Jump to content
lucky1111

rundll error message?

Recommended Posts

I get this on start up even after running malwaebytes (see below log)

"error loading C:Documents and Settings\user name\Local Settings\ Application Data\wmomus.dll"

then I see on taskbar a documents and settings page is minimized down there?

I re start my computer as Malwarebytes suggests but when I re run it the same problems are there

any ideas?

tried the defogger but not too computer savy so dont want to get too deep.

btw it's a work laptop and some actions are blocked by admin rights.

heres the logs , not sure how to zip a file so copied and paste

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 26/02/2008 20:58:27

System Uptime: 18/11/2010 07:26:43 (1 hours ago)

Motherboard: TOSHIBA | | Portable PC

Processor: Intel Pentium III Xeon processor | uFC-PGA Socket | 2094/200mhz

Processor: Intel Pentium III Xeon processor | uFC-PGA Socket | 2094/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 15.875 GiB free.

D: is FIXED (NTFS) - 82 GiB total, 80.414 GiB free.

E: is CDROM ()

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer

470_Help

470_Readme

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0

Agilix GoBinder Lite

ALPS Touch Pad Driver

Bluetooth Stack for Windows by Toshiba

BPD_HPSU

BPDSoftware

BPDSoftware_Ini

BufferChm

Canon iP90 series User Registration

CD/DVD Drive Acoustic Silencer

CustomerResearchQFolder

DeviceDiscovery

DeviceManagementQFolder

eSupportQFolder

EverestCAD

H470

High Definition Audio Driver Package - KB888111

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB894871)

Hotfix for Windows XP (KB895200)

Hotfix for Windows XP (KB895953)

Hotfix for Windows XP (KB896243)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB909095)

Hotfix for Windows XP (KB910728)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB917332)

Hotfix for Windows XP (KB922006)

Hotfix for Windows XP (KB934428-v2)

Hotfix for Windows XP (KB935448)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB976098-v2)

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP Officejet H470 Series

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

Intel® Active Management Technology Device Software

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® PRO Network Connections Drivers

InterVideo WinDVD for TOSHIBA

J2SE Runtime Environment 5.0 Update 7

Java 6 Update 3

Java 6 Update 7

Kaspersky Anti-Virus 6.0 for Windows Workstations

Kaspersky Network Agent

LogMeIn Rescue Calling Card

Macromedia Flash Player

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Standard

Microsoft Word 97

MPM

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Oracle SellingPoint

Oracle SellingPoint - Engineering Edition

Oracle SellingPoint Studio

ProductContext

Realtek High Definition Audio Driver

Redistributable_MM

Security Update for Microsoft .NET Framework 2.0 (KB917283)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917537)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

SolutionCenter

Spybot - Search & Destroy

Status

SUPERAntiSpyware

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Toolbox

TOSHIBA Accelerometer Utilities

TOSHIBA Assist

TOSHIBA Controls

TOSHIBA Direct Disc Writer

TOSHIBA Disc Creator

TOSHIBA Display Devices Change Utility

TOSHIBA HDD Protection

TOSHIBA Hotkey Utility for Display Devices

TOSHIBA Manuals

TOSHIBA Mic Effect

TOSHIBA Mobile Extension3

TOSHIBA Power Saver

TOSHIBA Rotation Utility

TOSHIBA SD Memory Boot Utility

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA TouchPad On/Off Utility V2.5.1.0

TOSHIBA Utilities

TOSHIBA Wireless Key Logon

TrayApp

Uninstall for TOSHIBA Mobile Extension3

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB914882)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VNC Free Edition 4.1.2

Wacom Tablet

WebFldrs XP

WebReg

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884018

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885855

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB888622

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893056

Wireless Hotkey

XP Codec Pack

ZTE USB Driver

==== Event Viewer Messages From Past Week ========

17/11/2010 11:55:32, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001F3BBB1597 has been denied by the DHCP server 10.66.3.235 (The DHCP Server sent a DHCPNACK message).

15/11/2010 13:21:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.

15/11/2010 13:21:01, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

14/11/2010 12:15:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

11/11/2010 19:11:49, error: NETLOGON [5719] - No Domain Controller is available for domain EVERESTLIMITED due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

11/11/2010 18:13:28, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.

11/11/2010 11:00:05, error: PlugPlayManager [12] - The device 'Wacom Penabled Dual Touch' (ACPI\WACF009\4&374ccb25&0) disappeared from the system without first being prepared for removal.

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFSx86

Run by Chamerston at 8:23:10.98 on 18/11/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2007.1338 [GMT 0:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

svchost.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\CrossMenu\CrossMenu.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.exe

C:\WINDOWS\system32\thpsrv.exe

C:\WINDOWS\system32\TFNF5.exe

C:\WINDOWS\system32\TPSODDCtl.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe

C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe

C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\system32\WTouchUser.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Documents and Settings\chamerston\Desktop\Defogger.exe

C:\Documents and Settings\chamerston\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Everest Home Improvements

uStart Page = https://ho-notes1.everestlimited.co.uk:8100

uDefault_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

uSearch Bar = hxxp://www.google.co.uk

mDefault_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:50370

uWindows: Load=C:\DOCUME~1

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Vhejoz] rundll32.exe "c:\documents and settings\chamerston\local settings\application data\azamavabowinew.dll",Startup

uRun: [Dtomujecazuw] rundll32.exe "c:\documents and settings\chamerston\local settings\application data\wmomus.dll",Startup

mRun: [TabletWizard] c:\windows\help\SplshWrp.exe

mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe

mRun: [00THotkey] c:\windows\system32\00THotkey.exe

mRun: [000StTHK] 000StTHK.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [TFNF5] TFNF5.exe

mRun: [TPSODDCtl] TPSODDCtl.exe

mRun: [TPSMain] TPSMain.exe

mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service

mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon

mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe

mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe

mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run

mRun: [TFncKy] TFncKy.exe

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe

mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"

mRun: [WTouchUser] c:\windows\system32\WTouchUser.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

dRun: [TabletWizard] %windir%\help\wizard.hta

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: NoThemesTab = 1 (0x1)

uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)

uPolicies-explorer: NoWindowsUpdate = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

uPolicies-explorer: NoCloseDragDropBands = 1 (0x1)

uPolicies-explorer: NoMovingBands = 1 (0x1)

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-system: SetVisualStyle =

uPolicies-system: NoDispCPL = 1 (0x1)

uPolicies-system: DisableChangePassword = 1 (0x1)

mPolicies-system: disablecad = 1 (0x1)

mPolicies-system: LogonType = 0 (0x0)

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll

Notify: TabBtnWL - TabBtnWL.dll

Notify: TosBtNP - TosBtNP.dll

Notify: tpgwlnotify - tpgwlnot.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-4-27 21120]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-3-9 6528]

R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2007-11-28 5888]

R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]

R2 klnagent;Kaspersky Network Agent;c:\program files\kaspersky lab\networkagent\klnagent.exe [2008-9-22 94544]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]

R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2007-11-28 114688]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]

R2 TTPDSrv;TOSHIBA Touch Pad Service;c:\windows\system32\TTPDSRV.exe [2007-11-28 73728]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-11-28 1464856]

R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2008-2-26 95528]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-11-28 36608]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]

R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2007-11-28 8832]

R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2007-11-28 435072]

R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2007-11-28 11312]

R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2008-2-26 30248]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]

S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-2-26 104000]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-7-30 9728]

S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]

S3 SASENUM;SASENUM;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-7-30 114688]

=============== Created Last 30 ================

2010-11-14 11:33:29 -------- d-----w- c:\docume~1\chamer~1\applic~1\SUPERAntiSpyware.com

2010-11-14 11:32:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-13 16:44:36 -------- d-----w- c:\docume~1\chamer~1\applic~1\Malwarebytes

2010-11-13 16:34:16 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-13 16:34:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-11-13 16:29:32 16409960 ----a-w- C:\spybotsd162.exe

2010-11-13 16:28:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-13 16:28:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-13 16:28:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-13 16:28:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-13 16:26:54 5115824 ----a-w- C:\mbam-setup.exe

2010-11-13 16:14:58 -------- d-----w- c:\docume~1\chamer~1\applic~1\GetRightToGo

2010-11-13 12:19:14 -------- d-----w- c:\docume~1\chamer~1\locals~1\applic~1\PackageAware

2010-11-11 18:52:05 -------- d-----w- c:\windows\pss

2010-11-11 18:13:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-11-11 18:06:46 10419873 ----a-w- C:\SAS_9476610.COM

2010-11-11 08:07:51 0 ----a-w- c:\docume~1\chamer~1\locals~1\applic~1\Hvocomohag.bin

2010-11-11 08:07:50 -------- d-----w- c:\docume~1\chamer~1\locals~1\applic~1\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}

==================== Find3M ====================

============= FINISH: 8:23:33.71 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

17/11/2010 17:56:05

mbam-log-2010-11-17 (17-56-05).txt

Scan type: Quick scan

Objects scanned: 137447

Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • RKU log

Thanks and again sorry for the delay.

Share this post


Link to post
Share on other sites

In that case, it would be a good idea to ask the one(s) that administer this laptop. Many of our tools need admin permissions in order to work.

As I see it you have two options, you either will have to rely on the IT department to fix this issue, or gain access to an account with admin privileges.

Share this post


Link to post
Share on other sites

Yes still here,

got the company IT dept on it for a full day and still no joy.

they tried the rootkit unhooker , anti syware, deleted all temp files

and do not have an answer.

I cannot post any logs as I do not have the adim rights for alot of the downloads.

cheers for trying

Share this post


Link to post
Share on other sites

Well, I cannot help you make sure that the computer is one hundred percent clean, but maybe I can help you get rid of that rundll error. :)

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Share this post


Link to post
Share on other sites
Well, I cannot help you make sure that the computer is one hundred percent clean, but maybe I can help you get rid of that rundll error. :)

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

as requested,

OTL logfile created on: 22/11/2010 17:56:40 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\chamerston\Desktop

Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29.30 Gb Total Space | 15.79 Gb Free Space | 53.88% Space Free | Partition Type: NTFS

Drive D: | 82.49 Gb Total Space | 80.43 Gb Free Space | 97.50% Space Free | Partition Type: NTFS

Computer Name: 104119-SL | User Name: Chamerston | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 17:55:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

PRC - [2010/02/04 13:13:20 | 000,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

PRC - [2007/11/16 07:28:44 | 000,323,584 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe

PRC - [2007/11/15 10:58:54 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe

PRC - [2007/11/15 10:58:32 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2007/11/15 09:48:40 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe

PRC - [2007/10/23 15:00:20 | 000,562,488 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe

PRC - [2007/10/15 09:42:44 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe

PRC - [2007/10/12 12:10:48 | 000,806,912 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe

PRC - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe

PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe

PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2006/09/04 14:12:00 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe

PRC - [2006/08/09 19:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe

PRC - [2006/06/08 09:17:06 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe

PRC - [2006/06/08 09:16:54 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe

PRC - [2006/04/10 18:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe

PRC - [2006/03/06 16:26:14 | 000,069,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe

PRC - [2006/01/13 11:42:54 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe

PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe

PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe

PRC - [2004/08/04 21:00:00 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe

PRC - [2002/08/29 03:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe

PRC - [1997/08/19 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Modules (SafeList) ==========

MOD - [2010/11/22 17:55:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2005/03/02 18:09:30 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\azamavabowinew.dll

MOD - [2004/08/04 21:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2004/08/04 21:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll

MOD - [2004/08/04 21:00:00 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\SPTIP.dll

MOD - [2004/08/04 21:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFP.dll

MOD - [2004/08/04 21:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\SPGRMR.dll

MOD - [2004/08/04 21:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll

MOD - [2002/08/29 03:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.1.1.3:3128

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.1.1.3:3128

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ho-notes1.everestlimited.co.uk:8100

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

O1 HOSTS File: ([2004/08/04 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()

O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)

O4 - HKLM..\Run: [TFncKy] File not found

O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)

O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)

O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)

O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)

O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKLM..\Run: [WTouchUser] C:\WINDOWS\system32\WTouchUser.exe ()

O4 - HKU\.DEFAULT..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found

O4 - HKU\S-1-5-18..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found

O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Dtomujecazuw] File not found

O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Vhejoz] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

F3 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957 WinNT: Load - (C:\DOCUME~1\ystem32\wuw) - File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\.DEFAULT\..Trusted Domains: city-link.co.uk ([www] http in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: everestlimited.co.uk ([plankton] http in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: everestltd.co.uk ([www] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: everestltd.com ([afariasvr] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range2 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range3 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range4 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range5 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range6 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: city-link.co.uk ([www] http in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: everestlimited.co.uk ([plankton] http in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: everestltd.co.uk ([www] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: everestltd.com ([afariasvr] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range2 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range3 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range4 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range5 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range6 ([https] in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = everestlimited.co.uk

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)

O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)

O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\chamerston\My Documents\My Pictures\rossi2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\chamerston\My Documents\My Pictures\rossi2.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/28 09:51:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2010/04/30 14:08:28 | 000,000,228 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{cad8fd26-9d53-11df-b813-0015b7524bec}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 17:55:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

[2010/11/21 09:53:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/21 09:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows

[2010/11/18 15:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Rescue Calling Card

[2010/11/18 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/11/18 11:51:20 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys

[2010/11/18 11:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinMend

[2010/11/18 09:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/11/14 11:55:43 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\chamerston\Desktop\mbam-setup.exe

[2010/11/14 11:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Application Data\SUPERAntiSpyware.com

[2010/11/14 11:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/11/13 16:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Application Data\Malwarebytes

[2010/11/13 16:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/13 16:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/13 16:29:32 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe

[2010/11/13 16:28:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/13 16:28:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/13 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/13 16:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/13 16:26:54 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe

[2010/11/13 16:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Application Data\GetRightToGo

[2010/11/13 12:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Local Settings\Application Data\PackageAware

[2010/11/11 18:52:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/11/11 18:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/11/11 17:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\My Documents\error pics

[2010/11/11 08:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}

[2010/11/08 17:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\My Documents\New Folder

[2007/11/28 09:43:12 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll

[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 17:55:07 | 001,393,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2010/11/22 17:55:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

[2010/11/22 17:54:42 | 017,267,744 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010/11/22 17:49:51 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Google.url

[2010/11/22 17:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/22 17:27:56 | 2104,332,288 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/22 16:21:44 | 000,234,260 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010/11/22 16:21:44 | 000,133,700 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2010/11/22 16:20:32 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\Uxanaliyunolif.dat

[2010/11/22 07:26:11 | 000,000,263 | ---- | M] () -- C:\WINDOWS\vulcan.flt

[2010/11/22 07:15:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\Hvocomohag.bin

[2010/11/21 09:58:56 | 003,912,958 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\ComboFix.exe

[2010/11/21 09:38:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/18 16:41:33 | 001,507,328 | -H-- | M] () -- C:\ffastun0.ffx

[2010/11/18 16:41:33 | 000,483,328 | -H-- | M] () -- C:\ffastun.ffl

[2010/11/18 16:41:33 | 000,208,896 | -H-- | M] () -- C:\ffastun.ffo

[2010/11/18 16:41:33 | 000,004,680 | -H-- | M] () -- C:\ffastun.ffa

[2010/11/18 15:44:14 | 000,002,173 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LogMeIn Rescue Calling Card.lnk

[2010/11/18 11:23:29 | 000,115,465 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010/11/18 11:23:29 | 000,097,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010/11/18 11:13:59 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\chamerston\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMend Disk Cleaner.lnk

[2010/11/18 11:10:13 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\chamerston\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMend Registry Defrag.lnk

[2010/11/18 09:31:17 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\7z465.exe

[2010/11/18 08:25:29 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/16 17:51:38 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Google Maps.url

[2010/11/15 18:10:35 | 000,591,872 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\smout install details.doc

[2010/11/15 18:10:06 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Microsoft Word.lnk

[2010/11/15 17:51:33 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\sealed unit details.doc

[2010/11/15 17:43:36 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Email.url

[2010/11/15 15:54:42 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\EverestCAD.lnk

[2010/11/15 13:01:11 | 000,001,101 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/11/14 12:04:41 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/14 11:55:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chamerston\Desktop\mbam-setup.exe

[2010/11/14 11:32:15 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/11/13 16:01:28 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Bing.url

[2010/11/13 12:11:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\error loading C.doc

[2010/11/13 10:30:22 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\latest expense form octnov.xls

[2010/11/05 18:12:16 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\holt secondary so51 6hh.doc

[2010/11/05 13:57:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Garage door DS217.doc

[2010/11/05 13:57:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\flat roof DS217.doc

[2010/11/05 13:57:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\flat roof DS217.doc

[2010/11/05 13:56:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\roofline DS217.doc

[2010/11/05 13:55:16 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Window 217 master.doc

[2010/11/04 17:50:18 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Carwyn

Share this post


Link to post
Share on other sites
as requested,

OTL logfile created on: 22/11/2010 17:56:40 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\chamerston\Desktop

Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29.30 Gb Total Space | 15.79 Gb Free Space | 53.88% Space Free | Partition Type: NTFS

Drive D: | 82.49 Gb Total Space | 80.43 Gb Free Space | 97.50% Space Free | Partition Type: NTFS

Computer Name: 104119-SL | User Name: Chamerston | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 17:55:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

PRC - [2010/02/04 13:13:20 | 000,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

PRC - [2007/11/16 07:28:44 | 000,323,584 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe

PRC - [2007/11/15 10:58:54 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe

PRC - [2007/11/15 10:58:32 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2007/11/15 09:48:40 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe

PRC - [2007/10/23 15:00:20 | 000,562,488 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe

PRC - [2007/10/15 09:42:44 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe

PRC - [2007/10/12 12:10:48 | 000,806,912 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe

PRC - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe

PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe

PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2006/09/04 14:12:00 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe

PRC - [2006/08/09 19:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe

PRC - [2006/06/08 09:17:06 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe

PRC - [2006/06/08 09:16:54 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe

PRC - [2006/04/10 18:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe

PRC - [2006/03/06 16:26:14 | 000,069,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe

PRC - [2006/01/13 11:42:54 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe

PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe

PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe

PRC - [2004/08/04 21:00:00 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe

PRC - [2002/08/29 03:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe

PRC - [1997/08/19 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Modules (SafeList) ==========

MOD - [2010/11/22 17:55:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2005/03/02 18:09:30 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\azamavabowinew.dll

MOD - [2004/08/04 21:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2004/08/04 21:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll

MOD - [2004/08/04 21:00:00 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\SPTIP.dll

MOD - [2004/08/04 21:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFP.dll

MOD - [2004/08/04 21:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\SPGRMR.dll

MOD - [2004/08/04 21:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll

MOD - [2002/08/29 03:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.1.1.3:3128

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.1.1.3:3128

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ho-notes1.everestlimited.co.uk:8100

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

O1 HOSTS File: ([2004/08/04 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()

O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)

O4 - HKLM..\Run: [TFncKy] File not found

O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)

O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)

O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)

O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)

O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKLM..\Run: [WTouchUser] C:\WINDOWS\system32\WTouchUser.exe ()

O4 - HKU\.DEFAULT..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found

O4 - HKU\S-1-5-18..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found

O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Dtomujecazuw] File not found

O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Vhejoz] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

F3 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957 WinNT: Load - (C:\DOCUME~1\ystem32\wuw) - File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1

O7 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\.DEFAULT\..Trusted Domains: city-link.co.uk ([www] http in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: everestlimited.co.uk ([plankton] http in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: everestltd.co.uk ([www] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: everestltd.com ([afariasvr] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range2 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range3 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range4 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range5 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range6 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: city-link.co.uk ([www] http in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: everestlimited.co.uk ([plankton] http in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: everestltd.co.uk ([www] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: everestltd.com ([afariasvr] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range2 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range3 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range4 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range5 ([https] in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range6 ([https] in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = everestlimited.co.uk

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)

O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)

O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\chamerston\My Documents\My Pictures\rossi2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\chamerston\My Documents\My Pictures\rossi2.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/28 09:51:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2010/04/30 14:08:28 | 000,000,228 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{cad8fd26-9d53-11df-b813-0015b7524bec}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 17:55:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

[2010/11/21 09:53:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/21 09:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows

[2010/11/18 15:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Rescue Calling Card

[2010/11/18 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/11/18 11:51:20 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys

[2010/11/18 11:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinMend

[2010/11/18 09:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/11/14 11:55:43 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\chamerston\Desktop\mbam-setup.exe

[2010/11/14 11:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Application Data\SUPERAntiSpyware.com

[2010/11/14 11:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/11/13 16:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Application Data\Malwarebytes

[2010/11/13 16:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/13 16:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/13 16:29:32 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe

[2010/11/13 16:28:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/13 16:28:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/13 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/13 16:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/13 16:26:54 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe

[2010/11/13 16:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Application Data\GetRightToGo

[2010/11/13 12:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Local Settings\Application Data\PackageAware

[2010/11/11 18:52:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/11/11 18:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/11/11 17:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\My Documents\error pics

[2010/11/11 08:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}

[2010/11/08 17:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chamerston\My Documents\New Folder

[2007/11/28 09:43:12 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll

[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 17:55:07 | 001,393,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2010/11/22 17:55:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chamerston\Desktop\OTL.exe

[2010/11/22 17:54:42 | 017,267,744 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010/11/22 17:49:51 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Google.url

[2010/11/22 17:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/22 17:27:56 | 2104,332,288 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/22 16:21:44 | 000,234,260 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010/11/22 16:21:44 | 000,133,700 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2010/11/22 16:20:32 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\Uxanaliyunolif.dat

[2010/11/22 07:26:11 | 000,000,263 | ---- | M] () -- C:\WINDOWS\vulcan.flt

[2010/11/22 07:15:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\Hvocomohag.bin

[2010/11/21 09:58:56 | 003,912,958 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\ComboFix.exe

[2010/11/21 09:38:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/18 16:41:33 | 001,507,328 | -H-- | M] () -- C:\ffastun0.ffx

[2010/11/18 16:41:33 | 000,483,328 | -H-- | M] () -- C:\ffastun.ffl

[2010/11/18 16:41:33 | 000,208,896 | -H-- | M] () -- C:\ffastun.ffo

[2010/11/18 16:41:33 | 000,004,680 | -H-- | M] () -- C:\ffastun.ffa

[2010/11/18 15:44:14 | 000,002,173 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LogMeIn Rescue Calling Card.lnk

[2010/11/18 11:23:29 | 000,115,465 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010/11/18 11:23:29 | 000,097,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010/11/18 11:13:59 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\chamerston\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMend Disk Cleaner.lnk

[2010/11/18 11:10:13 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\chamerston\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMend Registry Defrag.lnk

[2010/11/18 09:31:17 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\7z465.exe

[2010/11/18 08:25:29 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/16 17:51:38 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Google Maps.url

[2010/11/15 18:10:35 | 000,591,872 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\smout install details.doc

[2010/11/15 18:10:06 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Microsoft Word.lnk

[2010/11/15 17:51:33 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\sealed unit details.doc

[2010/11/15 17:43:36 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Email.url

[2010/11/15 15:54:42 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\EverestCAD.lnk

[2010/11/15 13:01:11 | 000,001,101 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/11/14 12:04:41 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/14 11:55:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chamerston\Desktop\mbam-setup.exe

[2010/11/14 11:32:15 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/11/13 16:01:28 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Bing.url

[2010/11/13 12:11:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\error loading C.doc

[2010/11/13 10:30:22 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\latest expense form octnov.xls

[2010/11/05 18:12:16 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\holt secondary so51 6hh.doc

[2010/11/05 13:57:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Garage door DS217.doc

[2010/11/05 13:57:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\My Documents\flat roof DS217.doc

[2010/11/05 13:57:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\flat roof DS217.doc

[2010/11/05 13:56:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\roofline DS217.doc

[2010/11/05 13:55:16 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Window 217 master.doc

[2010/11/04 17:50:18 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chamerston\Desktop\Carwyn

Share this post


Link to post
Share on other sites

Now thats some Vundo. With a bit of luck you should be able to run the following fix with success from your account. Let me know how things are afterwards.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox.
    :otl
    MOD - [2005/03/02 18:09:30 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\azamavabowinew.dll
    IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Dtomujecazuw] File not found
    O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Vhejoz] File not found

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Share this post


Link to post
Share on other sites
Now thats some Vundo. With a bit of luck you should be able to run the following fix with success from your account. Let me know how things are afterwards.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox.
    :otl
    MOD - [2005/03/02 18:09:30 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\chamerston\Local Settings\Application Data\azamavabowinew.dll
    IE - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Dtomujecazuw] File not found
    O4 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957..\Run: [Vhejoz] File not found

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

here it is

All processes killed

========== OTL ==========

HKU\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Run\\Dtomujecazuw not found.

Registry value HKEY_USERS\S-1-5-21-2667186550-4238715384-1394353169-2957\Software\Microsoft\Windows\CurrentVersion\Run\\Vhejoz not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 1754853 bytes

->Temporary Internet Files folder emptied: 371242 bytes

->Java cache emptied: 2314031 bytes

->Flash cache emptied: 405 bytes

User: All Users

User: badekunle

User: Caspar

->Temp folder emptied: 33926990 bytes

->Temporary Internet Files folder emptied: 14157211 bytes

User: chamerston

->Temp folder emptied: 781861 bytes

->Temporary Internet Files folder emptied: 6654836 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: dgreen

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: mbenton

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 55716 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11222010_194143

Files\Folders moved on Reboot...

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SWNA2DAQ\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SI2FQ9QW\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KMWYUPVX\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\7UEUBU59\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\History\History.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\7zS46.tmp\util\ccc\Uninstall_L2.bat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\7zS46.tmp\util\ccc\Uninstall_L3.bat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\7zS46.tmp\util\ccc\Uninstall_L4.bat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Arabic.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Czech.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Danish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO11.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO12.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO20.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO22.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO23.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO24.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO7.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO8.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIO9.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIOA4.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIOA6.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIOA7.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIOA8.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIOAC.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\DIOD.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Dutch.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\English.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Finnish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\French.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\fsnxvx.exe scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\German.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Greek.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Hebrew.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\hpqddusr.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Hungarian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Italian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Japanese.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Korean.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MAR1E.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MAR1F.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MAR5.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MAR6.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MAR7.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MAR8.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MARA0.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\MARA1.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Norwegian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Polish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Portuguese(Brazil).bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Portuguese.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Russian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\samples.sar scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\sarscan.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\SimChin.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Spanish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\SWEDISH.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Thai.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\ToDDW.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\TradChin.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Turkish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DF12F2.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NDNF0ZW5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M3AUUCK2\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G543SB8N\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2JCKEDMR\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\host\77a5ef3-623ce2ba.hst scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\60\22e3dd3c-196660b1 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\60\22e3dd3c-196660b1.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\58\272163a-62c95c3e scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\58\272163a-62c95c3e.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\65d6ac39-784f3694 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\65d6ac39-784f3694.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\53\466707b5-760dddb7 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\53\466707b5-760dddb7.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\3ccfb805-5a055859 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\3ccfb805-5a055859.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\338b9a2d-3ef5c184 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\338b9a2d-3ef5c184.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\3a3af82d-171f56b8 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\3a3af82d-171f56b8.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\42\456fdaaa-40b5dca4 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\42\456fdaaa-40b5dca4.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\72803f27-2482e8c9 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\72803f27-2482e8c9.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\77a582df-5d4f9339 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\77a582df-5d4f9339.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\cdbf258-4a4ec46c scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\cdbf258-4a4ec46c.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\ce26e18-45d8ffcc scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\ce26e18-45d8ffcc.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\3a71cb91-78219f21 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\3a71cb91-78219f21.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\49fcca91-613450ae scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\49fcca91-613450ae.idx scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\{A1DFA2BB-F3A8-48DB-BB56-A0675A40492C}\setup.isn scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}\condmgr.dll scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}\HSAPI.dll scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}\Instaide.dll scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}\UserData.dll scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\NAILogs\FrmInst_C.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\NAILogs\UpdaterUI_C.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\NAILogs\UpdaterUI_RENAME.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\NAILogs\UpdaterUI_SC87.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\McAfeeLogs\VSEInst.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\McAfeeLogs\VSEUninst.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\e4j4.tmp_dir21717\libsxjdk.so scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\e4j4.tmp_dir21717\sxjdk.dll scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Arabic.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\CFG247.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Czech.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Danish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Dutch.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\English.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Finnish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\French.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\German.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Greek.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Hebrew.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Hungarian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\i4jdel0.exe scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\i4j_log10770.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\i4j_nlog_2 scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\IDSinst.LOG scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\IpAdrSet.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\isDel.bat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Italian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Japanese.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\java_install.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\java_install_reg.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Korean.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\MS44.LOG scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Norton Internet Security 2007 Uninstall 2-26-2008 21h10m54s.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Norton Setup 10,2,0 2-26-2008 21h10m52s.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Norwegian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\osCheck Vista Migration 2008-02-26 20h59m34s.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\osCheck Vista Migration 2008-02-26 21h02m22s.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Polish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Portuguese(Brazil).bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Portuguese.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Russian.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\set24B.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\set252.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\set258.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\set25B.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\set25E.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\SimChin.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\SNDunin.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Spanish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\srtspse.dat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\srtspso.dat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\srtspsp.dat scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\srtUnin.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\SWEDISH.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\SYMEVENT.LOG scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\SymLCSVC.EXE scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Thai.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\ToDDW.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\TradChin.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\Turkish.bin scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\U3Launcher.log scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\VSE850.MSI scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temp\~DFB140.tmp scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\CAS1EPXA.png scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\drop-shadow[1].png scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\everest_logo_blue[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\featurebox_bg_17[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\flag-en[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\footer_bg[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\home_btn_bg[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\installer[1].exe scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\print[1].css scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\prototype[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\style[1].css scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\wtid[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\Z41HDELM\zoomout[1].cur scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\activity;src=1157406;type=newsi663;cat=homep022;u1=371683100025526022008221

233;ord=1;num=9917524528993[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\CA5O8V5X.gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\CAQ3UF6P.gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\common[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\everest.co[1].htm scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\featurebox_bg_01[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\featurebox_bg_05[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\frame_bg_home[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\header_call[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\header_search[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\lightbox[1].css scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\loader.white[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\prevlabel[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\rescue_pwdby[1].jpeg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\JLLZ8QW4\scriptaculous[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\activity;src=1157406;type=newsi663;cat=homep022;u1=803691456023826022008221

212;ord=1;num=1794498490217[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\arrow_blue_white[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\bg2[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\CA4HOHG7.png scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\CAIV81IV.png scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\closelabel[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\eva[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\everest[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\featurebox_bg_03[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\homeright_bg[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\input_bg[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\lightbox[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\loading[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\tri[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\B46GN97A\views[1] scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\activity;src=1157406;type=newsi663;cat=homep022;u1=211464748137626022008140

433;ord=1;num=5453062682138[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\AppletDownloader[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\btn_06[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\CAV2G7J5.gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\effects[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\favicon[1].ico scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\featurebox_bg_02[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\featurebox_bg_06[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\header_bg[1].jpg scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\header_go_btn[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\home[1].htm scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\nav_arrow[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\nextlabel[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\rss_icon[1].gif scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\669TNKAK\toolbox[1].js scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Caspar\Local Settings\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\TK4BQJ6K\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBY74VB3\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9T50OIO\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\4O3IQLAS\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH0JKLMN\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BUMEAVOZ\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AE8N1XGL\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6P89STCV\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KB0G492G\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EJVK4NZ1\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D4CWMKL4\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8W5SU3MC\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

File move failed. C:\WINDOWS\System32\CONFIG.TMP scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\atchksrv.log scheduled to be moved on reboot.

C:\WINDOWS\temp\kleaner (pid 1312) 2010-11-22 19-33-18.log moved successfully.

Registry entries deleted on Reboot...

the error message has gone! :D but still have the c:\documents and settings folder minimised on the bottom left of the screen (next to start) each time i start my computer.

Share this post


Link to post
Share on other sites

As a Quick Launch icon you mean? What happens when you delete it from there (of course not the actual folder, but the quick launch button).

Share this post


Link to post
Share on other sites
As a Quick Launch icon you mean? What happens when you delete it from there (of course not the actual folder, but the quick launch button).

it disappears until next time i start my laptop up.

just a tad annoying thats all

Share this post


Link to post
Share on other sites

Please run the folllowing as an OTL fix (instructions as last time) and see if that fixes it.

:otl
F3 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957 WinNT: Load - (C:\DOCUME~1\ystem32\wuw) - File not found

Share this post


Link to post
Share on other sites
Please run the folllowing as an OTL fix (instructions as last time) and see if that fixes it.

:otl
F3 - HKU\S-1-5-21-2667186550-4238715384-1394353169-2957 WinNT: Load - (C:\DOCUME~1\ystem32\wuw) - File not found

Still there after start up?

here is the log

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2667186550-4238715384-1394353169-2957\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\ystem32\wuw deleted successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_081209

Share this post


Link to post
Share on other sites

Please see if this will run.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites
Please see if this will run.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

here it is,

ComboFix 10-11-20.05 - Chamerston 23/11/2010 12:10:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2007.1443 [GMT 0:00]

Running from: c:\documents and settings\chamerston\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* Resident AV is active

.

Overlay aborted ... Please run ComboFix once more

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\chamerston\Application Data\Microsoft\stor.cfg

c:\documents and settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}

c:\documents and settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}\chrome.manifest

c:\documents and settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}\chrome\content\_cfg.js

c:\documents and settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}\chrome\content\overlay.xul

c:\documents and settings\chamerston\Local Settings\Application Data\{4F76C710-D529-4367-BFA1-DAAD4699A9E4}\install.rdf

c:\documents and settings\chamerston\Local Settings\Application Data\azamavabowinew.dll

c:\documents and settings\chamerston\Recent\Thumbs.db

c:\windows\system\GRID32.OCX

c:\windows\system\msvbvm60.dll

c:\windows\system\olepro32.dll

c:\windows\system32\64dlls.exe

c:\windows\system32\intel64.exe

c:\windows\system32\localsys64.exe

c:\windows\system32\lsjdfh.exe

c:\windows\system32\ntos.exe

c:\windows\system32\oembios.exe

c:\windows\system32\sdra64.exe

c:\windows\system32\sdra73.exe

c:\windows\system32\swin32.exe

c:\windows\system32\twex.exe

c:\windows\system32\twext.exe

c:\windows\system32\wsnpoema.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))

.

2010-11-23 11:59 . 2010-11-23 12:00 -------- d-----r- C:\32788R22FWJFW

2010-11-22 19:23 . 2010-11-22 19:23 -------- d-----w- C:\_OTL

2010-11-21 09:43 . 2010-11-21 09:46 -------- d-----w- c:\program files\Startup Inspector for Windows

2010-11-18 15:44 . 2010-11-18 15:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Rescue Calling Card

2010-11-18 12:11 . 2010-11-18 12:11 -------- d-----w- c:\program files\Sophos

2010-11-18 11:51 . 2010-08-23 17:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys

2010-11-18 11:09 . 2010-11-18 11:13 -------- d-----w- c:\program files\WinMend

2010-11-18 09:32 . 2010-11-18 09:32 -------- d-----w- c:\program files\7-Zip

2010-11-14 11:33 . 2010-11-14 11:33 -------- d-----w- c:\documents and settings\chamerston\Application Data\SUPERAntiSpyware.com

2010-11-14 11:32 . 2010-11-14 11:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-13 16:44 . 2010-11-13 16:44 -------- d-----w- c:\documents and settings\chamerston\Application Data\Malwarebytes

2010-11-13 16:34 . 2010-11-13 16:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-13 16:34 . 2010-11-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-13 16:29 . 2010-03-24 11:53 16409960 ----a-w- C:\spybotsd162.exe

2010-11-13 16:28 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-13 16:28 . 2010-11-14 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-13 16:28 . 2010-11-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-13 16:28 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-13 16:26 . 2010-03-17 13:32 5115824 ----a-w- C:\mbam-setup.exe

2010-11-13 16:14 . 2010-11-13 16:15 -------- d-----w- c:\documents and settings\chamerston\Application Data\GetRightToGo

2010-11-13 12:19 . 2010-11-13 12:19 -------- d-----w- c:\documents and settings\chamerston\Local Settings\Application Data\PackageAware

2010-11-11 18:13 . 2010-11-11 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-11-11 18:06 . 2010-03-24 12:07 10419873 ----a-w- C:\SAS_9476610.COM

2010-11-11 08:07 . 2010-11-22 07:15 0 ----a-w- c:\documents and settings\chamerston\Local Settings\Application Data\Hvocomohag.bin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-15 15:54 . 2010-05-05 18:50 45056 ----a-r- c:\documents and settings\chamerston\Application Data\Microsoft\Installer\{8EC079FB-DC6C-4794-BA2A-00EF9F7C164D}\EverestCAD.exe1_3B2DFEF2E3454AA5A55640815CE995FB.exe

2010-11-15 15:54 . 2010-05-05 18:50 45056 ----a-r- c:\documents and settings\chamerston\Application Data\Microsoft\Installer\{8EC079FB-DC6C-4794-BA2A-00EF9F7C164D}\EverestCAD.exe_2777FDBE19EE4C32B117A534DA546A25.exe

2010-11-15 15:54 . 2010-05-05 18:50 45056 ----a-r- c:\documents and settings\chamerston\Application Data\Microsoft\Installer\{8EC079FB-DC6C-4794-BA2A-00EF9F7C164D}\ARPPRODUCTICON.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]

"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-15 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-15 137752]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"CrossMenu"="c:\program files\TOSHIBA\CrossMenu\CrossMenu.exe" [2007-10-12 806912]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2007-11-15 258048]

"000StTHK"="000StTHK.exe" [2001-06-23 24576]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400]

"TFNF5"="TFNF5.exe" [2006-04-10 622592]

"TPSODDCtl"="TPSODDCtl.exe" [2007-11-15 118784]

"TPSMain"="TPSMain.exe" [2007-11-15 299008]

"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-09-04 90112]

"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-03-06 114688]

"TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2006-06-08 86016]

"TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2006-06-08 45056]

"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]

"TFncKy"="TFncKy.exe" [bU]

"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]

"TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2007-11-16 323584]

"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]

"WTouchUser"="c:\windows\system32\WTouchUser.exe" [2007-09-27 107816]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2010-02-04 231952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 1 (0x1)

"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispCPL"= 1 (0x1)

"DisableChangePassword"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThemesTab"= 1 (0x1)

"ForceStartMenuLogOff"= 1 (0x1)

"NoWindowsUpdate"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSimpleStartMenu"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)

"NoCloseDragDropBands"= 1 (0x1)

"NoMovingBands"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]

2004-08-04 21:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]

2002-08-29 03:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]

2006-07-21 19:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]

2006-10-05 12:45 31744 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15000:UDP"= 15000:UDP:Kaspersky Administration Kit

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27/04/2007 10:19 21120]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [28/11/2007 10:00 5888]

R2 klnagent;Kaspersky Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [22/09/2008 19:12 94544]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]

R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [28/11/2007 10:00 114688]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]

R2 TTPDSrv;TOSHIBA Touch Pad Service;c:\windows\system32\TTPDSRV.exe [28/11/2007 11:58 73728]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [28/11/2007 09:51 1464856]

R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [26/02/2008 20:57 95528]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28/11/2007 09:05 36608]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/05/2007 17:49 24344]

R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [28/11/2007 10:02 8832]

R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [28/11/2007 10:04 435072]

R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [28/11/2007 09:48 11312]

R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [26/02/2008 20:57 30248]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [30/07/2010 18:22 9728]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]

S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]

S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [18/11/2010 11:51 27192]

S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [30/07/2010 18:22 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2008-02-26 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-11-28 21:00]

2008-02-26 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-11-28 21:00]

2008-02-26 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2007-11-28 21:00]

.

.

------- Supplementary Scan -------

.

uStart Page = https://ho-notes1.everestlimited.co.uk:8100

mDefault_Page_URL = https://ho-notes1.everestlimited.co.uk:8100

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.EXE'(1744)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\windows journal\nbmaptip.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL

c:\program files\Common Files\Microsoft Shared\Ink\PENUSA.DLL

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

Completion time: 2010-11-23 12:20:21 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-23 12:20

Pre-Run: 16,983,359,488 bytes free

Post-Run: 16,960,471,040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

- - End Of File - - 391D47C533DBFB1F818C25F10F449914

Share this post


Link to post
Share on other sites

Hi, I'm glad to hear that, however, I want to point out that one of the infections was an inforstealer, meaning that any sensitive data on this computer might be compromised. I strongly recommend to change any passwords/banking information/other sensitive data!

Please make also sure to update programs like Java/Adobe Reader (I don't know if you have the permissions to do so, but feel free to attract your IT departments' attention to this topic).

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Share this post


Link to post
Share on other sites
Hi, I'm glad to hear that, however, I want to point out that one of the infections was an inforstealer, meaning that any sensitive data on this computer might be compromised. I strongly recommend to change any passwords/banking information/other sensitive data!

Please make also sure to update programs like Java/Adobe Reader (I don't know if you have the permissions to do so, but feel free to attract your IT departments' attention to this topic).

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      sorry get as far as start button and just get a blue box open with a small red x in the top corner?

Share this post


Link to post
Share on other sites
will do.

Thanks again for all your help.

:D

ran Kaspersky and it was clean

ran Malwarebytes and it found 2

BUT every things fine...

should I just leave it alone now?

this is the log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

23/11/2010 18:01:11

mbam-log-2010-11-23 (18-01-11).txt

Scan type: Quick scan

Objects scanned: 137290

Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.