WiredWX Hobby Weather ToolsLog in

 


FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

2 posters

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
hi my pc wont complete windows updates they fail this is the message i get at the end of updates
the following updates were not installed
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2653956)
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2675157)
Update Rollup for ActiveX Killbits for Windows XP (KB2695962)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2686509)

also my antivirus wont open or run period!! neither will my comodo firewall update Whoa! please help me


OTL logfile created on: 09/05/2012 23:02:21 - Run 3
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Veron\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.24 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 41.54% Memory free
4.09 Gb Paging File | 3.04 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 93.41 Gb Free Space | 62.71% Space Free | Partition Type: NTFS
Drive D: | 137.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.70 Gb Total Space | 449.17 Gb Free Space | 96.45% Space Free | Partition Type: FAT32

Computer Name: HOME-CA08B8A03F | User Name: Veron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/09 23:01:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\My Documents\downloads\OTL.exe
PRC - [2012/04/28 03:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/25 03:02:04 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/11 22:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 22:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/12/14 20:07:59 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/12/08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/07/26 14:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/06/22 09:23:46 | 000,662,016 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2008/04/14 01:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/28 02:09:18 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2007/02/14 13:55:11 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 13:55:10 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/05 23:42:37 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/11 22:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/07/26 14:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Veron\Desktop\BitDefender\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Veron\Desktop\BitDefender\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Veron\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/11 22:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 22:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 22:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/08/01 12:23:20 | 000,143,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 13:57:57 | 000,112,456 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:38 | 000,129,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/07/26 14:17:06 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/07/26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/06/21 04:26:36 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/06/21 04:26:36 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/06/21 04:26:36 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/06/21 04:26:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/12 11:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/04/27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/04/27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010/04/27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010/04/27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 03:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/04/27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/06/23 09:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2005/08/17 14:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 78 61 7D 6E B4 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0838CC7D-D0B1-4F80-A392-F56E9BABFA4D}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=FM&apn_dtid=YYYYYYYYGB&apn_uid=D91F3965-557C-4C7E-95FC-DDDC75ABC6E6&apn_sauid=16C41658-94F9-44DF-985C-E47543A0D62B
IE - HKCU\..\SearchScopes\{2A5CF302-941D-4E36-8E18-ADA0A429544E}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=7.5.30.4&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2009/07/18 21:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Extensions
[2011/07/18 15:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions
[2010/07/09 14:01:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 18:27:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/06/06 09:33:30 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/07/18 15:47:16 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/07/14 22:25:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/11/05 18:30:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/07/18 15:47:17 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\engine@conduit.com
[2010/08/08 14:42:19 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\searchplugins\askcom.xml
[2011/07/14 23:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 03:58:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/15 21:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/26 23:54:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: BitTorrentBar = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0\

O1 HOSTS File: ([2009/08/05 03:04:22 | 000,610,636 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16306 more lines...
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LG SyncManager.lnk = File not found
O4 - Startup: C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Veron\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Veron\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86BFBBDD-D2D3-4D79-A360-31CC24750164}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Veron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Veron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 20:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/06 15:35:58 | 000,000,053 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{610af626-5982-11e0-b1ad-001676297e51}\Shell - "" = AutoRun
O33 - MountPoints2\{610af626-5982-11e0-b1ad-001676297e51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{610af626-5982-11e0-b1ad-001676297e51}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O33 - MountPoints2\{90270845-73d0-11de-b46f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{90270845-73d0-11de-b46f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90270845-73d0-11de-b46f-806d6172696f}\Shell\AutoRun\command - "" = D:\DWizard615.exe -- [2010/04/29 03:47:22 | 000,554,304 | R--- | M] (D-Link Corp.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 22:10:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/07 16:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Local Settings\Application Data\MetaGeek,_LLC
[2012/05/07 16:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Start Menu\Programs\MetaGeek
[2012/05/07 16:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2012/05/07 16:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/25 03:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Desktop\SHITE PICS N SHIT
[2012/04/14 02:39:35 | 000,301,640 | ---- | C] (Softonic) -- C:\Documents and Settings\Veron\Desktop\SoftonicDownloader_for_windows-live-messenger.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 23:07:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004UA.job
[2012/05/09 22:42:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/09 22:23:38 | 000,441,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 22:23:38 | 000,071,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/09 22:10:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/09 21:19:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/05/09 21:18:16 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/05/09 21:15:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/07 16:19:21 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\inSSIDer.lnk
[2012/05/01 17:10:32 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Veron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/01 17:10:31 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\Google Chrome.lnk
[2012/04/29 03:07:43 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004Core.job
[2012/04/16 02:17:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/04/14 02:39:35 | 000,301,640 | ---- | M] (Softonic) -- C:\Documents and Settings\Veron\Desktop\SoftonicDownloader_for_windows-live-messenger.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/07 16:19:21 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\inSSIDer.lnk
[2012/02/16 14:49:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/05 11:12:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\PSINAflt(2).sys
[2011/06/27 18:35:13 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2011/06/27 17:33:55 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/03 04:20:55 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\FASTWiz.html
[2010/11/20 02:37:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/29 13:16:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/29 13:16:25 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/29 13:16:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\$_hpcst$.hpc
[2010/08/21 18:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/08/21 15:27:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/08/21 15:27:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/08/21 15:27:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/21 15:27:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/21 15:27:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/08/21 15:27:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/08/21 15:27:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/08/21 15:27:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/08/21 15:27:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/08/21 15:27:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/08/21 15:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/08/21 15:27:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/08/21 15:27:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/08/21 15:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/08/21 15:27:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/08/21 15:27:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/08/21 15:27:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/08/21 15:27:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/08/21 15:27:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/03 16:11:22 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\Adobe GIF Format CS5 Prefs
[2010/07/29 00:10:58 | 003,486,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/07/29 00:10:58 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/07/29 00:10:58 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/07/29 00:10:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/07/29 00:10:52 | 000,241,664 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/07/26 14:18:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010/07/26 14:18:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/07/26 14:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2011/06/27 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/14 19:36:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/03 05:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2011/06/04 14:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/03/20 04:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/08/12 04:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2012/03/04 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/06/27 17:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/27 17:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/03/04 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/05/18 21:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/08/08 14:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/29 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/07/22 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/07/29 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/27 18:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/21 15:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/08/08 17:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/06/27 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2012/03/04 22:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/26 05:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 18:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/04/05 15:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\AVG10
[2012/03/05 00:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Azureus
[2011/12/06 11:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/02/13 20:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\DVDVideoSoft
[2011/07/14 22:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\DVDVideoSoftIEHelpers
[2011/02/03 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Epson
[2010/12/03 15:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\FoxyTunes
[2011/05/19 00:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\FrostWire
[2009/08/05 17:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Leadertech
[2010/12/18 02:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Local
[2011/09/02 01:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\MSNInstaller
[2010/08/25 04:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\OpenOffice.org
[2011/04/17 13:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Opera
[2011/06/27 17:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Panda Security
[2011/07/18 15:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\PriceGong
[2011/05/18 21:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Radialpoint
[2010/08/29 13:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Samsung
[2010/08/08 17:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Ulead Systems
[2006/04/05 00:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Virgin Media
[2012/05/09 21:19:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*****************************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LG SyncManager.lnk = File not found
O4 - Startup: C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
ok i ran OTL had to reboot and have log now


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LG SyncManager.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ZooskMessenger.lnk scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.1 log created on 05102012_204554

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LG SyncManager.lnk not found!
File\Folder C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ZooskMessenger.lnk not found!

Registry entries deleted on Reboot...

diagnostic report bel
ow


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {4F1CC042-2A79-4543-B8E0-E5DC71269060}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\licdll.dll[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\ntoskrnl.exe[5.1.2600.6165], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.5781], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.6154], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

Other data-->
Office Details: ~[Filtered]~

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A925:Dell Inc|1A925:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

I had a problem running the SuperAntispyware Free Edition (SAS)

i used both links and i get this message "Super anti Spyware exe Bad Image"
the application or DLL C:\windows\system32\macromed\flash\flash11 ocx is not a valid windows image please check against your installation diskette.
although i currently have it running now scanning awaiting log i will edit and post at the bottom

I managed to run a full scan on my pc with Malwarebytes' Anti-Malware so log follows. i had 1 detection on the volume a (PUP.ToolbarDownloader) and it was removed after reeboot


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Veron :: HOME-CA08B8A03F [administrator]

10/05/2012 19:19:46
mbam-log-2012-05-10 (19-19-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292343
Time elapsed: 1 hour(s), 35 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{60466CB1-1A7C-4469-962C-B8FFEEEC2629}\RP599\A0941412.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
Good job. Let's try this.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
hi there ive followed instructions in the link you gave me & i disabled my panda cloud antivirus via task manager. however when i ran combo-fix i got a message saying that i still had anti virus scanners enabled this picked up panda cloud which i disabled and all the programmes that start it.

it also detected virgin media antivirus security, thing is i unistalled that ages ago so thats really weird.. please help Sad tearing

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
Please run CF in any case and post the log.

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
every thing was going fine run comboFix it started got the message ComboFix will check to see if the Microsoft Windows Recovery Console is installed.. it wasn't and so it installed recovery..

then the recovery was successful click yes to check for malware.. so i did

it ran a scan up to 50% then .. i get BSOD

a problem has been detected and windows has been shut down to prevent damage to your computer.
BAD_POOL_HEADER
if this is the first time youve seen this stop error screen restart computer if this appears again follow these steps
check make sure that any new hard ware or software is properly installed. ask your hardware or software manufacturer for any windows updates you might need.
TECHNICAL INFORMATION ***STOP:0X00000019(0X00000020,0X8885D138,0X08885D550,0X1A830002



So i restarted the pc and i get a microsoft windows message box
The system has recovered from a serious error a log has been created

Error signature
BcCode:19 BcP1:00000020 Bcp28885d138: bcp3:8885d550 bcp4:1a83002 osVer:5_12600 sp:3_0 product768_1


and after this appeared so did the installation wizard for generic volume... if you have hardware that came with the installation cd insert it now.. which i do not have .... :sad:

and heres the super anti spyware log from earlier




SUPERAntiSpyware Scan Log
http://www.superantispyware.com


Generated 05/10/2012 at 11:08 PM


Application Version : 5.0.1148


Core Rules Database Version : 8583
Trace Rules Database Version: 6395


Scan type : Complete Scan
Total Scan Time : 01:37:44


Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator


Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 33914
Registry threats detected : 0
File items scanned : 78810
File threats detected : 184

for some reason i am not allowed to post Adware.Tracking Cookie your site wont allow it

awaiting your instruction & advice thanks

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
a problem has been detected and windows has been shut down to prevent damage to your computer.
BAD_POOL_HEADER
if this is the first time youve seen this stop error screen restart computer if this appears again follow these steps
check make sure that any new hard ware or software is properly installed. ask your hardware or software manufacturer for any windows updates you might need.
TECHNICAL INFORMATION ***STOP:0X00000019(0X00000020,0X8885D138,0X08885D550,0X1A830002

Here's an explanation about this problem. Does it apply to your case?

Delete ComboFix from you desktop.This one is the same problem but you must rename it before downloading it.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
i deleted combo fix from desktop and i reinstalled it via link changing the name before i saved to PCHelpForum.exe

i then closed down all browsers opened task manager found the description of anti virus panda cloud ended the task ran the new combofix i just renamed went straight to scanning for malware bloue box apearred like before

completed to 50%
then BSOD

so it made no difference changing the file name & combo fix is still finding my antivirus running also virgin media antivirus but i removed that months ago

will i just uninstall panda cloud completely i have revo uninstaller ??

thank you

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
Let's try something else first.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
ok i dowloaded aswMBR to desk top ran it .. my comodo firewall said that it was malicious and that in order for the scan to run it best i should download AVAST anti virus

i disregarded that and continued to run a scan here is the log below

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-12 01:12:37
-----------------------------
01:12:37.468 OS Version: Windows 5.1.2600 Service Pack 3
01:12:37.468 Number of processors: 1 586 0x409
01:12:37.468 ComputerName: HOME-CA08B8A03F UserName: Veron
01:12:38.937 Initialze error C0000022 - driver not loaded
01:13:11.890 Service scanning
01:13:22.046 Modules scanning
01:13:22.046 Disk 0 trace - called modules:
01:13:22.046
01:13:22.046 Scan finished successfully
01:14:07.375 The log file has been saved successfully to "C:\Documents and Settings\Veron\Desktop\aswMBR.txt"


descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
That's not the complete log. Please run it again as well as this one.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA338000 cercsr6.sys
0xB9F19000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF9000 fltmgr.sys
0xB9EE7000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9ED0000 KSecDD.sys
0xB9EBD000 WudfPf.sys
0xB9E30000 Ntfs.sys
0xB9E1A000 inspect.sys
0xB9DED000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA340000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB9DD3000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9798000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9784000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB975C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9738000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9712000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA440000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA765000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D7E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB96D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB96C7000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9669000 \SystemRoot\system32\DRIVERS\update.sys
0xBA54C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA218000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA94B7000 \SystemRoot\system32\drivers\sthda.sys
0xA9493000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xBA238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xA7EBE000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA564000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA278000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6D5000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA56C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7369000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7310000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA358000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA72E8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA57C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA72C6000 \SystemRoot\System32\drivers\afd.sys
0xBA298000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA72A4000 \??\C:\Documents and Settings\Veron\Desktop\SASKUTIL.SYS
0xBA360000 \??\C:\Documents and Settings\Veron\Desktop\SASDIFSV.SYS
0xA7279000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7232000 \SystemRoot\system32\DRIVERS\psinknc.sys
0xA714A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA7124000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA378000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA722E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA722A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA6368000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA6350000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA646000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA6390000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA410000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7B6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBF157000 \SystemRoot\System32\ATMFD.DLL
0xA6216000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0xA61FC000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0xA61BD000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0xA61A3000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0xA60C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5E56000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5DAE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5A72000 \SystemRoot\System32\drivers\dgderdrv.sys
0xA5FAB000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xA57F9000 \SystemRoot\system32\drivers\wdmaud.sys
0xA58EE000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5573000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA54E2000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 SYSTEM
708 C:\WINDOWS\system32\smss.exe
756 csrss.exe
784 C:\WINDOWS\system32\winlogon.exe
828 C:\WINDOWS\system32\services.exe
840 C:\WINDOWS\system32\lsass.exe
1044 C:\WINDOWS\system32\svchost.exe
1112 svchost.exe
1208 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1244 C:\WINDOWS\system32\svchost.exe
1256 C:\Program Files\Windows Defender\MsMpEng.exe
1356 C:\WINDOWS\system32\svchost.exe
1468 svchost.exe
1596 svchost.exe
1692 C:\WINDOWS\system32\spoolsv.exe
1824 svchost.exe
1856 C:\Documents and Settings\Veron\Desktop\SASCore.exe
1868 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1884 C:\Program Files\Bonjour\mDNSResponder.exe
1908 svchost.exe
1948 C:\WINDOWS\system32\dgdersvc.exe
284 C:\WINDOWS\system32\FsUsbExService.Exe
300 C:\Program Files\Java\jre6\bin\jqs.exe
516 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
620 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
740 C:\WINDOWS\system32\svchost.exe
960 C:\WINDOWS\system32\wuauclt.exe
2364 alg.exe
3560 C:\WINDOWS\explorer.exe
3540 C:\WINDOWS\system32\rundll32.exe
3644 C:\WINDOWS\system32\hkcmd.exe
3664 C:\WINDOWS\system32\igfxpers.exe
3680 C:\Program Files\Windows Defender\MSASCui.exe
3764 C:\WINDOWS\vsnp2uvc.exe
3820 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
3548 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
3908 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3980 C:\Program Files\Real\RealPlayer\Update\realsched.exe
4056 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4092 C:\WINDOWS\system32\ctfmon.exe
2184 C:\Documents and Settings\Veron\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00000000 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGHD160JJ/P, Rev: ZM100-34
PhysicalDrive1 Model Number: SeagateDesktop, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 6A699B7234A9DF79F2E6FBFBD5F11099D941A768


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
Please run aswMBR.Exe as described in Post 10 and post the full log.

descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
i have followed your instructions accordingly.. i double clicked aswMBR on the desktop.
Automatically a a white box appeared with a red outline apparently from COMODO

says"A mallicious item has been detected"
name: Heur Suspicious @ 1
Location: C:/documents and settings Veron/desktop/aswMBR
More info: http://cima security comodo.com/report23e875589

how should i answer

Clean Ignore

so if i click clean it says " Not all malware could be safely removed some of the threats could not be automatically eliminated

do you want to get live support to remidate the problem now?

Yes Ignore

if i gnore any of this i get a box that appears from aswMBR it says

this application can use the anitivirus Avast free antivirus for scanning (it is reccomended to download it for better detection results

wouldyou like to down load it now

yes no

so i clicked no and went straigt to run scan ... seems im not allowed the full log because im getting these warning boxes

heres the scan thanks

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-12 19:47:23
-----------------------------
19:47:23.625 OS Version: Windows 5.1.2600 Service Pack 3
19:47:23.625 Number of processors: 1 586 0x409
19:47:23.625 ComputerName: HOME-CA08B8A03F UserName: Veron
19:47:25.000 Initialze error C0000022 - driver not loaded
19:49:18.453 Service scanning
19:49:28.609 Modules scanning
19:49:28.609 Disk 0 trace - called modules:
19:49:28.609
19:49:28.609 Scan finished successfully
19:49:43.296 The log file has been saved successfully to "C:\Documents and Settings\Veron\Desktop\aswMBRLOG.txt"


descriptionFAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME  EmptyRe: FAILED SECURITY UPDATES & CAN'T RUN ANTI VIRUS PROGRAMME

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum