Tech Support Forum banner
Status
Not open for further replies.

Computer Virus/Trojan Problems

14K views 65 replies 3 participants last post by  amateur 
#1 ·
Amateur.

First may I thank you for responding to my request for help.

I have compiled the following List of Problems that I am aware of on my computer.

Windows is being stopped from updating.

Trend Micro is being stopped from updating.

Spybot is being stopped from updating.

Skype will not accept my password and let me use the program to speak to my grandson.

At start-up a box comes up saying that there are multiple security problems with my computer, and asking me to run update programs to rectify my problems, but then up pops a box saying error can not connect to the internet.

On my Internet Tool Bar next to the Favourites button a Program called www. Frontpagecash has been installed.

When using the internet I have popups that I do not want, that are for Google Germany, Google Italy, or other rubbish I do not want.

I have tried to follow your instruction list, but I have found some of it difficult to understand.

I downloaded to my desktop DDS program.

I have run the program but could not find out how to make them save to my desktop, they saved as notebook files.

The two files DDS & Attach, I copied from notebook and pasted them into this post below.

I do not have a Windows Install disc or a Boot disc.

Jack Willday






DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18943
Run by Jack at 19:56:54 on 2011-05-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1698 [GMT 3:00]
.
AV: Trend Micro Internet Security *Enabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Enabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jack\Desktop\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.138,93.188.160.18
TCP: {9CFF570F-9BA6-4E2D-B262-7FB6DE0994AA} = 93.188.162.138,93.188.160.18
TCP: {C6A1484E-40BF-4F39-AE2F-925F2B53879A} = 93.188.162.138,93.188.160.18
TCP: {DBC7417F-EB6A-49DA-BC38-8E249D10ABFA} = 93.188.162.138,93.188.160.18
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-3-7 141840]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-3-7 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-5-17 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-3-7 226832]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-6-16 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-6-16 648456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-23 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-6-23 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-19 19:31:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-01 04:11:46 -------- d-----w- c:\users\jack\appdata\local\Trusteer
2011-04-28 11:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-27 09:27:36 -------- d-----w- c:\programdata\Media Get LLC
2011-04-27 09:27:12 -------- d-----w- c:\users\jack\appdata\local\MediaGet2
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: TOSHIBA_ rev.LB01 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x92338EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xcee23872; SUB DWORD [EBP-0x4], 0xcee2312e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x84C5B962] -> \Device\Harddisk0\DR0[0x890C1AC8]
3 CLASSPNP[0x8D3B08B3] -> ntkrnlpa!IofCallDriver[0x84C5B962] -> [0x87B963D8]
5 acpi[0x806996BC] -> ntkrnlpa!IofCallDriver[0x84C5B962] -> [0x88573028]
[0x8A1254B8] -> IRP_MJ_CREATE -> 0x92338EC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK2546GSX_______________________LB014C__#4&344594bf&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x92338AEA
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:58:33.88 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/04/2008 12:35:07
System Uptime: 24/05/2011 19:43:03 (0 hours ago)
.
Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2101/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 145.014 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.103 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0017
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0017
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #11
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
==== System Restore Points ===================
.
RP851: 23/09/2010 08:02:14 - Scheduled Checkpoint
RP852: 24/09/2010 02:27:07 - Scheduled Checkpoint
RP853: 24/09/2010 08:42:00 - Windows Update
RP854: 26/09/2010 01:20:00 - Scheduled Checkpoint
RP855: 27/09/2010 02:50:32 - Scheduled Checkpoint
RP856: 28/09/2010 05:11:23 - Scheduled Checkpoint
RP857: 28/09/2010 13:37:41 - Windows Update
RP858: 29/09/2010 10:27:25 - Scheduled Checkpoint
RP859: 30/09/2010 03:00:20 - Windows Update
RP860: 30/09/2010 03:00:23 - Scheduled Checkpoint
RP861: 30/09/2010 03:02:52 - Windows Modules Installer
RP862: 01/10/2010 04:28:44 - Scheduled Checkpoint
RP863: 02/10/2010 03:18:12 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AIM 6
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Plus DirectShow Filters
DivX Setup
DocProc
DocProcQFolder
DVD Suite
Easy Video Joiner 5.21
ESU for Microsoft Vista
eSupportQFolder
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Mega Codec Pack 6.3.0
LabelPrint
LightScribe System Software 1.10.13.1
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Motorola SM56 Data Fax Modem
MSCU for Microsoft Vista
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
MyHeritage Family Tree Builder
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
Personal Ancestral File 5
Personal Ancestral File Companion 5.2
Power2Go
PowerDirector
Prism Video Converter
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
PVSonyDll
QuickPlay SlingPlayer 0.4.4
Rapport
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Stockmarket Investor 3
Synaptics Pointing Device Driver
Toolbox
TrayApp
Trend Micro Internet Security
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
VSAT360EInstallation
WebReg
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
24/05/2011 19:54:46, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
24/05/2011 19:48:49, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
24/05/2011 19:48:49, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
24/05/2011 19:44:25, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/05/2011 19:28:24, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/05/2011 19:28:24, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
24/05/2011 19:28:24, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
24/05/2011 19:28:24, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
24/05/2011 15:59:28, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 13 time(s).
24/05/2011 15:59:28, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 399 time(s).
24/05/2011 15:59:28, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 3 time(s).
23/05/2011 10:09:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
20/05/2011 16:40:03, Error: EventLog [6008] - The previous system shutdown at 16:38:11 on 20/05/2011 was unexpected.
20/05/2011 16:37:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
20/05/2011 16:36:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
20/05/2011 12:37:57, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 4 time(s).
20/05/2011 12:37:57, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 14 time(s).
20/05/2011 11:30:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
20/05/2011 11:30:31, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/05/2011 11:30:31, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/05/2011 11:30:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqcxs08 service.
20/05/2011 11:30:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
20/05/2011 11:29:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
20/05/2011 10:30:27, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 31 time(s).
20/05/2011 10:30:27, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 6 time(s).
20/05/2011 10:30:27, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1137 time(s).
20/05/2011 08:37:17, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Jack-PC\Jack SID (S-1-5-21-2663588974-432530602-2596334671-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
19/05/2011 22:42:17, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
19/05/2011 13:02:30, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 28 time(s).
19/05/2011 13:02:30, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1025 time(s).
19/05/2011 10:12:10, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 11 time(s).
19/05/2011 10:12:10, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1007 time(s).
18/05/2011 18:36:49, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 487 time(s).
18/05/2011 18:36:49, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 947 time(s).
18/05/2011 14:56:50, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 461 time(s).
18/05/2011 14:56:50, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 921 time(s).
18/05/2011 04:56:49, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 391 time(s).
18/05/2011 04:56:49, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 848 time(s).
17/05/2011 20:46:49, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 334 time(s).
17/05/2011 20:46:49, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 790 time(s).
17/05/2011 11:14:02, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 264 time(s).
17/05/2011 11:14:02, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 711 time(s).
17/05/2011 07:56:48, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 241 time(s).
17/05/2011 07:56:48, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 688 time(s).
 
See less See more
#2 ·
Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
 
#4 ·
Jack Willday:

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
 
#5 ·
RPMcMurpy

I have again tried to download your recommended program “Malwarebytes' Anti-Malware” but I have again received the following Message:

Oops! Internet Explorer could not find malwarebytes.org
Try reloading: malwarebytes.¬org/¬mbam-¬download.¬php
Additional suggestions:
• Access a cached copy of malwarebytes.¬org/¬mbam-¬download.¬php

Search on Google:

In the past I have learnt that if I Delete in Internet Options, the Temporary Internet Files, Internet History, & Cookies this sometimes allows me to connect to the Website I am having a problem connecting to.

Jack Willday
 
#6 ·
Jack:

Try this one - if this doesn't work I may need you to download some programs on a different PC. Do you have access to a properly working PC?

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log only into your next post.
 
#7 ·
RPMcMurphy

Success this time logs below:

Jack Willday

OTL logfile created on: 26/05/2011 14:58:57 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jack\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.73% Memory free
6.19 Gb Paging File | 4.60 Gb Available in Paging File | 74.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 144.14 Gb Free Space | 65.19% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 2.10 Gb Free Space | 17.87% Space Free | Partition Type: NTFS

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 14:49:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
PRC - [2011/05/19 22:31:52 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/21 21:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/09 00:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2009/04/14 15:19:38 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/04/14 15:18:56 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/04/11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 09:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/29 16:23:28 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/03/17 15:56:26 | 000,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2008/03/07 06:07:02 | 000,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/01/19 10:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 10:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/12/04 14:13:34 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/12/04 14:13:34 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/09/15 11:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/03/09 17:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 16:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 14:49:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
MOD - [2009/04/11 09:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 10:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2006/11/02 15:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/04/14 15:19:38 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/04/14 15:18:56 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/17 15:56:26 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/03/07 06:07:02 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/19 10:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 20:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 15:08:58 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)
DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/05 15:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 15:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 15:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/07 06:07:04 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/18 02:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/13 14:59:16 | 000,141,840 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2007/08/13 14:58:16 | 000,226,832 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 20:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/17 16:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/08 23:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/20 15:15:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/20 15:15:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/19 00:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/26 18:50:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 18:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 14:49:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2011/05/24 16:20:11 | 000,000,000 | ---D | C] -- C:\Users\Jack\Documents\DDS
[2011/05/24 16:10:59 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Jack\Desktop\dds.scr
[2011/05/19 22:31:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/01 07:11:46 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Trusteer
[2011/04/29 09:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\vlc
[2011/04/28 14:34:50 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/04/27 12:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011/04/27 12:27:12 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\MediaGet2
[57 C:\Users\Jack\Documents\*.tmp files -> C:\Users\Jack\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 14:49:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2011/05/26 14:35:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/26 08:59:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 08:59:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 19:49:45 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD5F9EBD-9E08-48BE-BC68-4E41772D22DE}.job
[2011/05/24 19:45:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 19:44:46 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/24 19:43:50 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/24 19:43:49 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/24 19:40:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/24 16:16:23 | 000,027,648 | ---- | M] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 16:11:03 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Jack\Desktop\dds.scr
[2011/05/24 16:02:58 | 010,899,456 | ---- | M] () -- C:\Users\Jack\Documents\Willday.paf
[2011/05/22 12:29:46 | 001,724,144 | ---- | M] () -- C:\Users\Jack\Documents\Willday.zip
[2011/05/22 10:23:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/22 10:23:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/21 15:50:10 | 485,629,956 | ---- | M] () -- C:\Users\Jack\Documents\Vladmodels Tanya y157 & Kristina y158 - tickl_10.mpg
[2011/05/20 16:35:14 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/19 22:31:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 23:51:57 | 000,054,080 | ---- | M] () -- C:\Users\Jack\Documents\Lisa Pointon York 26.04.11.pdf
[2011/05/12 11:29:00 | 205,479,439 | ---- | M] () -- C:\Users\Jack\Documents\Sevina part 5.rar
[2011/05/08 16:36:53 | 000,002,377 | ---- | M] () -- C:\Users\Jack\Desktop\Skype.lnk
[2011/05/01 10:05:48 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\3fdd3300.job
[2011/05/01 10:05:45 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\d51d5280.job
[2011/05/01 10:05:44 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\5e7b1e80.job
[2011/05/01 10:05:42 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\64d86d80.job
[2011/05/01 10:05:40 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\69dc6380.job
[2011/05/01 10:05:37 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\e86f6780.job
[2011/05/01 10:05:35 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\ed735d80.job
[2011/05/01 10:05:28 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\6b267180.job
[2011/05/01 10:04:27 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\8d2cb500.job
[2011/05/01 10:04:05 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\cd684800.job
[2011/05/01 10:03:54 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\80e25880.job
[2011/05/01 10:03:52 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\142d8900.job
[2011/05/01 10:03:51 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\ee6ce600.job
[2011/05/01 10:03:49 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\8525ff00.job
[2011/05/01 10:03:45 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\b9f28400.job
[2011/05/01 10:03:31 | 000,000,206 | ---- | M] () -- C:\Windows\tasks\9b7ce900.job
[2011/04/30 23:28:50 | 000,001,878 | ---- | M] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/04/30 19:50:49 | 125,072,588 | ---- | M] () -- C:\Users\Jack\Documents\Sevina part two (2).rar
[2011/04/30 19:49:28 | 129,569,283 | ---- | M] () -- C:\Users\Jack\Documents\Sevina part 3.rar
[2011/04/28 18:11:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc05b69466b5e2.job
[2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/04/28 13:02:00 | 089,427,930 | ---- | M] () -- C:\Users\Jack\Documents\Sevina part 1.rar
[57 C:\Users\Jack\Documents\*.tmp files -> C:\Users\Jack\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 19:49:45 | 000,000,390 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD5F9EBD-9E08-48BE-BC68-4E41772D22DE}.job
[2011/05/20 16:02:02 | 485,629,956 | ---- | C] () -- C:\Users\Jack\Documents\Vladmodels Tanya y157 & Kristina y158 - tickl_10.mpg
[2011/05/16 23:51:57 | 000,054,080 | ---- | C] () -- C:\Users\Jack\Documents\Lisa Pointon York 26.04.11.pdf
[2011/05/12 10:55:39 | 205,479,439 | ---- | C] () -- C:\Users\Jack\Documents\Sevina part 5.rar
[2011/05/01 10:05:48 | 000,000,208 | ---- | C] () -- C:\Windows\tasks\3fdd3300.job
[2011/05/01 10:05:45 | 000,000,208 | ---- | C] () -- C:\Windows\tasks\d51d5280.job
[2011/05/01 10:05:44 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\5e7b1e80.job
[2011/05/01 10:05:42 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\64d86d80.job
[2011/05/01 10:05:40 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\69dc6380.job
[2011/05/01 10:05:37 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\e86f6780.job
[2011/05/01 10:05:35 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\ed735d80.job
[2011/05/01 10:05:28 | 000,000,208 | ---- | C] () -- C:\Windows\tasks\6b267180.job
[2011/05/01 10:04:27 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\8d2cb500.job
[2011/05/01 10:04:05 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\cd684800.job
[2011/05/01 10:03:54 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\80e25880.job
[2011/05/01 10:03:52 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\142d8900.job
[2011/05/01 10:03:51 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\ee6ce600.job
[2011/05/01 10:03:49 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\8525ff00.job
[2011/05/01 10:03:45 | 000,000,208 | ---- | C] () -- C:\Windows\tasks\b9f28400.job
[2011/05/01 10:03:31 | 000,000,206 | ---- | C] () -- C:\Windows\tasks\9b7ce900.job
[2011/04/30 23:31:16 | 000,002,377 | ---- | C] () -- C:\Users\Jack\Desktop\Skype.lnk
[2011/04/30 23:28:50 | 000,001,878 | ---- | C] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/04/30 11:11:05 | 129,569,283 | ---- | C] () -- C:\Users\Jack\Documents\Sevina part 3.rar
[2011/04/30 11:11:04 | 125,072,588 | ---- | C] () -- C:\Users\Jack\Documents\Sevina part two (2).rar
[2011/04/28 18:11:41 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc05b69466b5e2.job
[2011/04/28 12:57:26 | 089,427,930 | ---- | C] () -- C:\Users\Jack\Documents\Sevina part 1.rar
[2010/09/14 14:55:50 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/14 14:55:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/14 14:55:49 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/14 14:55:49 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/14 14:55:49 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/03 12:44:27 | 000,000,164 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\PLGComp.ini
[2010/01/08 23:58:47 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/22 21:27:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/18 19:38:54 | 000,077,350 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 10:12:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/11 10:12:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/03 11:49:20 | 000,002,874 | ---- | C] () -- C:\Windows\System32\IctTdiService.instr.dat
[2009/05/27 10:56:18 | 000,170,217 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/04 11:52:06 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/04 11:52:06 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/14 11:24:30 | 000,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2009/01/14 11:20:52 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008/11/13 09:29:04 | 000,157,508 | ---- | C] () -- C:\Windows\hpoins29.dat
[2008/09/22 13:14:46 | 000,000,680 | ---- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2008/08/13 03:01:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/17 22:09:01 | 000,027,648 | ---- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/13 14:02:52 | 000,027,240 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\nvModes.001
[2008/06/13 14:02:16 | 000,027,240 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\nvModes.dat
[2008/06/07 22:21:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/16 12:43:11 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/04/16 12:43:11 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/04/16 12:34:25 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/20 07:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/12/04 13:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 15:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 15:47:37 | 000,315,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 13:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 13:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 13:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 13:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 13:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 11:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 11:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 10:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Unicode (All) ==========
[2010/12/04 11:30:49 | 000,000,000 | ---D | M](C:\???.???????????#2) -- C:\Дев.Забавляются#2
[2010/12/04 11:30:49 | 000,000,000 | ---D | C](C:\???.???????????#2) -- C:\Дев.Забавляются#2
[2010/12/02 16:49:04 | 000,000,000 | ---D | M](C:\???. ???????????#1) -- C:\Дев. Забавляются#1
[2010/12/02 16:49:04 | 000,000,000 | ---D | C](C:\???. ???????????#1) -- C:\Дев. Забавляются#1

< End of report >


OTL Extras logfile created on: 26/05/2011 14:58:57 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jack\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.73% Memory free
6.19 Gb Paging File | 4.60 Gb Available in Paging File | 74.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 144.14 Gb Free Space | 65.19% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 2.10 Gb Free Space | 17.87% Space Free | Partition Type: NTFS

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4B5D0F-5DBA-4AF2-9AF7-2D1345775C31}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1336951A-26CE-4F11-8E8A-5BDAF832C058}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E9A4A3D-3E95-44D4-8DB8-4162A85C2490}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{30447C4B-DEF3-4F8F-AC2F-C99163587B6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{4AB939F5-D5D1-4CE0-BB69-9D19DC5EBDDD}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{51AFA294-D2AA-42B3-AC93-084510BF5D0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5AB73E7B-F39C-427D-A024-2EF8935CCEE9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5B5BA876-3AE3-4265-A470-3353197264E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5DFB0AAD-5DEC-4C1D-8422-BF6E5EF944CF}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{637FA377-5318-4EEC-982A-F407611BD048}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{6916D133-4B9E-4B4F-BE50-8A00A36CDFC9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7BFB8D94-3B87-46C1-B69A-01A41CC53CF4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8E235AD8-84E5-4D8E-9CA9-D7308C99E235}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{8E29FFEA-B9C2-4187-9F41-022943C694D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8E39F239-1084-45BF-BAE0-D1890765B6EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{96BECFF7-1D1D-4B47-ABD0-F1DF3504DA31}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A9013799-5E45-4102-BFE2-0E0FE8FD141E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AC7F7DB5-E67B-4FA3-874A-7520E550773D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B1706A60-B21C-4EF6-9795-696D2A7AD931}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{BEEDD37A-052A-4899-AD7D-B243F31A552B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D7E95863-156C-4F39-92D6-D1F648725CDD}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D9398B80-82A6-4CBE-B703-942CDF0CE825}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{DCDCF55A-4579-461C-8FE7-5352F25E6909}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DFFE9C6C-0FFF-49D7-A3EE-C9228D07BC37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E19F97E5-34E1-4832-A889-F0A321EA2CEC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E77DCD6E-2964-4209-AEBA-8FD77688CC00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF835AAF-E250-48E1-9B8A-22C9DCBB2431}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"TCP Query User{0E824E91-DD71-48CB-A9D0-E3ED032E7A60}C:\users\jack\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{C1FC13F2-3F4F-4ADA-8556-5BC2F6D43672}C:\vsat360e_install\idu360einstall.exe" = protocol=6 | dir=in | app=c:\vsat360e_install\idu360einstall.exe |
"UDP Query User{2BE08B60-7C15-48A1-ACA3-E9109BDB517C}C:\users\jack\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{93F591B5-E0E7-472B-8576-E4FF80F801A0}C:\vsat360e_install\idu360einstall.exe" = protocol=17 | dir=in | app=c:\vsat360e_install\idu360einstall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84E90B7A-FFAD-11D5-A0FC-0050DABC988F}" = VSAT360EInstallation
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.2
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"Family Tree Builder" = MyHeritage Family Tree Builder
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Investor_3" = Stockmarket Investor 3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Prism" = Prism Video Converter
"Rapport_msi" = Rapport
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/03/2011 15:31:02 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x49e8, application start time
0x01cbe410812d6a70.

Error - 16/03/2011 15:35:18 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x52d0, application start time
0x01cbe41119c810f0.

Error - 16/03/2011 15:53:30 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x5348, application start time
0x01cbe413a2d0de20.

Error - 16/03/2011 15:55:22 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x49c0, application start time
0x01cbe413e7137a20.

Error - 16/03/2011 15:56:52 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x2f14, application start time
0x01cbe4141d14fa40.

Error - 16/03/2011 16:01:27 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xc06d007e, fault offset 0x0003fbae, process id 0x3038, application
start time 0x01cbe414caddf5f0.

Error - 16/03/2011 16:02:10 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Winmgmt, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03821, exception code 0xc0000024, fault offset 0x00074304, process id 0x53e8,
application start time 0x01cbe41508554ff0.

Error - 16/03/2011 16:13:27 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x50ec, application start time
0x01cbe4166df72530.

Error - 16/03/2011 16:15:04 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x2c74, application start time
0x01cbe416a7d69330.

Error - 16/03/2011 16:23:27 | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000161ae, process id 0x5e54, application start time
0x01cbe417d39b5bd0.

[ System Events ]
Error - 24/05/2011 12:28:24 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 24/05/2011 12:28:24 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 24/05/2011 12:28:24 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 24/05/2011 12:28:24 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 24/05/2011 12:30:46 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 24/05/2011 12:30:46 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 24/05/2011 12:44:25 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/05/2011 12:48:49 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 24/05/2011 12:48:49 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 24/05/2011 12:54:46 | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >
 
#8 ·
Jack:

Now we should be able to make some progress! Please do this:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [Purity]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL Fix log
  • aswMBR log
 
#9 ·
RPMcMurhy

I Copied & Pasted your program into the Custom Box Then click the Run Fix button

The program ran for 1 or 2 minuets then stopped without compleating

A Windows Box came up saying

OTL has stopped working.

A problem caused the program to stop working correctly
Windows will Close the program & notify you if a solution is found

I left it alone to carry on runing for an hour, but nothing happened so I clicked on the Close Program Button
 
#10 ·
RPMcMurphy

I am now left with only 2 Internet links open Gmail & your reply program that were open when I started the OTL program running

I also have another Windows Box that has opened saying

Host process for windows services stopped working & was Closed

A problem caused the application to stop working correctly
Windows will notify if a solution is available

I have no Desktop Icons

Only 3 very small boxs

Jack Willday
 
#11 ·
Jack:

OK, it sounds like things are getting worse, so I'll have to take a different approach:

At this point I strongly advise you to back up all your important data.

Your PC is infected with a rootkit, one that is attached to the Master Boot Record (MBR) of your hard disk. We usually have a good amount of success when it comes to fixing the MBR but the MBR is a delicate area and there is a possibility of data loss and/or have complete PC failure if the disinfection process does not work. Please back up any important data before proceeding.

Please also understand that some computers have their own proprietary MBR that offer you the ability to boot directly into a Factory Restore Utility. Fixing this proprietary MBR can cause you to lose the ability to boot into the Factory Restore Utility. The only way to get that feature back is by using the Factory Restore CD that came with the computer. That also means you will have to back up your data first.

If you've read the above and still want to risk fixing the MBR and have already backed up your data, proceed with the following instructions:[/color]

We need to run a fix from the recovery environment

Verify that you can access the Vista Recovery Environment

To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.

If the option Repair your computer is available, select it.

Select a language, a keyboard or an input method, and then click Next

It will ask for a password > if you have one > enter it now, or just hit OK if you don't have one.

(If Recovery Environment is not preinstalled, you will need to insert your Vista installation dvd and restart, then press any key when prompted to boot from the cd.

At the Install Windows screen, select Repair your computer (image below)

)


In the System Recovery Options dialog box, click Command Prompt

Type the following command and then press ENTER:

bootrec /fixmbr
bootrec<space>/fixmbr
You should see "The operation completed successfully"

Type EXIT at the command prompt, then select the RESTART button to reboot your system normally.
Please include the following in your next post:
  • Let me know when you've completed these instructions
 
#12 ·
RPMcMurphy

I have been trying to sent a posting to you for two days

Currently I am able to access the Internet, but that is all I can do.

I have no desktop icons, no bottom toolbar were I would normally access windows to backup programs and data

I have found that when using the Internet it sometimes freese, if I use the refresh button it clears the problem, so I have now Refreshed my link to you which cleared the posting box of your program of my other attempts to post to you, so I am now hopping that I will be able to send this posting.

I have purchased an independent hardrive to save all my programs and data to.

But as I can not close my computer down, to later restart it, to see if the desktop icons and windows reappeared, to enable me to backup my data.

I would like your advice as to weather or not I should disconnect the power from my computer ( I am afraid that if I do that I will loose my Internet connection and ability to contact you) to see if when I restart it the desktop icons and access to windows would reappear

For your information my Computer is a Hewlett Packard laptop HP Pavilion dv6000

My daughter purchased the laptop for me and I do not remember being given or receiving any installation discs

Jack Willday
 
#15 ·
Well, you have two choices: You can use that built in recovery partition to restore the computer back to its "Out of the box" condition, or you can go ahead with the instructions I posted to run bootrec /fixmbr from the Recovery Environment. There are pros and cons to both options. If you use the recovery partition you will have to reinstall all your programs, etc. If you run my fix chances are you won't lose any data, but it's always a possibility with these infections. Running the fix will also render that recovery partition unusable. Let me know how you wish to proceed, or if you have any questions.
 
#18 ·
RPMcMurphy

I Closed down my computer and restarted it taping the f8 key

Up came Repair your Computer I clicked

Selected my Language

Up came box requesting a Password

I entered my normal password

It was refused

Box saying: Your account has been disabled please see your system administrator

Changed the Option on the top line from Administrator to Jack

Entered normal password

Up came Box saying:

System Recovery Options
Choose a Recovery Tool
Operation System: Microsoft Windows Vista on (C:) Local Disk

Options Listed

Startup Repair

System Restore

Windows Compleat PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Recovery Manager

Shut Down or Restart buttons

Clicked Shut Down

After restarting my computer there was a box on the Screen which I have copied & pasted below

Jack Willday

Files\Folders moved on Reboot...
C:\Users\Jack\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Jack\AppData\Local\Temp\~DF9977.tmp moved successfully.
C:\Users\Jack\AppData\Local\Temp\~DF99D5.tmp moved successfully.
C:\Users\Jack\AppData\Local\Temp\~DF9B14.tmp moved successfully.
C:\Users\Jack\AppData\Local\Temp\~DF9B31.tmp moved successfully.
C:\Users\Jack\AppData\Local\Temp\~DF9C6B.tmp moved successfully.
C:\Users\Jack\AppData\Local\Temp\~DF9CA6.tmp moved successfully.
File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jack\AppData\Roaming\Trusteer\Rapport\user\logs\koan.12428.log not found!
File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jack\AppData\Roaming\Trusteer\Rapport\user\logs\koan.6492.log not found!
File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jack\AppData\Roaming\Trusteer\Rapport\user\logs\koan.7372.log not found!
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WDFJ9CL1\ads[6].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WDFJ9CL1\likebox[1].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WDFJ9CL1\maps[2].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WDFJ9CL1\maps_google_co_uk[1].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VFH1KJRZ\computer-virus-trojan-problems-576156[1].html moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VFH1KJRZ\mail[2].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V844VHKG\mail[1].htm moved successfully.
File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CGM5EL6V\openhand_8_8[1].bmp not found!
File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81JGW3CF\mail[1].txt not found!
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4SO3QBH3\ads[8].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4SO3QBH3\ads[9].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DPIGPGJ\newreply[1].htm moved successfully.
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FTEKX82\getlanguagejsCA1EUQ4U.htm moved successfully.

Registry entries deleted on Reboot...
 
#19 ·
Jack,

See if you can do this now:

Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log
 
#23 ·
Jack:

Let's try a different approach:

Please boot into the Safe Mode and run this:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log
 
#25 ·
See if this will run for you:

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

  • After that set Security level to High
  • Then set "On Threat Detection" to Choose Action > Disinfect
  • Click "Start Scan"
  • When it finishes, click on "Report" then click "Save" in the upper right corner saving the log to your desktop
  • Post the log in your next reply
 
#26 ·
RPMcMurphy

I am having big problems now with trying to connect to the internet

I can only connect to the internet when I reboot my computer in Safe Mode with networking

In that mode I still have the problem of the Coroupt Google page opening every time I ask a page to open

When I click your continue to external link, link I get box saying Internet Explorer cannot display the webpage

Jack Willday
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top