution Service 3.0

RP913: 10/20/2011 7:40:11 AM - Software Distribution Service 3.0

RP914: 10/21/2011 4:56:14 AM - Software Distribution Service 3.0

RP915: 10/21/2011 5:06:38 PM - Software Distribution Service 3.0

RP916: 10/22/2011 3:00:14 AM - Software Distribution Service 3.0

RP917: 10/22/2011 6:28:51 PM - Software Distribution Service 3.0

RP918: 10/23/2011 3:00:12 AM - Software Distribution Service 3.0

RP919: 10/24/2011 4:56:22 AM - Software Distribution Service 3.0

RP920: 10/24/2011 5:06:38 AM - Software Distribution Service 3.0

RP921: 10/25/2011 4:56:24 AM - Software Distribution Service 3.0

RP922: 10/25/2011 1:11:46 PM - Software Distribution Service 3.0

RP923: 10/26/2011 4:56:27 AM - Software Distribution Service 3.0

RP924: 10/26/2011 5:06:43 PM - Software Distribution Service 3.0

RP925: 10/27/2011 5:12:07 PM - System Checkpoint

RP926: 10/27/2011 5:47:53 PM - Software Distribution Service 3.0

RP927: 10/28/2011 4:56:52 AM - Software Distribution Service 3.0

RP928: 10/28/2011 10:53:26 PM - Software Distribution Service 3.0

RP929: 10/29/2011 4:56:53 AM - Software Distribution Service 3.0

RP930: 10/30/2011 2:33:29 AM - Software Distribution Service 3.0

RP931: 10/30/2011 3:00:14 AM - Software Distribution Service 3.0

RP932: 10/31/2011 4:57:05 AM - Software Distribution Service 3.0

RP933: 10/31/2011 5:07:08 AM - Software Distribution Service 3.0

RP934: 11/1/2011 4:57:22 AM - Software Distribution Service 3.0

RP935: 11/1/2011 6:34:58 AM - Software Distribution Service 3.0

RP936: 11/2/2011 3:00:13 AM - Software Distribution Service 3.0

RP937: 11/2/2011 7:10:54 AM - Software Distribution Service 3.0

RP938: 11/3/2011 4:57:40 AM - Software Distribution Service 3.0

RP939: 11/3/2011 5:08:06 PM - Software Distribution Service 3.0

RP940: 11/4/2011 3:00:13 AM - Software Distribution Service 3.0

RP941: 11/4/2011 6:40:47 PM - Software Distribution Service 3.0

RP942: 11/5/2011 4:58:01 AM - Software Distribution Service 3.0

RP943: 11/5/2011 9:00:02 PM - Software Distribution Service 3.0

RP944: 11/6/2011 3:58:17 AM - Software Distribution Service 3.0

RP945: 11/7/2011 3:58:34 AM - Software Distribution Service 3.0

RP946: 11/7/2011 4:08:36 AM - Software Distribution Service 3.0

RP947: 11/8/2011 3:58:44 AM - Software Distribution Service 3.0

RP948: 11/8/2011 4:09:10 PM - Software Distribution Service 3.0

RP949: 11/9/2011 3:59:07 AM - Software Distribution Service 3.0

RP950: 11/9/2011 8:08:49 PM - Software Distribution Service 3.0

RP951: 11/10/2011 8:29:57 PM - Software Distribution Service 3.0

RP952: 11/11/2011 9:51:55 PM - Software Distribution Service 3.0

RP953: 11/12/2011 3:59:28 AM - Software Distribution Service 3.0

RP954: 11/12/2011 11:48:31 AM - Software Distribution Service 3.0

RP955: 11/13/2011 2:30:13 AM - Software Distribution Service 3.0

RP956: 11/13/2011 3:00:15 AM - Software Distribution Service 3.0

RP957: 11/13/2011 4:43:56 PM - Configured Customer Experience Enhancement

RP958: 11/13/2011 7:50:38 PM - Restore Operation

RP959: 11/13/2011 8:01:34 PM - Restore Operation

RP960: 11/14/2011 6:23:42 AM - Software Distribution Service 3.0

RP961: 11/14/2011 6:34:06 AM - Software Distribution Service 3.0

RP962: 11/15/2011 3:00:13 AM - Software Distribution Service 3.0

RP963: 11/15/2011 7:08:30 AM - Software Distribution Service 3.0

RP964: 11/16/2011 6:21:56 AM - Software Distribution Service 3.0

RP965: 11/16/2011 8:11:38 AM - Software Distribution Service 3.0

RP966: 11/17/2011 6:28:59 AM - Software Distribution Service 3.0

RP967: 11/17/2011 7:31:52 AM - Software Distribution Service 3.0

RP968: 11/17/2011 8:40:12 PM - Software Distribution Service 3.0

RP969: 11/18/2011 3:00:14 AM - Software Distribution Service 3.0

RP970: 11/19/2011 8:29:57 AM - Software Distribution Service 3.0

RP971: 11/19/2011 8:39:55 AM - Software Distribution Service 3.0

RP972: 11/20/2011 8:30:11 AM - Software Distribution Service 3.0

RP973: 11/20/2011 2:22:48 PM - Software Distribution Service 3.0

RP974: 11/21/2011 4:31:29 AM - Software Distribution Service 3.0

RP975: 11/21/2011 7:36:17 PM - Software Distribution Service 3.0

RP976: 11/22/2011 6:35:12 AM - Software Distribution Service 3.0

RP977: 11/22/2011 7:42:29 PM - Software Distribution Service 3.0

RP978: 11/23/2011 5:27:37 AM - Software Distribution Service 3.0

RP979: 11/23/2011 9:35:01 PM - Software Distribution Service 3.0

RP980: 11/24/2011 3:00:16 AM - Software Distribution Service 3.0

RP981: 11/24/2011 9:48:23 PM - Software Distribution Service 3.0

RP982: 11/25/2011 7:52:09 AM - Software Distribution Service 3.0

RP983: 11/25/2011 10:17:21 AM - Software Distribution Service 3.0

RP984: 11/29/2011 6:17:49 PM - Software Distribution Service 3.0

RP985: 11/29/2011 6:27:00 PM - Software Distribution Service 3.0

RP986: 11/30/2011 6:40:52 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.5

Apple Application Support

Apple Software Update

AutoUpdate

BufferChm

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

CueTour

Data Fax SoftModem with SmartCP

Destinations

DeviceManagementQFolder

DISCover

DivX

Document Express DjVu Plug-in (autoinstall)

Docx Reader version 1.0

Easy Internet Sign-up

Enhanced Multimedia Keyboard Solution

FSFDT FSCopilot

FullDPAppQFolder

Google Chrome

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP DigitalMedia Archive

HP DVD Play HD DVD 2.2

HP Imaging Device Functions 7.0

HP Photosmart for Media Center PC

HP Photosmart Premier Software 6.5

HP Software Update

HP Web Helper

HPPhotoSmartExpress

HpSdpAppCoreApp

InstantShareDevices

Intel® Matrix Storage Manager

Intel® PRO Network Connections Drivers

Intel® Quick Resume Technology Drivers

Intel® Viiv™ Software

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 25

LightScribe 1.4.105.1

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X Service Pack 2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003 60 days trial

Microsoft Security Client

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Works

Mozilla Firefox 8.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

muvee autoProducer 5.0

muvee autoProducer unPlugged 2.0

My HP Games

Netscape Browser (remove only)

NVIDIA Drivers

OptionalContentQFolder

PC-Doctor 5 for Windows

PCFriendly

PhotoGallery

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

Quicken 2006

QuickTime

RandMap

RealPlayer

Realtek High Definition Audio Driver

Remove WeatherBug Installer

Rhapsody

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SkinsHP1

SlideShow

SlideShowMusic

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sonic_PrimoSDK

Stellarium 0.11.0

Unload

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Media Player 10 (KB913800)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update Rollup 2 for Windows XP Media Center Edition 2005

Updates from HP (remove only)

USB Disk Win98 Driver

VRS F/A-18E Superbug X

WebFldrs XP

WildTangent Web Driver

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

YS FLIGHT SIMULATOR

.

==== Event Viewer Messages From Past Week ========

.

11/29/2011 6:17:37 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

11/24/2011 8:35:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

11/24/2011 8:35:23 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

11/24/2011 8:35:23 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/24/2011 8:35:23 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/24/2011 8:35:23 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/24/2011 8:34:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/24/2011 8:34:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/23/2011 5:30:33 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

11/23/2011 10:17:40 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/23/2011 10:09:09 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the path specified.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

OTL Extras logfile created on: 12/1/2011 7:14:03 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.29% Memory free

3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.74% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 224.04 Gb Total Space | 35.14 Gb Free Space | 15.68% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 232.39 Gb Free Space | 99.79% Space Free | Partition Type: NTFS

Drive E: | 8.83 Gb Total Space | 0.35 Gb Free Space | 3.91% Space Free | Partition Type: FAT32

Computer Name: SUPER-PC | User Name: HP_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)

"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe" = C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator® -- (Microsoft Corp.)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{055F11CE-CA33-41AE-9580-C73985941C9D}_is1" = Docx Reader version 1.0

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0F1F6144-F13A-433D-B66E-129C5E8D504B}_is1" = VRS F/A-18E Superbug X

"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 25

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play HD DVD 2.2

"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig

"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3

"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic

"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP

"DISCover" = DISCover

"DjVu" = Document Express DjVu Plug-in (autoinstall)

"EL" = Intel® Quick Resume Technology Drivers

"FSFDT FSCopilot" = FSFDT FSCopilot

"Google Chrome" = Google Chrome

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC

"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Install WeatherBug" = Remove WeatherBug Installer

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Microsoft Security Client" = Microsoft Security Essentials

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Netscape Browser" = Netscape Browser (remove only)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"PCFriendly" = PCFriendly

"PROSet" = Intel® PRO Network Connections Drivers

"Python 2.2.3" = Python 2.2.3

"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)

"RealPlayer 6.0" = RealPlayer

"Rhapsody" = Rhapsody

"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1

"Stellarium_is1" = Stellarium 0.11.0

"WildTangent CDA" = WildTangent Web Driver

"WildTangent hpmedia Master Uninstall" = My HP Games

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YS FLIGHT SIMULATOR" = YS FLIGHT SIMULATOR

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 1/30/2010 5:26:20 PM | Computer Name = SUPER-PC | Source = avast! | ID = 33554522

Description =

Error - 1/30/2010 5:26:20 PM | Computer Name = SUPER-PC | Source = avast! | ID = 33554522

Description =

Error - 1/30/2010 5:26:20 PM | Computer Name = SUPER-PC | Source = avast! | ID = 33554522

Description =

[ Application Events ]

Error - 11/30/2011 7:42:57 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 10005

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a

problem with this Windows Installer package. Please refer to the setup log for

more information.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework CLR' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework CA' could not be installed. Error code 1603. Additional information is

available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework CRT' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework PreXP' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr.

Watson' could not be installed. Error code 1603. Additional information is available

in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework 1' could not be installed. Error code 1603. Additional information is

available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework 2' could not be installed. Error code 1603. Additional information is

available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework ASP .NET' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

Error - 11/30/2011 7:42:58 AM | Computer Name = SUPER-PC | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework WinForms' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup34F3.txt.

[ System Events ]

Error - 12/1/2011 7:06:18 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:23:15 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:24:28 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:33:39 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:40:39 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:46:32 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:47:13 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:51:09 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 7:52:39 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/1/2011 8:06:14 AM | Computer Name = SUPER-PC | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

< End of report >

Link to post
Share on other sites

OTL logfile created on: 12/1/2011 7:14:03 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.29% Memory free

3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.74% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 224.04 Gb Total Space | 35.14 Gb Free Space | 15.68% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 232.39 Gb Free Space | 99.79% Space Free | Partition Type: NTFS

Drive E: | 8.83 Gb Total Space | 0.35 Gb Free Space | 3.91% Space Free | Partition Type: FAT32

Computer Name: SUPER-PC | User Name: HP_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - d:\ffdb163b353adabe9dd6f816efe108d0\dotnetfx35setup.exe (Microsoft Corporation)

PRC - d:\40a1a450cd69ee096c\setup.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\encdec.dll ()

MOD - C:\WINDOWS\system32\sbe.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\WINDOWS\system32\nvapi.dll ()

MOD - C:\WINDOWS\system32\VBICodec.ax ()

MOD - C:\WINDOWS\system32\mpg2splt.ax ()

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- File not found

SRV - (avast! Mail Scanner) -- File not found

SRV - (avast! Antivirus) -- File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (ELService) Intel® -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (MpKsl3da975f8) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B6D2836-291D-4329-9438-56845C670E39}\MpKsl3da975f8.sys (Microsoft Corporation)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)

DRV - ({22D78859-9CE9-4b77-BF18-AC83E81A9263}) -- C:\Program Files\HP\DVDPlay\000.fcl (Cyberlink Corp.)

DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)

DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation)

DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation)

DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation)

DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation)

DRV - (CXFALCON) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)

DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (WN5301) -- C:\WINDOWS\system32\drivers\wn5301.sys (Liteon Technology Inc.)

DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/30 22:13:34 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 19:35:23 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 05:58:11 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/12/04 20:51:07 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/12/04 20:51:07 | 000,000,000 | -H-D | M]

[2010/01/30 12:51:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Mozilla\Extensions

[2010/01/30 12:51:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/10/25 06:20:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Mozilla\Firefox\Profiles\fae6wsge.default\extensions

[2011/10/25 06:20:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Mozilla\Firefox\Profiles\fae6wsge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/11/22 19:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/22 19:35:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2007/04/10 17:21:08 | 000,163,256 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/12/05 22:52:44 | 000,114,688 | -H-- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2010/12/04 20:51:07 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/02/07 15:56:56 | 000,163,840 | -H-- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll

[2009/09/23 15:37:30 | 000,032,448 | -H-- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll

[2011/11/20 20:04:05 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/20 20:04:05 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/11/20 20:04:05 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/09/03 19:24:28 | 000,002,221 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml

[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/11/20 20:04:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/11/20 20:04:05 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll

CHR - plugin: Turner Media Plugin 1.0.0.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found

O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en (DjVuCtl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B606FFE5-E16C-4172-8ED4-2E9ECCB039C7}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.SUPER-PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.SUPER-PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/11/01 18:05:57 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 07:12:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\OTL.exe

[2011/11/25 08:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup

[2011/11/23 20:48:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\IECompatCache

[2011/11/21 00:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2011/11/20 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real

[2011/11/20 17:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/11/20 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\14F89

[2011/11/20 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2011/11/20 16:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\90A14

[2011/11/20 16:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\eUUVVelOBtxPyc

[2011/11/20 16:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\bJJ66dEKKgRZ9Yw

[2011/11/20 16:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\A88ggTZqjYCwIrz

[2011/11/20 16:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\YwwjjUVelO

[2011/11/13 19:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2008/07/15 14:17:30 | 000,308,600 | -H-- | C] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe

[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[1063 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 07:11:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\OTL.exe

[2011/12/01 06:50:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/01 06:49:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/01 06:49:00 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/29 18:45:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/11/29 18:40:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/29 18:40:31 | 2145,857,536 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/29 18:16:04 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/24 14:28:00 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011/11/24 13:41:27 | 000,000,279 | RHS- | M] () -- C:\boot.ini

[2011/11/22 20:32:59 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/22 19:35:24 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/11/22 19:35:24 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/21 19:46:30 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/11/20 16:08:53 | 000,001,849 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\AV Protection 2011.lnk

[2011/11/19 16:15:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/11/13 09:55:34 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/11/12 16:53:08 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[1063 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/24 13:42:48 | 2145,857,536 | -HS- | C] () -- C:\hiberfil.sys

[2011/11/22 19:35:24 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/11/22 19:35:24 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/11/22 19:35:24 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/20 16:08:53 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\AV Protection 2011.lnk

[2011/11/13 09:55:34 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/05/29 18:28:24 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16572196r

[2011/05/29 18:28:23 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16572196

[2011/05/29 18:28:09 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16572196

[2010/12/31 17:11:28 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin

[2010/07/19 17:05:38 | 000,000,332 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\wklnhst.dat

[2010/07/18 09:59:56 | 000,000,106 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/01/31 11:29:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/01/30 12:50:45 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/30 12:42:31 | 000,000,148 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Local Settings\Application Data\fusioncache.dat

[2010/01/22 20:27:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Hzirolubupovilo.bin

[2010/01/22 20:27:28 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Mruzevusu.dat

[2009/01/23 17:11:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI

[2008/01/09 15:01:48 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\bdoscandel.exe

[2008/01/09 15:01:48 | 000,000,453 | -H-- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/05/14 18:09:56 | 000,001,755 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/02/17 18:19:12 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat

[2007/02/03 08:07:24 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\SIERRA.INI

[2007/01/24 16:12:00 | 000,000,014 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat

[2007/01/20 20:32:10 | 000,001,559 | -H-- | C] () -- C:\WINDOWS\checkip.dat

[2007/01/13 00:05:27 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\impborl.dll

[2007/01/07 18:31:45 | 000,001,775 | -H-- | C] () -- C:\WINDOWS\mozver.dat

[2007/01/06 18:14:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2006/12/24 16:59:43 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\iPlayer.INI

[2006/12/24 00:36:42 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat

[2006/12/24 00:33:50 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\atid.ini

[2006/11/01 18:33:03 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini

[2006/11/01 18:13:28 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2006/11/01 18:10:00 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe

[2006/11/01 18:09:18 | 000,014,315 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2006/11/01 18:09:11 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2006/11/01 18:06:07 | 000,000,174 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/11/01 17:57:20 | 000,000,157 | -H-- | C] () -- C:\WINDOWS\WININIT.INI

[2006/11/01 17:56:47 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE

[2006/11/01 17:56:47 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/11/01 17:52:45 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat

[2006/11/01 17:51:59 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2006/11/01 17:48:13 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/11/01 17:48:13 | 001,622,016 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2006/11/01 17:48:13 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/11/01 17:48:12 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/11/01 17:48:12 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2006/11/01 17:48:12 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/11/01 17:48:12 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2006/11/01 17:48:12 | 000,212,992 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/11/01 17:47:00 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini

[2006/11/01 17:46:36 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\Elusetup.exe

[2006/11/01 17:26:31 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2006/11/01 17:26:31 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2006/11/01 17:26:18 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2006/06/16 13:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/30 23:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/30 23:07:46 | 000,382,022 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/30 23:07:46 | 000,053,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/30 23:05:30 | 000,185,816 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/30 23:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/30 22:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/06 00:01:54 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/09/16 22:24:26 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2004/08/10 06:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/09 23:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/09 23:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/09 23:00:00 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_008181_.tmp.dll

[2004/08/09 23:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/09 23:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/09 23:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/09 23:00:00 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_008149_.tmp.dll

[2004/08/09 23:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/09 23:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/07/26 09:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2001/08/23 10:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 10:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2008/07/15 14:17:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\09

[2010/01/30 16:43:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\agi

[2007/01/26 16:29:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2006/11/01 18:01:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation

[2007/02/06 00:29:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2010/01/31 11:21:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2007/02/19 07:30:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/12/09 21:27:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2006/11/01 18:00:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2010/10/02 13:26:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM

[2011/01/08 18:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{490DF262-AAC9-4596-9027-145286488424}

[2009/02/21 16:12:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

[2011/11/19 16:15:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2011/11/29 18:45:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/06/01 06:33:47 | 000,000,000 | ---D | M](C:\??????) -- C:\덐草䍠缽ȁ

[2011/06/01 06:33:47 | 000,000,000 | ---D | C](C:\??????) -- C:\덐草䍠缽ȁ

< End of report >

Link to post
Share on other sites

Step 1

There are some leftovers from Avast on your computer. Follow the instructions here to clean them:

http://www.avast.com/uninstall-utility

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
[2011/11/20 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\14F89
[2011/11/20 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/20 16:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\90A14
[2011/11/20 16:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\eUUVVelOBtxPyc
[2011/11/20 16:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\bJJ66dEKKgRZ9Yw
[2011/11/20 16:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\A88ggTZqjYCwIrz
[2011/11/20 16:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\YwwjjUVelO
[2011/11/20 16:08:53 | 000,001,849 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\AV Protection 2011.lnk
[2011/05/29 18:28:24 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16572196r
[2011/05/29 18:28:23 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16572196
[2011/05/29 18:28:09 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16572196
[2010/01/22 20:27:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Hzirolubupovilo.bin
[2010/01/22 20:27:28 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Mruzevusu.dat
[2010/12/31 17:11:28 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin
[2004/08/09 23:00:00 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_008181_.tmp.dll
[2004/08/09 23:00:00 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_008149_.tmp.dll
[2007/02/19 07:30:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[resethosts]
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\Program Files\14F89 folder moved successfully.

C:\Program Files\LP\23B9 folder moved successfully.

C:\Program Files\LP folder moved successfully.

C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\90A14 folder moved successfully.

C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\eUUVVelOBtxPyc folder moved successfully.

C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\bJJ66dEKKgRZ9Yw folder moved successfully.

C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\A88ggTZqjYCwIrz folder moved successfully.

C:\Documents and Settings\HP_Administrator.SUPER-PC\Application Data\YwwjjUVelO folder moved successfully.

C:\Documents and Settings\HP_Administrator.SUPER-PC\Desktop\AV Protection 2011.lnk moved successfully.

C:\Documents and Settings\All Users\Application Data\~16572196r moved successfully.

C:\Documents and Settings\All Users\Application Data\~16572196 moved successfully.

C:\Documents and Settings\All Users\Application Data\16572196 moved successfully.

C:\WINDOWS\Hzirolubupovilo.bin moved successfully.

C:\WINDOWS\Mruzevusu.dat moved successfully.

C:\WINDOWS\cnerolf.bin moved successfully.

C:\WINDOWS\system32\_008181_.tmp.dll moved successfully.

C:\WINDOWS\system32\_008149_.tmp.dll moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 42020698 bytes

->Temporary Internet Files folder emptied: 101852 bytes

->FireFox cache emptied: 5644161 bytes

->Flash cache emptied: 1006 bytes

User: All Users

User: Default User

->Temp folder emptied: 42020698 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 1006 bytes

User: HP_Administrator

->Temp folder emptied: 1746196809 bytes

->Temporary Internet Files folder emptied: 10715270 bytes

->Java cache emptied: 83644668 bytes

->FireFox cache emptied: 47659701 bytes

->Flash cache emptied: 333213 bytes

User: HP_Administrator.SUPER-PC

->Temp folder emptied: 1341589314 bytes

->Temporary Internet Files folder emptied: 31697472 bytes

->Java cache emptied: 17679548 bytes

->FireFox cache emptied: 52479836 bytes

->Google Chrome cache emptied: 36139374 bytes

->Flash cache emptied: 6744 bytes

User: HP_ADM~1~SUP

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 2228894 bytes

->Flash cache emptied: 7217 bytes

User: Moo

->Temp folder emptied: 42670635 bytes

->Temporary Internet Files folder emptied: 5213203 bytes

->Google Chrome cache emptied: 856432 bytes

->Flash cache emptied: 1057 bytes

User: NetworkService

->Temp folder emptied: 891018 bytes

->Temporary Internet Files folder emptied: 563650692 bytes

->Java cache emptied: 13826 bytes

->Flash cache emptied: 82451 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4210627 bytes

%systemroot%\System32 .tmp files removed: 296153636 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 81411985 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 240514047 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 150484124 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,622.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12022011_074239

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\HP_Administrator.SUPER-PC\Local Settings\Temp\Temporary Internet Files\Content.IE5\7TCHJDMH\Q2MjE0NgRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zAy4wSmJ3cDFvdDNGUDNISmFxNlVzNTEEcmQDc3BvbnNvcmVkLm1lc3Nlbmdlci55YWhvby5jb20Ec2VjA3BiBHNpZAMEc2xrA2xkBHZpZAMyNzIyNjI2Mg--[1].gif not found!

C:\WINDOWS\temp\Perflib_Perfdata_c84.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8292

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/2/2011 7:40:17 PM

mbam-log-2011-12-02 (19-40-17).txt

Scan type: Quick scan

Objects scanned: 212956

Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kjEenXNPEgLSP (Rogue.Agent.SA) -> Value: kjEenXNPEgLSP -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c356cb0b5ee20e409fa62227f33d9c36

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-03 03:34:10

# local_time=2011-12-02 10:34:10 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777195 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 18804806 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=306194

# found=8

# cleaned=6

# scan_time=9714

C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\mrxsmb.sys a variant of Win32/Rootkit.Kryptik.FJ trojan (unable to clean) 00000000000000000000000000000000 I

E:\I386\APPS\APP10209\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

E:\I386\APPS\APP10209\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0001526.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0001527.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

${Memory} multiple threats 00000000000000000000000000000000 I

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

10:46:44.0581 2564 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

10:46:44.0722 2564 ============================================================

10:46:44.0722 2564 Current date / time: 2011/12/04 10:46:44.0722

10:46:44.0722 2564 SystemInfo:

10:46:44.0722 2564

10:46:44.0722 2564 OS Version: 5.1.2600 ServicePack: 3.0

10:46:44.0722 2564 Product type: Workstation

10:46:44.0722 2564 ComputerName: SUPER-PC

10:46:44.0722 2564 UserName: HP_Administrator

10:46:44.0722 2564 Windows directory: C:\WINDOWS

10:46:44.0722 2564 System windows directory: C:\WINDOWS

10:46:44.0722 2564 Processor architecture: Intel x86

10:46:44.0722 2564 Number of processors: 2

10:46:44.0722 2564 Page size: 0x1000

10:46:44.0722 2564 Boot type: Normal boot

10:46:44.0722 2564 ============================================================

10:46:45.0300 2564 Initialize success

10:47:53.0916 1852 ============================================================

10:47:53.0916 1852 Scan started

10:47:53.0916 1852 Mode: Manual; SigCheck; TDLFS;

10:47:53.0916 1852 ============================================================

10:47:54.0150 1852 Abiosdsk - ok

10:47:54.0166 1852 abp480n5 - ok

10:47:54.0228 1852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:47:55.0119 1852 ACPI - ok

10:47:55.0322 1852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:47:55.0463 1852 ACPIEC - ok

10:47:55.0588 1852 adpu160m - ok

10:47:55.0650 1852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:47:55.0822 1852 aec - ok

10:47:55.0979 1852 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

10:47:56.0119 1852 AFD - ok

10:47:56.0151 1852 Aha154x - ok

10:47:56.0229 1852 aic78u2 - ok

10:47:56.0276 1852 aic78xx - ok

10:47:56.0307 1852 AliIde - ok

10:47:56.0338 1852 amsint - ok

10:47:56.0432 1852 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

10:47:56.0557 1852 Arp1394 - ok

10:47:56.0604 1852 asc - ok

10:47:56.0651 1852 asc3350p - ok

10:47:56.0666 1852 asc3550 - ok

10:47:56.0729 1852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:47:56.0838 1852 AsyncMac - ok

10:47:56.0885 1852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:47:57.0026 1852 atapi - ok

10:47:57.0135 1852 Atdisk - ok

10:47:57.0198 1852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:47:57.0323 1852 Atmarpc - ok

10:47:57.0401 1852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:47:57.0510 1852 audstub - ok

10:47:57.0620 1852 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys

10:47:57.0682 1852 bb-run - ok

10:47:57.0714 1852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:47:57.0870 1852 Beep - ok

10:47:57.0964 1852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:47:58.0073 1852 cbidf2k - ok

10:47:58.0245 1852 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:47:58.0354 1852 CCDECODE - ok

10:47:58.0511 1852 cd20xrnt - ok

10:47:58.0573 1852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:47:58.0714 1852 Cdaudio - ok

10:47:58.0917 1852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:47:59.0042 1852 Cdfs - ok

10:47:59.0230 1852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:47:59.0386 1852 Cdrom - ok

10:47:59.0542 1852 Changer - ok

10:47:59.0558 1852 CmdIde - ok

10:47:59.0605 1852 Cpqarray - ok

10:47:59.0667 1852 CXFALCON (b083323430c780f91fbd064ce19a7a6b) C:\WINDOWS\system32\drivers\cxfalcon.sys

10:47:59.0746 1852 CXFALCON - ok

10:47:59.0871 1852 dac2w2k - ok

10:47:59.0886 1852 dac960nt - ok

10:47:59.0949 1852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:48:00.0074 1852 Disk - ok

10:48:00.0277 1852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:48:00.0418 1852 dmboot - ok

10:48:00.0605 1852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:48:00.0730 1852 dmio - ok

10:48:00.0887 1852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:48:00.0996 1852 dmload - ok

10:48:01.0090 1852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:48:01.0215 1852 DMusic - ok

10:48:01.0324 1852 dpti2o - ok

10:48:01.0387 1852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:48:01.0496 1852 drmkaud - ok

10:48:01.0637 1852 e1express (b0ababbbe2e61fc916a21182ac2ceff1) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

10:48:01.0746 1852 e1express - ok

10:48:01.0902 1852 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys

10:48:01.0949 1852 ELacpi - ok

10:48:02.0012 1852 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys

10:48:02.0074 1852 ELhid ( UnsignedFile.Multi.Generic ) - warning

10:48:02.0074 1852 ELhid - detected UnsignedFile.Multi.Generic (1)

10:48:02.0153 1852 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys

10:48:02.0184 1852 ELkbd ( UnsignedFile.Multi.Generic ) - warning

10:48:02.0184 1852 ELkbd - detected UnsignedFile.Multi.Generic (1)

10:48:02.0231 1852 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys

10:48:02.0278 1852 ELmon ( UnsignedFile.Multi.Generic ) - warning

10:48:02.0278 1852 ELmon - detected UnsignedFile.Multi.Generic (1)

10:48:02.0387 1852 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys

10:48:02.0418 1852 ELmou ( UnsignedFile.Multi.Generic ) - warning

10:48:02.0418 1852 ELmou - detected UnsignedFile.Multi.Generic (1)

10:48:02.0543 1852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:48:02.0668 1852 Fastfat - ok

10:48:02.0871 1852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:48:02.0997 1852 Fdc - ok

10:48:03.0043 1852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:48:03.0168 1852 Fips - ok

10:48:03.0325 1852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:48:03.0419 1852 Flpydisk - ok

10:48:03.0606 1852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:48:03.0731 1852 FltMgr - ok

10:48:03.0778 1852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:48:03.0887 1852 Fs_Rec - ok

10:48:03.0919 1852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:48:04.0044 1852 Ftdisk - ok

10:48:04.0200 1852 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys

10:48:04.0231 1852 ftsata2 - ok

10:48:04.0356 1852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:48:04.0481 1852 Gpc - ok

10:48:04.0669 1852 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:48:04.0810 1852 HDAudBus - ok

10:48:04.0997 1852 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

10:48:05.0107 1852 HidIr - ok

10:48:05.0200 1852 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:48:05.0325 1852 HidUsb - ok

10:48:05.0466 1852 hpn - ok

10:48:05.0544 1852 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys

10:48:05.0622 1852 HSXHWBS2 - ok

10:48:05.0747 1852 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys

10:48:05.0810 1852 HSX_DP - ok

10:48:06.0013 1852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:48:06.0091 1852 HTTP - ok

10:48:06.0107 1852 i2omgmt - ok

10:48:06.0138 1852 i2omp - ok

10:48:06.0201 1852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:48:06.0326 1852 i8042prt - ok

10:48:06.0404 1852 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iastor.sys

10:48:06.0466 1852 iaStor - ok

10:48:06.0560 1852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:48:06.0685 1852 Imapi - ok

10:48:06.0795 1852 ini910u - ok

10:48:06.0967 1852 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys

10:48:07.0217 1852 IntcAzAudAddService - ok

10:48:07.0420 1852 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:48:07.0529 1852 IntelIde - ok

10:48:07.0654 1852 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:48:07.0748 1852 intelppm - ok

10:48:07.0873 1852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:48:07.0998 1852 Ip6Fw - ok

10:48:08.0076 1852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:48:08.0201 1852 IpFilterDriver - ok

10:48:08.0342 1852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:48:08.0451 1852 IpInIp - ok

10:48:08.0545 1852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:48:08.0670 1852 IpNat - ok

10:48:08.0858 1852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:48:09.0014 1852 IPSec - ok

10:48:09.0202 1852 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

10:48:09.0280 1852 IrBus - ok

10:48:09.0342 1852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:48:09.0405 1852 IRENUM - ok

10:48:09.0452 1852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:48:09.0577 1852 isapnp - ok

10:48:09.0749 1852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:48:09.0858 1852 Kbdclass - ok

10:48:09.0967 1852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:48:10.0077 1852 kbdhid - ok

10:48:10.0264 1852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:48:10.0389 1852 kmixer - ok

10:48:10.0608 1852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:48:10.0733 1852 KSecDD - ok

10:48:10.0811 1852 ksnbpdui - ok

10:48:10.0843 1852 lbrtfdc - ok

10:48:10.0905 1852 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

10:48:11.0218 1852 MBAMProtector - ok

10:48:11.0374 1852 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

10:48:11.0421 1852 MCSTRM ( UnsignedFile.Multi.Generic ) - warning

10:48:11.0421 1852 MCSTRM - detected UnsignedFile.Multi.Generic (1)

10:48:11.0515 1852 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

10:48:11.0577 1852 mdmxsdk - ok

10:48:11.0640 1852 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

10:48:11.0702 1852 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

10:48:11.0702 1852 MHNDRV - detected UnsignedFile.Multi.Generic (1)

10:48:11.0734 1852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:48:11.0843 1852 mnmdd - ok

10:48:11.0968 1852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:48:12.0109 1852 Modem - ok

10:48:12.0281 1852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:48:12.0421 1852 Mouclass - ok

10:48:12.0562 1852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:48:12.0703 1852 mouhid - ok

10:48:12.0828 1852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:48:12.0968 1852 MountMgr - ok

10:48:13.0172 1852 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

10:48:13.0250 1852 MpFilter - ok

10:48:13.0406 1852 MpKsl01a96b60 - ok

10:48:13.0453 1852 MpKsl0620dd19 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E6F110A-D786-4F7B-AA91-2163A0561836}\MpKsl0620dd19.sys

10:48:13.0484 1852 MpKsl0620dd19 - ok

10:48:13.0484 1852 MpKsl0970af0f - ok

10:48:13.0500 1852 MpKsl381c658a - ok

10:48:13.0500 1852 MpKsl46754598 - ok

10:48:13.0500 1852 MpKsl4f48919d - ok

10:48:13.0515 1852 MpKsl5ddf165c - ok

10:48:13.0515 1852 MpKsl61238879 - ok

10:48:13.0531 1852 MpKsl73a8ec0e - ok

10:48:13.0531 1852 MpKsl85dec8b2 - ok

10:48:13.0531 1852 MpKslae12730d - ok

10:48:13.0547 1852 MpKsld5ae489e - ok

10:48:13.0547 1852 MpKslf0b08fd8 - ok

10:48:13.0719 1852 mraid35x - ok

10:48:13.0781 1852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:48:13.0937 1852 MRxDAV - ok

10:48:14.0141 1852 MRxSmb (33102360d2accc4b1f63c4d116ea8e65) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:48:14.0156 1852 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 33102360d2accc4b1f63c4d116ea8e65, Fake md5: 0ea4d8ed179b75f8afa7998ba22285ca

10:48:14.0156 1852 MRxSmb ( Rootkit.Win32.ZAccess.k ) - infected

10:48:14.0156 1852 MRxSmb - detected Rootkit.Win32.ZAccess.k (0)

10:48:14.0219 1852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:48:14.0359 1852 Msfs - ok

10:48:14.0406 1852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:48:14.0531 1852 MSKSSRV - ok

10:48:14.0672 1852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:48:14.0813 1852 MSPCLOCK - ok

10:48:14.0860 1852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:48:14.0985 1852 MSPQM - ok

10:48:15.0157 1852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:48:15.0282 1852 mssmbios - ok

10:48:15.0391 1852 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:48:15.0516 1852 MSTEE - ok

10:48:15.0719 1852 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

10:48:15.0844 1852 Mup - ok

10:48:16.0001 1852 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:48:16.0126 1852 NABTSFEC - ok

10:48:16.0329 1852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:48:16.0485 1852 NDIS - ok

10:48:16.0579 1852 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:48:16.0704 1852 NdisIP - ok

10:48:16.0860 1852 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:48:16.0985 1852 NdisTapi - ok

10:48:17.0157 1852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:48:17.0298 1852 Ndisuio - ok

10:48:17.0423 1852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:48:17.0579 1852 NdisWan - ok

10:48:17.0689 1852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:48:17.0751 1852 NDProxy - ok

10:48:17.0829 1852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:48:17.0954 1852 NetBIOS - ok

10:48:18.0095 1852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:48:18.0283 1852 NetBT - ok

10:48:18.0486 1852 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

10:48:18.0642 1852 NIC1394 - ok

10:48:18.0751 1852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:48:18.0892 1852 Npfs - ok

10:48:19.0017 1852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:48:19.0173 1852 Ntfs - ok

10:48:19.0361 1852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:48:19.0502 1852 Null - ok

10:48:19.0783 1852 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:48:19.0986 1852 nv - ok

10:48:20.0189 1852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:48:20.0330 1852 NwlnkFlt - ok

10:48:20.0518 1852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:48:20.0658 1852 NwlnkFwd - ok

10:48:20.0736 1852 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

10:48:20.0877 1852 ohci1394 - ok

10:48:20.0987 1852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:48:21.0143 1852 Parport - ok

10:48:21.0330 1852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:48:21.0455 1852 PartMgr - ok

10:48:21.0580 1852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:48:21.0706 1852 ParVdm - ok

10:48:21.0831 1852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:48:21.0987 1852 PCI - ok

10:48:22.0081 1852 PCIDump - ok

10:48:22.0159 1852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:48:22.0299 1852 PCIIde - ok

10:48:22.0425 1852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:48:22.0565 1852 Pcmcia - ok

10:48:22.0675 1852 PDCOMP - ok

10:48:22.0721 1852 PDFRAME - ok

10:48:22.0768 1852 PDRELI - ok

10:48:22.0831 1852 PDRFRAME - ok

10:48:22.0893 1852 perc2 - ok

10:48:22.0940 1852 perc2hib - ok

10:48:23.0050 1852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:48:23.0206 1852 PptpMiniport - ok

10:48:23.0378 1852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:48:23.0534 1852 PSched - ok

10:48:23.0737 1852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:48:23.0878 1852 Ptilink - ok

10:48:23.0925 1852 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:48:24.0003 1852 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

10:48:24.0003 1852 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

10:48:24.0066 1852 ql1080 - ok

10:48:24.0081 1852 Ql10wnt - ok

10:48:24.0113 1852 ql12160 - ok

10:48:24.0128 1852 ql1240 - ok

10:48:24.0159 1852 ql1280 - ok

10:48:24.0191 1852 qqyhtp - ok

10:48:24.0222 1852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:48:24.0331 1852 RasAcd - ok

10:48:24.0550 1852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:48:24.0691 1852 Rasl2tp - ok

10:48:24.0816 1852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:48:24.0957 1852 RasPppoe - ok

10:48:25.0082 1852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:48:25.0207 1852 Raspti - ok

10:48:25.0347 1852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:48:25.0550 1852 Rdbss - ok

10:48:25.0754 1852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:48:25.0863 1852 RDPCDD - ok

10:48:26.0051 1852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:48:26.0207 1852 rdpdr - ok

10:48:26.0394 1852 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:48:26.0520 1852 RDPWD - ok

10:48:26.0629 1852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:48:26.0785 1852 redbook - ok

10:48:26.0879 1852 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

10:48:26.0926 1852 rtl8139 - ok

10:48:26.0973 1852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:48:27.0035 1852 Secdrv - ok

10:48:27.0145 1852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

10:48:27.0285 1852 Serial - ok

10:48:27.0473 1852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:48:27.0598 1852 Sfloppy - ok

10:48:27.0692 1852 Simbad - ok

10:48:27.0770 1852 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:48:27.0864 1852 SLIP - ok

10:48:27.0957 1852 Sparrow - ok

10:48:28.0004 1852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:48:28.0114 1852 splitter - ok

10:48:28.0239 1852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:48:28.0333 1852 sr - ok

10:48:28.0442 1852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:48:28.0520 1852 Srv - ok

10:48:28.0676 1852 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:48:28.0770 1852 streamip - ok

10:48:28.0942 1852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:48:29.0052 1852 swenum - ok

10:48:29.0224 1852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:48:29.0349 1852 swmidi - ok

10:48:29.0411 1852 symc810 - ok

10:48:29.0458 1852 symc8xx - ok

10:48:29.0505 1852 sym_hi - ok

10:48:29.0567 1852 sym_u3 - ok

10:48:29.0646 1852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:48:29.0771 1852 sysaudio - ok

10:48:29.0927 1852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:48:29.0989 1852 Tcpip - ok

10:48:30.0068 1852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:48:30.0161 1852 TDPIPE - ok

10:48:30.0333 1852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:48:30.0427 1852 TDTCP - ok

10:48:30.0536 1852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:48:30.0646 1852 TermDD - ok

10:48:30.0802 1852 TosIde - ok

10:48:30.0865 1852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:48:30.0990 1852 Udfs - ok

10:48:31.0068 1852 ultra - ok

10:48:31.0146 1852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:48:31.0271 1852 Update - ok

10:48:31.0459 1852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:48:31.0568 1852 usbccgp - ok

10:48:31.0662 1852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:48:31.0771 1852 usbehci - ok

10:48:31.0849 1852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:48:31.0974 1852 usbhub - ok

10:48:32.0099 1852 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:48:32.0209 1852 usbstor - ok

10:48:32.0287 1852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:48:32.0396 1852 usbuhci - ok

10:48:32.0475 1852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:48:32.0584 1852 VgaSave - ok

10:48:32.0756 1852 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:48:32.0865 1852 ViaIde - ok

10:48:32.0975 1852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:48:33.0084 1852 VolSnap - ok

10:48:33.0272 1852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:48:33.0397 1852 Wanarp - ok

10:48:33.0444 1852 WDICA - ok

10:48:33.0506 1852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:48:33.0631 1852 wdmaud - ok

10:48:33.0803 1852 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

10:48:33.0850 1852 winachsx - ok

10:48:33.0959 1852 WN5301 (b72d232e46ff5ee2bd8f61498b748df7) C:\WINDOWS\system32\DRIVERS\wn5301.sys

10:48:34.0038 1852 WN5301 - ok

10:48:34.0178 1852 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

10:48:34.0209 1852 WpdUsb - ok

10:48:34.0288 1852 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:48:34.0381 1852 WSTCODEC - ok

10:48:34.0491 1852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:48:34.0553 1852 WudfPf - ok

10:48:34.0678 1852 {22D78859-9CE9-4b77-BF18-AC83E81A9263} (7b012309260f7e013e24f8458e382fad) C:\Program Files\HP\DVDPlay\000.fcl

10:48:34.0694 1852 {22D78859-9CE9-4b77-BF18-AC83E81A9263} ( UnsignedFile.Multi.Generic ) - warning

10:48:34.0694 1852 {22D78859-9CE9-4b77-BF18-AC83E81A9263} - detected UnsignedFile.Multi.Generic (1)

10:48:34.0725 1852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

10:48:34.0882 1852 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:48:34.0882 1852 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:48:34.0897 1852 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

10:48:34.0960 1852 \Device\Harddisk1\DR1 - ok

10:48:34.0960 1852 Boot (0x1200) (9ccf550d02dd608245e889426c233a96) \Device\Harddisk0\DR0\Partition0

10:48:34.0960 1852 \Device\Harddisk0\DR0\Partition0 - ok

10:48:35.0007 1852 Boot (0x1200) (df4eaaafd6bfdf904bb19bd17ba39984) \Device\Harddisk0\DR0\Partition1

10:48:35.0007 1852 \Device\Harddisk0\DR0\Partition1 - ok

10:48:35.0007 1852 Boot (0x1200) (d5cb584a7b83d166f624ce192b262430) \Device\Harddisk1\DR1\Partition0

10:48:35.0007 1852 \Device\Harddisk1\DR1\Partition0 - ok

10:48:35.0007 1852 ============================================================

10:48:35.0007 1852 Scan finished

10:48:35.0007 1852 ============================================================

10:48:35.0116 2772 Detected object count: 10

10:48:35.0116 2772 Actual detected object count: 10

10:50:41.0327 2772 ELhid ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:41.0327 2772 ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:41.0327 2772 ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:41.0327 2772 ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:41.0327 2772 ELmon ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:41.0327 2772 ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:41.0327 2772 ELmou ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:41.0327 2772 ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:41.0327 2772 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:41.0327 2772 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:41.0327 2772 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:41.0327 2772 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:41.0671 2772 Backup copy found, using it..

10:50:41.0734 2772 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot

10:50:45.0172 2772 MRxSmb ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

10:50:45.0172 2772 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:45.0172 2772 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:45.0172 2772 {22D78859-9CE9-4b77-BF18-AC83E81A9263} ( UnsignedFile.Multi.Generic ) - skipped by user

10:50:45.0172 2772 {22D78859-9CE9-4b77-BF18-AC83E81A9263} ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:50:45.0172 2772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:50:45.0172 2772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:50:58.0036 2796 Deinitialize success

Link to post
Share on other sites

I have good news for you => Your system is clean now! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install applications and then restart your computer.

Let the cleaning tools we use. First get rid of OTL:

  1. Double-click OTL.exe to start the program.
  2. Close all other programs apart from OTL as this step will require a reboot
  3. On the OTL main screen, press the CLEANUP button
  4. Say Yes to the prompt and then allow the program to reboot your computer.

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete TDSSKiller.

Some quick tips:

  1. Firewall - Your Windows OS has a built-in firewall, but it is weak and in no way good for the current requirements for optimal security, so I recommend you choose a suitable firewall on my advice below. A firewall will protect you from attacks coming from the global network. Without a firewall your computer is susceptible to being hacked and taken over. Here some good free firewall solutions:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.