Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Error 400 bad request [Solved]


  • This topic is locked This topic is locked

#1
andy_b_1502

andy_b_1502

    Member

  • Member
  • PipPip
  • 40 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:38, on 29/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...w riches online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 125.67.67.197 www.yahoo.com
O1 - Hosts: 125.67.67.197 www.google.com
O1 - Hosts: 125.67.67.197 www.myspace.com
O1 - Hosts: 125.67.67.197 www.youtube.com
O1 - Hosts: 125.67.67.197 www.facebook.com
O1 - Hosts: 125.67.67.197 www.live.com
O1 - Hosts: 125.67.67.197 www.msn.com
O1 - Hosts: 125.67.67.197 www.wikipedia.org
O1 - Hosts: 125.67.67.197 www.ebay.com
O1 - Hosts: 125.67.67.197 www.aol.com
O1 - Hosts: 125.67.67.197 www.craigslist.org
O1 - Hosts: 125.67.67.197 www.blogger.com
O1 - Hosts: 125.67.67.197 www.go.com
O1 - Hosts: 125.67.67.197 www.amazon.com
O1 - Hosts: 125.67.67.197 www.cnn.com
O1 - Hosts: 125.67.67.197 espn.go.com
O1 - Hosts: 125.67.67.197 www.espn.com
O1 - Hosts: 125.67.67.197 www.photobucket.com
O1 - Hosts: 125.67.67.197 www.comcast.net
O1 - Hosts: 125.67.67.197 www.imdb.com
O1 - Hosts: 125.67.67.197 www.wordpress.com
O1 - Hosts: 125.67.67.197 www.nytimes.com
O1 - Hosts: 125.67.67.197 www.weather.com
O1 - Hosts: 125.67.67.197 www.ask.com
O1 - Hosts: 125.67.67.197 www.aim.com
O1 - Hosts: 125.67.67.197 www.apple.com
O1 - Hosts: 125.67.67.197 www.mapquest.com
O1 - Hosts: 125.67.67.197 www.youporn.com
O1 - Hosts: 125.67.67.197 www.fastclick.com
O1 - Hosts: 125.67.67.197 www.pornhub.com
O1 - Hosts: 125.67.67.197 www.rapidshare.com
O1 - Hosts: 125.67.67.197 www.pogo.com
O1 - Hosts: 125.67.67.197 www.redtube.com
O1 - Hosts: 125.67.67.197 www.doubleclick.com
O1 - Hosts: 125.67.67.197 www.att.com
O1 - Hosts: 125.67.67.197 www.adobe.com
O1 - Hosts: 125.67.67.197 www.vnn.com
O1 - Hosts: 125.67.67.197 www.sportsline.com
O1 - Hosts: 125.67.67.197 www.netflix.com
O1 - Hosts: 125.67.67.197 www.dell.com
O1 - Hosts: 125.67.67.197 www.google.co.uk
O1 - Hosts: 125.67.67.197 www.bbc.co.uk
O1 - Hosts: 125.67.67.197 www.ebay.co.uk
O1 - Hosts: 125.67.67.197 www.bebo.com
O1 - Hosts: 125.67.67.197 www.amazon.co.uk
O1 - Hosts: 125.67.67.197 www.sky.com
O1 - Hosts: 125.67.67.197 www.virginmedia.com
O1 - Hosts: 125.67.67.197 www.aol.co.uk
O1 - Hosts: 125.67.67.197 www.hsbc.co.uk
O1 - Hosts: 125.67.67.197 www.antispyware.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1233009961616
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://luckynugget....et/FlashAX2.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10571 bytes


Hi, i have been asked to post this thread on here after my issue left not much answers in another forum, so thanks in advance for any help my way.

The problem being is, i have purchased a Compaq Evo N610c laptop, when i click on internet explorer, i like to have my homepage set to www.google.com but it will not let me access it giving the following message:

HTTP 400 Bad Request

OR If i use Mozilla Firefox

Bad Request (invalid username)

This problem occurs with other sites for example ebay and amazon.

I have took the advice of fellow forum members and performed the following:

Started IE through Start>all programs>IE (without addons)
Pinged www.google.com thorugh CMD command
Tried IE by starting windows in safe mode with networking
Scanned using Avast
Scanned using Spbot Search and Destroy
Proxy settings in LAN settings is un-checked

I have searched high and low all over the internet for a possible solution and have be recomended this site, sorry if it's not the correct forum to post to. Thanks for any help.
  • 0

Advertisements


#2
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, andy_b_1502, and welcome to GeeksToGo!

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Please post back a fresh HijackThis log in your next reply.
  • 0

#3
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thank you Handhfan, i have done what you have suggested and here is a fresh scan of the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:12:08, on 30/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...w riches online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1233009961616
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://luckynugget....et/FlashAX2.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8505 bytes


Thanks for any help.
  • 0

#4
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Are you still getting that error?

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)
  • 0

#5
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi, yes im still getting the error message, here is the Logs of each notepad files generated from OTListit2, I will list the Extras log on here and the OTListit.txt on another thread.

OTListIt Extras logfile created on: 30/01/2009 07:09:57 - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\tara\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 183.66 Mb Available Physical Memory | 35.92% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 18.46 Gb Free Space | 66.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-40O50RWDC7
Current User Name: tara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DACEA66-186D-4187-80B7-4D28ABBAE59D}" = Belkin Wireless Client Utility
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{31378148-07F5-4210-9F20-AD948EA8CF7C}" =
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast!" = avast! Antivirus
"BearShare MediaBar" = MediaBar 2.0
"EPSON Printer and Utilities" = EPSON-printersoftware
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{0DACEA66-186D-4187-80B7-4D28ABBAE59D}" = Belkin Wireless Client Utility
"InstallShield_{31378148-07F5-4210-9F20-AD948EA8CF7C}" =
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SpeedItupFree4.05" = Speeditup Free 4.76
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 20/09/2008 14:43:20 | Computer Name = HOME-40O50RWDC7 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToRootkitSubmit
failed! , function C000003B.

Error - 27/01/2009 05:39:18 | Computer Name = HOME-40O50RWDC7 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

[ Application Events ]
Error - 27/01/2009 12:09:26 | Computer Name = HOME-40O50RWDC7 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 27/01/2009 12:52:00 | Computer Name = HOME-40O50RWDC7 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
. Error code = 0x80131047

Error - 27/01/2009 13:17:48 | Computer Name = HOME-40O50RWDC7 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/01/2009 06:54:31 | Computer Name = HOME-40O50RWDC7 | Source = Application Hang | ID = 1002
Description = Hanging application afrc.exe, version 1.1.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/01/2009 12:51:29 | Computer Name = HOME-40O50RWDC7 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\tara\ntuser.dat

Error - 28/01/2009 12:51:44 | Computer Name = HOME-40O50RWDC7 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 28/01/2009 12:51:44 | Computer Name = HOME-40O50RWDC7 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 28/01/2009 12:51:46 | Computer Name = HOME-40O50RWDC7 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 28/01/2009 12:53:00 | Computer Name = HOME-40O50RWDC7 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 28/01/2009 16:14:39 | Computer Name = HOME-40O50RWDC7 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 29/01/2009 13:20:32 | Computer Name = HOME-40O50RWDC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29/01/2009 13:21:25 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 29/01/2009 13:21:25 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Cdrom Fips intelppm PxHelp20

Error - 29/01/2009 13:23:42 | Computer Name = HOME-40O50RWDC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29/01/2009 13:25:50 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 29/01/2009 13:26:02 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHelp20

Error - 29/01/2009 18:39:42 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 29/01/2009 18:39:49 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHelp20

Error - 30/01/2009 09:01:35 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 30/01/2009 09:01:35 | Computer Name = HOME-40O50RWDC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHelp20


< End of report >
  • 0

#6
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTListIt logfile created on: 30/01/2009 07:09:57 - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\tara\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 183.66 Mb Available Physical Memory | 35.92% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 18.46 Gb Free Space | 66.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-40O50RWDC7
Current User Name: tara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
C:\WINDOWS\system32\aniServ.exe (Airgo Networks, Inc.)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\WINDOWS\system32\PnkBstrA.exe ()
C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
C:\WINDOWS\system32\searchprotocolhost.exe (Microsoft Corporation)
C:\Documents and Settings\tara\My Documents\OTListIt2.exe (OldTimer Tools)
C:\WINDOWS\system32\searchfilterhost.exe (Microsoft Corporation)
C:\WINDOWS\system32\searchprotocolhost.exe (Microsoft Corporation)

========== (O23) Win32 Services (SafeList) ==========

(ANISERVICE [Auto | Running]) -- C:\WINDOWS\system32\aniServ.exe (Airgo Networks, Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
(Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
(avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
(avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
(gusvc [On_Demand | Stopped]) -- File not found
(helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
(idsvc [Unknown | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
(Irmon [Auto | Running]) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
(PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
(uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
(WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
(WSearch [Auto | Running]) -- C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation)
(WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(Aavmker4 [System | Running]) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
(ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
(Airgo [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wnihdd51.sys (Airgo Networks, Inc.)
(aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
(aswMon2 [Auto | Running]) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
(aswRdr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
(aswSP [System | Running]) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
(aswTdi [System | Running]) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
(ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
(AWINDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
(E100B [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
(kbdhid [System | Stopped]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
(ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
(MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\OVCD.sys (Microsoft Corporation)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SMCIRDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
(sptd [Boot | Running]) -- C:\WINDOWS\system32\drivers\sptd.sys ()
(TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
(WNIPROT5 [On_Demand | Running]) -- C:\WINDOWS\system32\WniProt5.sys (Airgo Networks, Inc.)
(xnacc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\xnacc.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (UrlHelper Class) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O3 - HKCU\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft....k/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...SS.cab69309.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233009961616 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driver...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://luckynugget....et/FlashAX2.cab (Flash Casino Helper Object)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/30 07:08:52 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tara\My Documents\OTListIt2.exe
[2009/01/30 05:10:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\My Documents\HostsXpert
[2009/01/30 05:09:57 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\HostsXpert.zip
[2009/01/29 14:58:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\HijackThis.lnk
[2009/01/29 14:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/29 14:57:57 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\tara\My Documents\HJTInstall.exe
[2009/01/29 14:57:11 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\tara\My Documents\HiJackThis.exe
[2009/01/29 14:16:09 | 00,000,000 | ---D | C] -- C:\78e83daf56bea552d3
[2009/01/29 09:57:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Malwarebytes
[2009/01/29 09:57:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/29 09:57:06 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/29 09:57:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/29 09:57:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/29 09:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/29 09:56:38 | 02,737,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tara\My Documents\mbam-setup.exe
[2009/01/29 09:51:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/29 09:50:43 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\NTREGOPT.lnk
[2009/01/29 09:50:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\ERUNT.lnk
[2009/01/29 09:50:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/29 09:49:49 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\tara\My Documents\erunt_setup.exe
[2009/01/29 09:47:12 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\SysRestorePoint_v13.zip
[2009/01/29 08:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Mozilla
[2009/01/29 08:21:17 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/01/29 08:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/01/29 08:20:39 | 07,392,665 | ---- | C] (Mozilla) -- C:\Documents and Settings\tara\My Documents\firefoxinstall_en-gb-m.exe
[2009/01/28 12:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/01/27 09:12:39 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/01/27 09:11:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/01/27 08:45:28 | 30,363,016 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\setupeng.exe
[2009/01/27 08:45:20 | 00,000,955 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2009/01/27 08:45:20 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Spybot - Search & Destroy.lnk
[2009/01/27 08:45:10 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/01/27 08:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/27 08:44:18 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\tara\My Documents\spybotsd160.exe
[2009/01/27 08:33:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/01/27 08:21:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/01/27 08:19:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/01/27 08:13:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/01/27 08:11:30 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/01/27 08:09:20 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/01/27 08:08:54 | 00,000,000 | ---D | C] -- C:\bfab38fef78fe1ffcb53f8496789a008
[2009/01/27 08:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Windows Desktop Search
[2009/01/27 08:08:11 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/01/27 08:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/01/27 08:07:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/01/27 08:07:23 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/01/27 08:07:23 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/01/27 08:06:32 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/01/27 08:06:32 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2009/01/27 08:06:32 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2009/01/27 08:06:28 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/01/27 08:05:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/01/27 08:03:56 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/01/27 08:03:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/01/27 08:03:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/01/27 08:00:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/01/27 07:56:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/01/27 07:55:25 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/01/27 07:50:33 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/01/27 07:50:33 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/01/27 07:50:33 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/01/27 02:44:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/27 02:40:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Local Settings\Application Data\Downloaded Installations
[2009/01/27 02:39:25 | 05,367,728 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\tara\My Documents\DriverDetective.exe
[2009/01/27 02:27:17 | 00,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk
[2009/01/27 02:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2009/01/27 02:24:33 | 23,880,880 | ---- | C] (Compaq Computer Corporation ) -- C:\Documents and Settings\tara\My Documents\sp23454.exe
[2009/01/26 21:25:00 | 22,234,112 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\f5d8010v1.2.0.80a.exe
[2009/01/26 15:41:57 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Abexo Free Registry Cleaner.lnk
[2009/01/26 15:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Abexo
[2009/01/26 15:26:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Local Settings\Application Data\Promosoft Corporation
[2009/01/26 15:04:24 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Internet Explorer.lnk
[2009/01/26 14:46:45 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/01/26 14:24:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\MSN6
[2009/01/26 14:24:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/01/26 14:17:27 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED6A8089-56D1-4D7E-82B5-D6AD3EFC58B7}.job
[2009/01/26 14:10:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/01/15 02:22:00 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/01/15 02:21:44 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/01/15 02:19:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/01/15 02:19:02 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/01/11 19:37:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15838a34.dll
[2009/01/09 20:43:55 | 00,082,944 | ---- | C] () -- C:\WINDOWS\System32\37423a74.dll
[2009/01/08 20:52:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\e7113a.dll
[2009/01/08 14:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/01/08 14:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/01/08 14:12:31 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/01/08 14:12:31 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/01/08 14:12:31 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/01/08 14:12:30 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2009/01/08 14:12:30 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/01/06 14:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Ventrilo
[2009/01/06 12:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Macromedia
[2009/01/06 12:44:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\WinRAR
[2009/01/06 12:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Adobe
[2009/01/06 12:43:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Local Settings\Application Data\Google
[2009/01/06 00:56:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\InstallShield
[2009/01/05 21:12:05 | 00,082,944 | ---- | C] () -- C:\WINDOWS\System32\20a971ba.dll
[2009/01/05 20:53:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 18:17:03 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/05 17:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tara\Local Settings\Application Data\Identities
[2009/01/05 16:12:39 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2009/01/05 16:12:39 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/01/05 16:12:32 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009/01/05 16:12:32 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/01/05 16:12:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009/01/05 16:12:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/01/05 16:12:27 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/01/05 16:12:27 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/01/05 16:12:23 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2009/01/05 16:12:23 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/01/05 16:12:18 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2009/01/05 16:12:18 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/01/05 16:12:14 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2009/01/05 16:12:14 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/01/05 16:12:10 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009/01/05 16:12:10 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/01/05 16:09:05 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVCodek2.sys
[2009/01/05 16:09:05 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2009/01/05 16:09:05 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVCodec2.dll
[2009/01/05 16:09:05 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2009/01/05 16:09:05 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVCam2.sys
[2009/01/05 16:09:05 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2009/01/05 16:09:05 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVUI2.dll
[2009/01/05 16:09:05 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2009/01/05 16:09:05 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVUI2RC.dll
[2009/01/05 16:09:05 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2009/01/05 16:09:05 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVComS.exe
[2009/01/05 16:09:05 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2009/01/05 16:09:05 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVCD.sys
[2009/01/05 16:09:05 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2009/01/05 16:09:05 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVComC.dll
[2009/01/05 16:09:05 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2009/01/05 16:08:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/01/05 16:08:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/01/05 16:08:56 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/01/05 16:08:56 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/01/05 16:08:56 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/01/05 16:08:56 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/01/05 16:08:54 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/01/05 16:08:54 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/30 07:09:00 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\My Documents\OTListIt2.exe
[2009/01/30 07:02:59 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/01/30 05:10:03 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\HostsXpert.zip
[2009/01/30 05:03:06 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/01/30 05:01:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/30 05:00:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/29 15:23:44 | 01,415,174 | -H-- | M] () -- C:\Documents and Settings\tara\Local Settings\Application Data\IconCache.db
[2009/01/29 14:58:07 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\HijackThis.lnk
[2009/01/29 14:58:03 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\tara\My Documents\HJTInstall.exe
[2009/01/29 14:57:17 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\tara\My Documents\HiJackThis.exe
[2009/01/29 14:37:12 | 00,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/29 14:29:47 | 00,617,642 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/29 14:29:47 | 00,522,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/29 14:29:47 | 00,102,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/29 13:54:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/29 12:57:33 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED6A8089-56D1-4D7E-82B5-D6AD3EFC58B7}.job
[2009/01/29 09:57:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/29 09:56:43 | 02,737,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tara\My Documents\mbam-setup.exe
[2009/01/29 09:53:50 | 00,000,570 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/29 09:53:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/29 09:53:50 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/01/29 09:50:43 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\NTREGOPT.lnk
[2009/01/29 09:50:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\ERUNT.lnk
[2009/01/29 09:50:04 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\tara\My Documents\erunt_setup.exe
[2009/01/29 09:48:16 | 00,013,880 | ---- | M] () -- C:\Documents and Settings\tara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/29 09:47:19 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\SysRestorePoint_v13.zip
[2009/01/29 08:21:17 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/01/29 08:20:43 | 07,392,665 | ---- | M] (Mozilla) -- C:\Documents and Settings\tara\My Documents\firefoxinstall_en-gb-m.exe
[2009/01/28 12:13:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/28 02:22:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/27 09:12:39 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/01/27 09:10:25 | 30,363,016 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\setupeng.exe
[2009/01/27 08:45:20 | 00,000,955 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2009/01/27 08:45:20 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Spybot - Search & Destroy.lnk
[2009/01/27 08:08:11 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/01/27 08:06:18 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/01/27 08:06:18 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/01/27 08:03:56 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/01/27 08:01:42 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/01/27 02:40:22 | 05,367,728 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\tara\My Documents\DriverDetective.exe
[2009/01/27 02:27:17 | 00,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk
[2009/01/27 02:26:20 | 23,880,880 | ---- | M] (Compaq Computer Corporation ) -- C:\Documents and Settings\tara\My Documents\sp23454.exe
[2009/01/26 21:18:10 | 22,234,112 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\f5d8010v1.2.0.80a.exe
[2009/01/26 15:41:57 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Abexo Free Registry Cleaner.lnk
[2009/01/26 14:16:16 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Internet Explorer.lnk
[2009/01/26 14:16:13 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\tara\My Documents\desktop.ini
[2009/01/15 13:22:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/15 13:22:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/15 02:22:22 | 01,228,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/01/15 02:22:22 | 01,228,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/01/15 02:22:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/01/15 02:21:44 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/01/15 02:19:22 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/01/15 02:19:22 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/01/15 02:19:02 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/01/15 02:17:22 | 00,392,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/01/15 02:17:22 | 00,392,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/01/15 02:13:18 | 05,888,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/15 02:13:18 | 05,888,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/15 02:12:12 | 10,963,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/01/15 02:12:12 | 10,963,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/01/15 02:07:16 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/01/15 02:06:48 | 01,182,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/01/15 02:06:48 | 01,182,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/01/15 02:06:44 | 01,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/01/15 02:06:44 | 01,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/01/15 02:06:22 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/01/15 02:06:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/01/15 02:06:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/01/15 02:06:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/01/15 02:06:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/01/15 02:05:42 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/01/15 02:05:42 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/01/15 02:05:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/01/15 02:05:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/01/15 02:05:34 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/01/15 02:05:34 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/01/15 02:05:34 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/01/15 02:05:34 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/01/15 02:04:56 | 00,755,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/01/15 02:04:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/01/15 02:04:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/01/15 02:04:16 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/01/15 02:04:16 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/01/15 02:03:58 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/01/15 02:03:58 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/01/15 02:03:50 | 00,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/01/15 02:03:50 | 00,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/01/15 02:03:42 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/01/15 02:03:42 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/01/15 02:03:36 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/01/15 02:03:36 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/01/15 02:03:32 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/01/15 02:03:32 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/01/15 02:03:28 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/01/15 02:03:28 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/01/15 02:03:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/01/15 02:03:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/01/15 02:03:18 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/01/15 02:03:18 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Sys
  • 0

#7
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Can you give me a little bit of information on what you are doing to get this error? Is it when using Internet Explorer? To a specific site? To all sites? I need a little more information that just "Error 400 Bad Request."

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Files
    C:\78e83daf56bea552d3
    C:\bfab38fef78fe1ffcb53f8496789a008
    C:\WINDOWS\System32\15838a34.dll
    C:\WINDOWS\System32\37423a74.dll
    C:\WINDOWS\System32\e7113a.dll
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#8
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
It worked, i have never been so happy to see the google homepage...

The original problem was when trying to access www.google.co.uk the error message displayed was the HTTP 400 bad error request,
msn was my current homepage and i wanted to set it to google for my personal prefrence, that was the only site i had tried in IE8 that had this error message, however in firefox; amazon didnt work either.
I have ran OTMoveit3 and followed your instructions, a notepad opened after the restart this is what was included in it:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\78e83daf56bea552d3\i386 moved successfully.
C:\78e83daf56bea552d3\amd64 moved successfully.
C:\78e83daf56bea552d3 moved successfully.
C:\bfab38fef78fe1ffcb53f8496789a008 moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\15838a34.dll
C:\WINDOWS\System32\15838a34.dll NOT unregistered.
C:\WINDOWS\System32\15838a34.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\37423a74.dll
C:\WINDOWS\System32\37423a74.dll NOT unregistered.
C:\WINDOWS\System32\37423a74.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\e7113a.dll
C:\WINDOWS\System32\e7113a.dll NOT unregistered.
C:\WINDOWS\System32\e7113a.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DF53DD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DF540A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA7FB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA815.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA874.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA892.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA929.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA93B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\tara\LOCALS~1\Temp\~DFB57B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_308.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_768.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01302009_075153

Files moved on Reboot...
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DF53DD.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DF540A.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA7FB.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA815.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA874.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA892.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA929.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFA93B.tmp not found!
File C:\DOCUME~1\tara\LOCALS~1\Temp\~DFB57B.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_308.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_768.dat moved successfully.


This has fixed whatever was wrong, i have only listed this to conclude the listing and confirm problem solved, thank you.
  • 0

#9
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply, along with a new HijackThis log.

Edited by handhfan, 30 January 2009 - 10:25 AM.

  • 0

#10
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks again for the extended help, i'm unable to do the online scan with kaspersky, it says i need to have Java 1.5 or later installed, i click on the link and download the latest Java, go back to Kaspersky and try it again but i get the same message?
  • 0

Advertisements


#11
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#12
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks, i have done what you suggested, the scan did not find anything so i'm not sure what to copy/paste?
  • 0

#13
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
If it came up clean you wouldn't have a log to post. :)

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#14
andy_b_1502

andy_b_1502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thank you, i have installed the programs and the host's required. I also have spybot and avast, should i un-install them and not use them, also are the files like KAS and all the logs neccessary for me to keep them, is is safe to delete them? Thanks
  • 0

#15
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
You can keep Avast! and Spybot Search & Destroy. As well, you can delete all the logs and Kaspersky files as well. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP