WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Fake XP Internet Security 2012

2 posters

descriptionFake XP Internet Security 2012 EmptyFake XP Internet Security 2012 26th June 2011, 5:42 am

more_horiz
I have spyware on my windows xp os, i cant access anything on my control panel my firewall is turned off and blocked i immediately pulled out the internet cable when this fake security alert flashed up on my screen. i've restarted my pc in safe mode ran malwarebytes but it isnt detecting anything at all.

i managed to access the control panel in safe mode but still couldnt turn on the firewall or virus protection.
i did manage to to get into the add/remove programme

and i took off something called xp service pack 3
i googled this and found other people having problems with it so i deleted it

now when i access control panel i can't open anything a box appears saying "C:/WINDOWS\system32\rundll32.exe Application not found"

I also noticed that on my control panel i now have a blue icon named Div x control panel
nothing whatsoever can be accessed in normal mode.

xp FAKE security 2012 has stopped giving me pop ups now telling me to purchase there virus protection.
but other problems have now araised

could someone please help


thank you

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 7:35 am

more_horiz
Hi there veronica!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Uninstalling Windows service pack 3 was a bad idea. These are necessary windows updates that you will need to re-install. We will do that later. First we run a scan for malware.

====================

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:

%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.


descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 9:45 am

more_horiz
ok ive followed instructions and thank you for helping

the first log OTL.txt is:

OTL logfile created on: 26/06/2011 10:36:04 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Veron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.24 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 68.54% Memory free
4.09 Gb Paging File | 3.44 Gb Available in Paging File | 84.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 123.48 Gb Free Space | 82.89% Space Free | Partition Type: NTFS
Drive D: | 562.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-CA08B8A03F | User Name: Veron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 10:23:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2011/03/14 19:36:30 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/24 20:21:47 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 19:09:11 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/26 14:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/07/21 09:08:31 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 14:33:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 14:33:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 14:33:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/06/22 09:23:46 | 000,662,016 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 10:23:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/07/26 14:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/07/21 09:08:31 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 14:33:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 22:40:26 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/26 14:17:06 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/07/26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/15 14:33:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/07 08:42:33 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/21 04:26:36 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/06/21 04:26:36 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/06/21 04:26:36 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/06/21 04:26:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/12 11:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/04/27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/04/27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010/04/27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010/04/27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 03:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/04/27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/06/23 09:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2005/08/17 14:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 20:22:21 | 000,000,000 | ---D | M]

[2009/07/18 21:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Extensions
[2011/06/06 09:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions
[2010/07/09 14:01:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 18:27:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/06/06 09:33:30 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/01/07 08:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/11/05 18:30:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/08/08 14:42:19 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\searchplugins\askcom.xml
[2011/06/26 02:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/03 17:03:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/25 03:58:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/15 21:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/08/25 03:58:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/05 03:04:22 | 000,610,636 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16306 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [929976224] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Veron\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Veron\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Veron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Veron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 20:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{610af626-5982-11e0-b1ad-001676297e51}\Shell - "" = AutoRun
O33 - MountPoints2\{610af626-5982-11e0-b1ad-001676297e51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{610af626-5982-11e0-b1ad-001676297e51}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HsdService - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: ServicepointService - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HsdService - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: ServicepointService - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 10:21:48 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.exe
[2011/06/26 10:10:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/26 10:07:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/26 03:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/06/26 03:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2011/06/26 03:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/26 03:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/06/26 03:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/06/26 03:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/06/26 03:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/06/26 03:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/06/26 02:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/26 02:33:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/26 00:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\My Documents\DivX Movies
[2011/06/14 20:33:32 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/06 09:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\My Documents\iMacros
[2011/06/05 18:32:37 | 012,340,504 | ---- | C] (Mozilla) -- C:\Documents and Settings\Veron\Desktop\Firefox Setup 4.0.1.exe
[2011/06/03 17:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/03 17:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/07/29 00:10:58 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/07/29 00:10:52 | 000,241,664 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/26 10:34:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/26 10:29:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\prvlcl.dat
[2011/06/26 10:23:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.exe
[2011/06/26 10:12:00 | 078,619,546 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/26 09:59:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 03:31:22 | 000,441,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 03:31:22 | 000,071,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/26 03:28:37 | 003,426,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/26 03:28:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 02:53:12 | 000,017,012 | -HS- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\t05kv0komxexml6l86yyf04
[2011/06/26 02:53:12 | 000,017,012 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t05kv0komxexml6l86yyf04
[2011/06/26 02:44:14 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/26 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HOME-CA08B8A03F-Veron.job
[2011/06/22 14:02:09 | 002,377,490 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\004U04bnAOC.gif
[2011/06/22 14:01:53 | 003,241,249 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\004W04bnAOC.gif
[2011/06/22 14:01:37 | 004,820,317 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\004X04bnAOC.gif
[2011/06/22 14:01:23 | 002,738,258 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\004Z04bnAOC.gif
[2011/06/22 14:01:02 | 002,234,779 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\804-04bnAOC.gif
[2011/06/22 11:54:29 | 000,049,142 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\002.jpg
[2011/06/22 11:54:25 | 000,037,025 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\038.jpg
[2011/06/22 11:54:20 | 000,018,773 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\027.jpg
[2011/06/22 11:54:17 | 000,028,968 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\004.jpg
[2011/06/22 11:54:03 | 000,022,828 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\041.jpg
[2011/06/22 11:53:56 | 000,046,255 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\078.jpg
[2011/06/22 11:53:52 | 000,026,410 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\007.jpg
[2011/06/21 21:53:57 | 003,171,523 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\800a0559yPH.gif
[2011/06/17 13:58:28 | 000,023,520 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\georgina-wilson-beauty-3.jpg
[2011/06/09 15:10:01 | 001,228,703 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\80010559dmHruyiruyi.gif
[2011/06/09 15:09:26 | 001,228,703 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\80010559dmH.gif
[2011/06/08 21:13:08 | 000,110,279 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\sunset_sailing.jpg
[2011/06/08 21:11:28 | 000,021,406 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\full_moon_small.jpg
[2011/06/07 19:22:18 | 002,045,930 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\8003054XC9h.gif
[2011/06/07 17:33:18 | 000,023,856 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\800s053L7gf.jpg
[2011/06/07 17:30:48 | 000,013,863 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\lara.jpg
[2011/06/05 18:37:21 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Veron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/05 18:37:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/05 18:36:47 | 012,340,504 | ---- | M] (Mozilla) -- C:\Documents and Settings\Veron\Desktop\Firefox Setup 4.0.1.exe
[2011/06/04 21:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/06/25 23:50:57 | 000,017,012 | -HS- | C] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\t05kv0komxexml6l86yyf04
[2011/06/25 23:50:57 | 000,017,012 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t05kv0komxexml6l86yyf04
[2011/06/22 14:02:08 | 002,377,490 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\004U04bnAOC.gif
[2011/06/22 14:01:52 | 003,241,249 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\004W04bnAOC.gif
[2011/06/22 14:01:36 | 004,820,317 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\004X04bnAOC.gif
[2011/06/22 14:01:18 | 002,738,258 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\004Z04bnAOC.gif
[2011/06/22 14:00:52 | 002,234,779 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\804-04bnAOC.gif
[2011/06/22 11:54:29 | 000,049,142 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\002.jpg
[2011/06/22 11:54:24 | 000,037,025 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\038.jpg
[2011/06/22 11:54:20 | 000,018,773 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\027.jpg
[2011/06/22 11:54:16 | 000,028,968 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\004.jpg
[2011/06/22 11:54:03 | 000,022,828 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\041.jpg
[2011/06/22 11:53:56 | 000,046,255 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\078.jpg
[2011/06/22 11:53:50 | 000,026,410 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\007.jpg
[2011/06/21 21:53:56 | 003,171,523 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\800a0559yPH.gif
[2011/06/17 13:58:28 | 000,023,520 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\georgina-wilson-beauty-3.jpg
[2011/06/09 15:10:01 | 001,228,703 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\80010559dmHruyiruyi.gif
[2011/06/09 15:09:26 | 001,228,703 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\80010559dmH.gif
[2011/06/08 21:13:08 | 000,110,279 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\sunset_sailing.jpg
[2011/06/08 21:11:28 | 000,021,406 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\full_moon_small.jpg
[2011/06/07 19:22:17 | 002,045,930 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\8003054XC9h.gif
[2011/06/07 17:33:18 | 000,023,856 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\800s053L7gf.jpg
[2011/06/07 17:30:47 | 000,013,863 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\lara.jpg
[2011/06/05 18:37:21 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/05 18:37:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/05 18:37:21 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/03 04:20:55 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\FASTWiz.html
[2010/11/20 02:37:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/30 10:01:57 | 000,102,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/29 13:16:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/29 13:16:25 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/29 13:16:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\$_hpcst$.hpc
[2010/08/21 18:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/08/21 15:27:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/08/21 15:27:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/08/21 15:27:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/21 15:27:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/21 15:27:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/08/21 15:27:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/08/21 15:27:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/08/21 15:27:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/08/21 15:27:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/08/21 15:27:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/08/21 15:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/08/21 15:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/08/21 15:27:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/08/21 15:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/08/21 15:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/08/21 15:27:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/08/21 15:27:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/08/21 15:27:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/08/21 15:27:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/03 16:11:22 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\Adobe GIF Format CS5 Prefs
[2010/07/29 00:10:58 | 003,486,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/07/29 00:10:58 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/07/29 00:10:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/07/26 14:18:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010/07/26 14:18:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/07/26 14:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2009/11/10 18:53:22 | 000,014,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/10 17:46:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\prvlcl.dat
[2009/08/05 20:18:27 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 19:09:37 | 013,561,888 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/29 19:09:37 | 000,643,104 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/07/18 21:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/18 20:35:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/18 20:32:05 | 003,426,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/18 20:22:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/18 20:18:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/22 21:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 21:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,441,432 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,071,176 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2010/12/29 20:39:12 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Veron\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/05 18:36:47 | 012,340,504 | ---- | M] (Mozilla) -- C:\Documents and Settings\Veron\Desktop\Firefox Setup 4.0.1.exe
[2011/06/26 10:23:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/14 17:41:09 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 17:41:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/14 17:41:09 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[1 C:\Program Files\Mozilla Firefox\*.tmp files -> C:\Program Files\Mozilla Firefox\*.tmp -> ]

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/07/19 20:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/06/26 03:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/06/26 03:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/26 03:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/11/10 16:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/06 18:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/07/18 22:47:18 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2011/01/26 05:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/06/26 02:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/18 20:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/06/26 03:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/02/03 05:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Driving Test Success - All Tests (2009-2010)
[2010/12/20 03:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Flick
[2011/01/07 08:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/02/25 14:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/02/25 14:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2009/08/06 10:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/12/03 15:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\FoxyTunes
[2009/11/05 18:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ6Toolbar
[2010/08/09 05:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\ImageConverter Plus
[2011/05/18 23:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2011/02/03 01:24:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/18 21:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/26 03:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/26 05:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/01/26 05:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/15 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/25 03:59:01 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/08/06 19:28:05 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 13:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2011/06/26 03:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/15 17:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/18 20:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/06/16 22:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/15 17:47:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/15 17:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/06/26 03:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/26 03:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/17 04:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/18 20:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/07/18 20:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/06/26 03:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/28 23:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\Noel Danjou
[2009/08/05 14:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/07/18 20:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/08/25 03:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/06/04 15:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2011/06/26 03:14:50 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/29 13:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2011/06/04 18:51:06 | 000,000,000 | ---D | M] -- C:\Program Files\PKR
[2011/02/25 14:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Privoxy
[2011/06/26 03:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/11/17 04:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/29 13:17:09 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2009/07/18 20:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2011/06/03 17:03:59 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/06/26 03:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/11/06 18:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareGuard
[2009/08/01 17:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/08/08 16:55:23 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2009/07/18 20:24:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/29 00:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\USB2.0 UVC Camera
[2010/12/17 00:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/05/18 21:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\Virgin Media
[2009/07/18 21:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/06/26 00:18:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/18 22:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/06/26 03:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/06/26 03:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/18 20:19:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/18 20:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/14 14:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe

< MD5 for: IASTOR.SYS >
[2005/04/25 16:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\Documents and Settings\Veron\Local Settings\temp\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-26 09:35:00

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Veron\Local Settings\Application Data\ekj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Veron\Local Settings\Application Data\ekj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Veron\Local Settings\Application Data\ekj.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Veron\Local Settings\Application Data\ekj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Veron\Local Settings\Application Data\ekj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Veron\Local Settings\Application Data\ekj.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/06/04 15:09:47 | 000,941,936 | ---- | M] (Opera Software)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 9:46 am

more_horiz
OTL Extras logfile created on: 26/06/2011 10:36:04 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Veron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.24 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 68.54% Memory free
4.09 Gb Paging File | 3.44 Gb Available in Paging File | 84.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 123.48 Gb Free Space | 82.89% Space Free | Partition Type: NTFS
Drive D: | 562.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-CA08B8A03F | User Name: Veron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{223A0FFB-5BAE-4541-B4AA-5688384FA77E}" = USB2.0 UVC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"7-Zip" = 7-Zip 4.65
"AMCap" = AMCap
"AVG9Uninstall" = AVG Free 9.0
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.11.2109" = Opera 11.11
"PKR" = PKR
"Privoxy" = Privoxy (remove only)
"PROSet" = Intel(R) PRO Network Connections Drivers
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/04/2011 12:10:21 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1001
Description = Fault bucket -1899419953.

Error - 18/05/2011 16:37:44 | Computer Name = HOME-CA08B8A03F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 18/05/2011 16:37:44 | Computer Name = HOME-CA08B8A03F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 03/06/2011 13:28:54 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17096, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/06/2011 13:28:55 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17096, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/06/2011 21:04:54 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.101:5353 23 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 Norman-PC.local.

Error - 03/06/2011 21:04:54 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 29 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 home-ca08b8a03f.local.

Error - 03/06/2011 21:40:04 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353 23 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 Norman-PC.local.

Error - 03/06/2011 21:40:04 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 29 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 home-ca08b8a03f.local.

Error - 04/06/2011 09:43:35 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 22/04/2011 12:10:21 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1001
Description = Fault bucket -1899419953.

Error - 18/05/2011 16:37:44 | Computer Name = HOME-CA08B8A03F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 18/05/2011 16:37:44 | Computer Name = HOME-CA08B8A03F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 03/06/2011 13:28:54 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17096, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/06/2011 13:28:55 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17096, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/06/2011 21:04:54 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.101:5353 23 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 Norman-PC.local.

Error - 03/06/2011 21:04:54 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 29 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 home-ca08b8a03f.local.

Error - 03/06/2011 21:40:04 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.100:5353 23 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 Norman-PC.local.

Error - 03/06/2011 21:40:04 | Computer Name = HOME-CA08B8A03F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 29 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 home-ca08b8a03f.local.

Error - 04/06/2011 09:43:35 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application SETUP.EXE, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/06/2011 01:24:43 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/06/2011 01:24:46 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/06/2011 01:24:48 | Computer Name = HOME-CA08B8A03F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/06/2011 01:33:51 | Computer Name = HOME-CA08B8A03F | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 26/06/2011 01:33:51 | Computer Name = HOME-CA08B8A03F | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 26/06/2011 05:00:27 | Computer Name = HOME-CA08B8A03F | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 26/06/2011 05:00:27 | Computer Name = HOME-CA08B8A03F | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 26/06/2011 05:34:21 | Computer Name = HOME-CA08B8A03F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 26/06/2011 05:34:48 | Computer Name = HOME-CA08B8A03F | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 26/06/2011 05:34:53 | Computer Name = HOME-CA08B8A03F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft XML Core Services 6.0 Service Pack
2 (KB973686).


< End of report >

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 4:28 pm

more_horiz
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:


:files
C:\Documents and Settings\Veron\Local Settings\Application Data\t05kv0komxexml6l86yyf04
C:\Documents and Settings\All Users\Application Data\t05kv0komxexml6l86yyf04

:otl
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKCU..\Run: [929976224] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Search Protection] File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found


  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.
Allow MBAM to repair all problems that were found.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 6:53 pm

more_horiz

i ran the OTl scan as advised and the scan was ok here's the log

========== FILES ==========
C:\Documents and Settings\Veron\Local Settings\Application Data\t05kv0komxexml6l86yyf04 moved successfully.
C:\Documents and Settings\All Users\Application Data\t05kv0komxexml6l86yyf04 moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\929976224 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.

OTL by OldTimer - Version 3.2.24.1 log created on 06262011_192909


thats malwarebytes updated and the scan log is below for you

the scan completed successfully and no malicious item were found

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26/06/2011 19:46:54
mbam-log-2011-06-26 (19-46-54).txt

Scan type: Quick scan
Objects scanned: 127593
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aswmbr scan successful
and here that is also


aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-26 19:50:38
-----------------------------
19:50:38.390 OS Version: Windows 5.1.2600 Service Pack 2
19:50:38.390 Number of processors: 1 586 0x409
19:50:38.390 ComputerName: HOME-CA08B8A03F UserName: Veron
19:50:39.390 Initialize success
19:51:02.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
19:51:02.171 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
19:51:04.203 Disk 0 MBR read successfully
19:51:04.203 Disk 0 MBR scan
19:51:04.203 Disk 0 Windows XP default MBR code
19:51:06.203 Disk 0 scanning sectors +312480315
19:51:06.218 Disk 0 scanning C:\WINDOWS\system32\drivers
19:51:13.125 Service scanning
19:51:14.234 Disk 0 trace - called modules:
19:51:14.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:51:14.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a973ab8]
19:51:14.234 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a900b00]
19:51:14.234 Scan finished successfully
19:51:33.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Veron\Desktop\MBR.dat"
19:51:33.718 The log file has been saved successfully to "C:\Documents and Settings\Veron\Desktop\aswMBR.txt"


thank you

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 8:19 pm

more_horiz
Excellent. As far as I can see, your computer is CLEAN.

Fake XP Internet Security 2012 Clean_computer

====================

OK, you need to re-install Windows Service Pack 3.
Visit http://windowsupdate.microsoft.com (using Internet Explorer) and allow this website to check your computer and download&install updates.

Let me know if you encounter any problems.

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

I see that you have P2P software installed on your machine (BitTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

After all this, do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?




descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 26th June 2011, 11:11 pm

more_horiz
ok i reinstalled java version 6 update 26 verified it i got rid of bit torrent as i dont want any more problems and i would love to know all about your Awesome List Or Recommendations

but i do have 1 more little problem

ok so i start my pc normally and theres a black screen with the message " floppy diskette seek failure strike F1 to continue"

i have no idea where it came from or what happened to cause it to load up like this so your help is greatly appreciated

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 27th June 2011, 6:24 am

more_horiz
That is a BIOS setting. When you boot up your computer, you will probably see something like "press [DEL] to enter setup". It could be some other key, you will see that when you start up. ANyway, hit that key to enter setup (= computer BIOS)

Careful when you are in the BIOS, because you don´t want to change any of the correct settings. Browse through the different screens and find the setting that says something like "floppy diskette seek on startup" and DISABLE that setting.

Your computer will stop looking for the floppy and stop giving you that error.

Let me know if that worked out!

====================

Here comes my ALORTKYCC!

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Avira. 100 million users can´t be wrong. If you want high detection rates, this is your best free bet.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012 27th June 2011, 8:31 pm

more_horiz
i ran the set up searched for the diskette seek on start up diabled it and now my pc is loading up as normal i now have panda and comodo firewall

thank you so much for all your help your a super star Big Grin:D:D:

descriptionFake XP Internet Security 2012 EmptyRe: Fake XP Internet Security 2012

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum