task bar says "YOU HAVE SECURITY PROBLEM" [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

task bar says "YOU HAVE SECURITY PROBLEM" [RESOLVED]

Options

bazmataz4 View Member Profile	Oct 11 2008, 09:49 AM Post #1
New Member Posts: 7 OS: windows vista	i came on my computer yesterday to find that i have message that keeps popping up on my task bar in the bottom right saying "YOU HAVE A SECURITY PROBLEM". if i click the X on it it goes away for a few seconds before returning. if i click on the main body of the message then it brings up other pop up's saying i have problems with spyware/malware etc........asking me to click OK and YES to install and download AVG 2009. But it just seems like an advertisement to me because it goes round in circles. if i click YES or OK then it still says i have a problem. sometimes it pops up on its own with various warning messages. i havce tryed restarting and shutting down the computer. i have already got AVG 8.0 which i have scanned the hwole computer with and had nothing come back off it, saying everything is ok and all is upto date. its annoying and frustrating having this constant pop up. i dont know if it legit or not!!!!! or if i have a virus. please help.

Essexboy View Member Profile	Oct 11 2008, 10:14 AM Post #2
Global Moderator Posts: 9,558 From: Darkest Cornwall OS: Vista Ultimate	Hi there lets see what you have. I will need you to download and run two programmes for me. From this I will be able to determine what action to take FIRST Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. SECOND To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All User Accounts Check the Radio button for Rootkit check YES Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days Under Additional Scans check the following: Reg - BotCheck File - Additional Folder Scans File - Purity Scan Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Logs required : MBAM posted and OTScanit attached

bazmataz4 View Member Profile	Oct 11 2008, 01:03 PM Post #3
New Member Posts: 7 OS: windows vista	THANKS FOR YOUR HELP. I HAVE COPIED IN THE LOG FROM THE MBAM PROGRAM HOWEVER THE LOG FROM THE OTCANIT WAS 750K WHICH WAS TOO LARGE TO ATTACH AS A DOCUMENT. I HAVE ALSO COPIED THAT IN FOR YOU UNDER THE MBAM LOG IF THAT HELPS. THANKS. Malwarebytes' Anti-Malware 1.28 Database version: 1257 Windows 6.0.6000 11/10/2008 19:38:45 mbam-log-2008-10-11 (19-38-45).txt Scan type: Quick Scan Objects scanned: 49002 Time elapsed: 7 minute(s), 0 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 22 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 7 Files Infected: 4 Memory Processes Infected: C:\Users\Ash\AppData\Local\Temp\c.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Users\Ash\AppData\Local\Temp\video1067.cfg.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfox (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Users\Ash\AppData\Local\Temp\c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Ash\AppData\Local\Temp\video1067.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ash\AppData\Local\Temp\video1067.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. THIS IS THE OTSCANIT LOG. CODE OTScanIt logfile created on: 11/10/2008 19:42:57 OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Users\Ash\Desktop\OTScanIt Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16711) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1013.44 Mb Total Physical Memory \| 277.96 Mb Available Physical Memory \| 27.43% Memory free 2.22 Gb Paging File \| 1.07 Gb Available in Paging File \| 48.16% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 37.11 Gb Total Space \| 9.47 Gb Free Space \| 25.51% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 35.95 Gb Total Space \| 35.87 Gb Free Space \| 99.75% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASH-PC Current User Name: Ash Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On [Processes - Non-Microsoft Only] tpwrmain.exe -> %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.exe -> TOSHIBA Corporation [Ver = 1.0.0.1 \| Size = 411768 bytes \| Modified Date = 14/12/2006 20:07:26 \| Attr = ] smoothview.exe -> %ProgramFiles%\TOSHIBA\SmoothView\SmoothView.exe -> TOSHIBA Corporation [Ver = 3, 0, 0, 2 \| Size = 493688 bytes \| Modified Date = 14/12/2006 20:09:48 \| Attr = ] tcrdmain.exe -> %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe -> TOSHIBA Corporation [Ver = 1.0.0.7 \| Size = 530552 bytes \| Modified Date = 11/12/2006 18:27:12 \| Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.0 27Oct06 \| Size = 815104 bytes \| Modified Date = 27/10/2006 13:50:52 \| Attr = ] rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.7 \| Size = 3772416 bytes \| Modified Date = 07/11/2006 14:50:50 \| Attr = ] ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 7 \| Size = 1372160 bytes \| Modified Date = 14/11/2006 23:02:36 \| Attr = ] application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.2.10.58 \| Size = 528384 bytes \| Modified Date = 28/05/2007 10:14:42 \| Attr = R ] toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 2.00.01 \| Size = 413696 bytes \| Modified Date = 13/11/2006 10:06:54 \| Attr = ] agrsmsvc.exe -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 2.1.73.0 \| Size = 9216 bytes \| Modified Date = 12/09/2006 08:03:00 \| Attr = ] cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 \| Size = 40960 bytes \| Modified Date = 14/11/2006 21:33:10 \| Attr = ] toddsrv.exe -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 \| Size = 114688 bytes \| Modified Date = 25/05/2006 19:30:16 \| Attr = ] toscosrv.exe -> %ProgramFiles%\TOSHIBA\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.1 \| Size = 428152 bytes \| Modified Date = 14/12/2006 20:06:14 \| Attr = ] ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 \| Size = 49152 bytes \| Modified Date = 23/08/2006 17:39:48 \| Attr = ] syntoshiba.exe -> %ProgramFiles%\Synaptics\SynTP\SynToshiba.exe -> Synaptics, Inc. [Ver = 9.1.0 27Oct06 \| Size = 192512 bytes \| Modified Date = 27/10/2006 13:11:02 \| Attr = ] cfswmgr.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSwMgr.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 7 \| Size = 405504 bytes \| Modified Date = 14/11/2006 22:19:42 \| Attr = ] generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca AB [Ver = 1.5.0.395 \| Size = 983040 bytes \| Modified Date = 16/03/2007 03:23:20 \| Attr = R ] epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1234 \| Size = 880640 bytes \| Modified Date = 19/04/2007 11:33:54 \| Attr = R ] [Win32 Services - Non-Microsoft Only] (AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own \| Auto \| Running] -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 2.1.73.0 \| Size = 9216 bytes \| Modified Date = 12/09/2006 08:03:00 \| Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared \| Unknown \| Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (CFSvcs) ConfigFree Service [Win32_Own \| Auto \| Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 \| Size = 40960 bytes \| Modified Date = 14/11/2006 21:33:10 \| Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared \| Unknown \| Running] -> %SystemRoot%\system32\svchost.exe -> File not found (idsvc) Windows CardSpace [Win32_Shared \| Unknown \| Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found (iPod Service) iPod Service [Win32_Own \| On_Demand \| Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found (MSDTC) Distributed Transaction Coordinator [Win32_Own \| Unknown \| Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found (Schedule) Task Scheduler [Win32_Shared \| Unknown \| Running] -> %systemroot%\system32\svchost.exe -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared \| Unknown \| Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own \| Auto \| Running] -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 \| Size = 114688 bytes \| Modified Date = 25/05/2006 19:30:16 \| Attr = ] (TosCoSrv) TOSHIBA Power Saver [Win32_Own \| Auto \| Running] -> %ProgramFiles%\TOSHIBA\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.1 \| Size = 428152 bytes \| Modified Date = 14/12/2006 20:06:14 \| Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own \| Unknown \| Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found (UleadBurningHelper) Ulead Burning Helper [Win32_Own \| Auto \| Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 \| Size = 49152 bytes \| Modified Date = 23/08/2006 17:39:48 \| Attr = ] (WdiServiceHost) Diagnostic Service Host [Win32_Shared \| Unknown \| Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared \| Unknown \| Running] -> %SystemRoot%\System32\svchost.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 00TCrdMain -> %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> TOSHIBA Corporation [Ver = 1.0.0.7 \| Size = 530552 bytes \| Modified Date = 11/12/2006 18:27:12 \| Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.172 \| Size = 1234712 bytes \| Modified Date = 08/10/2008 21:18:25 \| Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.1.1.4 \| Size = 107112 bytes \| Modified Date = 24/10/2006 22:08:00 \| Attr = ] HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.1114 \| Size = 106496 bytes \| Modified Date = 06/11/2006 09:05:32 \| Attr = ] HSON -> %ProgramFiles%\TOSHIBA\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 1 \| Size = 55416 bytes \| Modified Date = 07/12/2006 17:49:20 \| Attr = ] IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1114 \| Size = 98304 bytes \| Modified Date = 06/11/2006 09:02:32 \| Attr = ] IS CfgWiz -> %CommonProgramFiles%\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe ["C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"] -> Symantec Corporation [Ver = 7.1.0.136 \| Size = 46728 bytes \| Modified Date = 24/10/2006 08:19:00 \| Attr = ] NDSTray.exe -> [NDSTray.exe] -> File not found NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.10.9746 \| Size = 7766016 bytes \| Modified Date = 07/12/2006 20:25:00 \| Attr = ] NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.10.9746 \| Size = 81920 bytes \| Modified Date = 07/12/2006 20:25:00 \| Attr = ] NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.10.9746 \| Size = 90191 bytes \| Modified Date = 07/12/2006 20:25:00 \| Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 10.1.0.38 \| Size = 22696 bytes \| Modified Date = 27/10/2006 00:18:00 \| Attr = ] Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1114 \| Size = 81920 bytes \| Modified Date = 06/11/2006 09:02:18 \| Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.1.6 \| Size = 282624 bytes \| Modified Date = 27/04/2007 09:41:54 \| Attr = ] RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1.0.0.7 \| Size = 3772416 bytes \| Modified Date = 07/11/2006 14:50:50 \| Attr = ] SmoothView -> %ProgramFiles%\TOSHIBA\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> TOSHIBA Corporation [Ver = 3, 0, 0, 2 \| Size = 493688 bytes \| Modified Date = 14/12/2006 20:09:48 \| Attr = ] Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ["C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions] -> [Ver = 2.2.10.58 \| Size = 528384 bytes \| Modified Date = 28/05/2007 10:14:42 \| Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 \| Size = 77824 bytes \| Modified Date = 15/12/2006 11:11:14 \| Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 9.1.0 27Oct06 \| Size = 815104 bytes \| Modified Date = 27/10/2006 13:50:52 \| Attr = ] topi -> %ProgramFiles%\TOSHIBA\Toshiba Online Product Information\TOPI.exe [C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup] -> TOSHIBA [Ver = 1.0.0.0 \| Size = 577536 bytes \| Modified Date = 15/12/2006 17:11:46 \| Attr = ] Toshiba Registration -> %ProgramFiles%\TOSHIBA\Registration\ToshibaRegistration.exe [C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe] -> Toshiba [Ver = 3.0.0.0 \| Size = 554640 bytes \| Modified Date = 13/12/2006 15:42:34 \| Attr = ] TPwrMain -> %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> TOSHIBA Corporation [Ver = 1.0.0.1 \| Size = 411768 bytes \| Modified Date = 14/12/2006 20:07:26 \| Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TOSCDSPD -> [TOSCDSPD.EXE] -> File not found < Run [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TOSCDSPD -> [TOSCDSPD.EXE] -> File not found < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> AppInit_DLLs -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 \| Size = 10520 bytes \| Modified Date = 18/07/2008 11:27:20 \| Attr = ] MultiFile Done -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> Shell -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) \| Size = 2923520 bytes \| Modified Date = 16/11/2007 12:12:20 \| Attr = ] MultiFile Done -> -> UserInit -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) \| Size = 24576 bytes \| Modified Date = 02/11/2006 10:45:50 \| Attr = ] MultiFile Done -> -> VMApplet -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) \| Size = 11315712 bytes \| Modified Date = 24/04/2008 05:51:39 \| Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) \| Size = 238080 bytes \| Modified Date = 02/11/2006 10:44:42 \| Attr = ] MultiFile Done -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1114 \| Size = 212992 bytes \| Modified Date = 06/11/2006 09:00:48 \| Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> AutoRunAlwaysDisable -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> TORiSAN CD-ROM CDR_C36 -> -> File not found NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found MultiFile Done -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) \| Size = 67072 bytes \| Modified Date = 02/11/2006 09:51:44 \| Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> autoexec.bat [REM Dummy file for NTVDM \| ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = \| Size = 24 bytes \| Modified Date = 18/09/2006 22:43:36 \| Attr = ] < HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 127.0.0.1 localhost ::1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://uk.yahoo.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\] > -> -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\: Main\\Start Page -> http://uk.yahoo.com/ -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 \| Size = 63128 bytes \| Modified Date = 12/01/2006 21:38:22 \| Attr = ] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.3.6 \| Size = 96984 bytes \| Modified Date = 23/10/2006 21:34:00 \| Attr = R ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 \| Size = 455960 bytes \| Modified Date = 03/09/2008 08:12:58 \| Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 \| Size = 501384 bytes \| Modified Date = 15/12/2006 11:11:14 \| Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 \| Size = 2055960 bytes \| Modified Date = 18/07/2008 12:33:45 \| Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.3.6 \| Size = 565960 bytes \| Modified Date = 23/10/2006 21:34:00 \| Attr = R ] {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 \| Size = 2055960 bytes \| Modified Date = 18/07/2008 12:33:45 \| Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 \| Size = 2055960 bytes \| Modified Date = 18/07/2008 12:33:45 \| Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 \| Size = 2055960 bytes \| Modified Date = 18/07/2008 12:33:45 \| Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 \| Size = 132744 bytes \| Modified Date = 15/12/2006 11:11:14 \| Attr = ] {C08CAF1D-C0A3-40D5-9970-06D067EAC017}:Exec -> [eBay] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Send to &Bluetooth Device... -> %ProgramFiles%\Belkin\Bluetooth Software\btsendto_ie_ctx.htm -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\] > -> HKEY_USERS\S-1-5-21-558655195-2572208897-110571173-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Send to &Bluetooth Device... -> %ProgramFiles%\Belkin\Bluetooth Software\btsendto_ie_ctx.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {454186D2-AFB3-401F-9944-3A85906A058A} -> (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> {4587D5CF-DCD6-4CD4-A42D-6B9633781D1E} -> (Atheros AR5006EG Wireless Network Adapter) -> {5EA7FC9A-7371-405D-876C-7DEB0A33D5A9} -> (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> {EB215E6A-B2F1-48D9-85C2-61AFCCCDE423} -> (Intel(R) PRO/100 VE Network Connection) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = \| Size = 79128 bytes \| Modified Date = 18/07/2008 11:29:05 \| Attr = ] < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/x-mrml:{C51721BE-858B-4A66-A8BF-D2882FF49820}[HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\A&W\MidRadio.ocx[MRLMimeFilter Class] -> YAMAHA CORPORATION [Ver = 2, 1, 1, 1 \| Size = 294912 bytes \| Modified Date = 10/02/2003 18:56:30 \| Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}[HKEY_LOCAL_MACHINE] -> http://dl.tvunetworks.com/TVUAx.cab[CTVUAxCtrl Object] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[Facebook Photo Uploader 4] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4.1.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4.1.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4.1.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader4_5.ocx\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {0CCA191D-13A6-4E29-B746-314DEE697D83} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ImageUploader5.ocx\\{0CCA191D-13A6-4E29-B746-314DEE697D83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/TVUAx.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/TVUAx.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/TVUAx.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/libeay32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage&#

Essexboy View Member Profile	Oct 11 2008, 01:09 PM Post #4
Global Moderator Posts: 9,558 From: Darkest Cornwall OS: Vista Ultimate	Hi bazmataz4 as the OTScanit log is so large could you upload it to Mediafire and post the sharing link, as half of the report was missing

bazmataz4 View Member Profile	Oct 11 2008, 01:11 PM Post #5
New Member Posts: 7 OS: windows vista	sorry not familiar with that. what do i have to do? can you access the file from media fire?

bazmataz4 View Member Profile	Oct 11 2008, 01:15 PM Post #6
New Member Posts: 7 OS: windows vista	sussed it. http://www.mediafire.com/?sharekey=23ae4f9...2db6fb9a8902bda

Essexboy View Member Profile	Oct 11 2008, 03:54 PM Post #7
Global Moderator Posts: 9,558 From: Darkest Cornwall OS: Vista Ultimate	Glad you got it sussed as the wife needed her daily fix of CSI Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. CODE [Unregister Dlls] [Files/Folders - Modified Within 90 days] NY -> 9llCJ4amiU.exe -> C:\Users\Ash\AppData\Local\Temp\9llCJ4amiU.exe NY -> a.exe -> C:\Users\Ash\AppData\Local\Temp\a.exe NY -> b.exe -> C:\Users\Ash\AppData\Local\Temp\b.exe [Empty Temp Folders] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. NEXT Download & Run HijackThis.exe Download HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please. Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. AND FINALLY FOR NOW Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Logs required : OTScanit fix report, Hijackthis log and how is your computer now ?

bazmataz4 View Member Profile	Oct 12 2008, 09:33 AM Post #8
New Member Posts: 7 OS: windows vista	from OTSCANIT [Files/Folders - Modified Within 90 days] C:\Users\Ash\AppData\Local\Temp\9llCJ4amiU.exe moved successfully. C:\Users\Ash\AppData\Local\Temp\a.exe moved successfully. C:\Users\Ash\AppData\Local\Temp\b.exe moved successfully. [Empty Temp Folders] File delete failed. C:\Users\Ash\AppData\Local\Temp\~DF619F.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\Ash\AppData\Local\Temp\~DF6222.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\Ash\AppData\Local\Temp\~DF6E47.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\Ash\AppData\Local\Temp\~DF7BEB.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\Ash\AppData\Local\Temp\~DFBD87.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\TMP0000008ED45C7ED4071D990A scheduled to be deleted on reboot. Windows Temp folder emptied. RecycleBin -> emptied. < End of fix log > OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 10122008_162136 Files moved on Reboot... File C:\Users\Ash\AppData\Local\Temp\~DF619F.tmp not found! File C:\Users\Ash\AppData\Local\Temp\~DF6222.tmp not found! File C:\Users\Ash\AppData\Local\Temp\~DF6E47.tmp not found! File C:\Users\Ash\AppData\Local\Temp\~DF7BEB.tmp not found! File C:\Users\Ash\AppData\Local\Temp\~DFBD87.tmp not found! File C:\Windows\temp\TMP0000008ED45C7ED4071D990A not found!

bazmataz4