1.first problem was it couldn`t boot from HDD , only from cd-rom wich is kinda weird cause its not the windows xp cd, but the motherboard cd that featured a bunch of programs
i did try and set the "boot from HDD first,2nd and 3rd" and it still said booting from cd-rom
i ignored that and just decided to just keep that cd in there as long as windows could start
after the first boot screen with memory check and where you could enter bios, the next one shows:
"master disk HDD capability.......disabled"
big table thing
then after it starts booting from cd-rom.
2.when i try running safe mode for doing some steps of removing this virus i found in malwarebytes, after it loads a bunch of files needed for safe mode,it restarts, and only if i run "last known good configuration" the system can start
thou i can`t tell if this was always like this or not cause its the first time i try it
3.my parents use it so i can`t tell exactley what they did, but suddently the task manager wouldn`t open,regeddit wouldn`t open, and after i ran the malware scan it found a bunch of stuff, but it couldn`t get rid of 5-6 Pum viruses + 1 trojan
4.also i get an error on start-up
"microsoft visual C++ runtime error
(commodo internet security path)
R6002
floating point not support loaded"
so to sum up all the stuff that i could notice
-malwarebytes site won`t work("firefox can`t find the server"), also when i run the upgrade database, it just gets stuck at 0%
-tsk manager disabled
-regedit disabled
-safemode disabled?
-tried running windows repair from tweaking.com it wouldn`t let me start it "not have the authority to run this setup" or something even thou i was logged as administrator
-google chrome only showed one big blank page(same color as default desktop color)
-when i tried reinstalling google chrome it just loaded for a second then stopped, with no error message this time
MALWAREBYTES LOG
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.14.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Logan :: HOME-FA201A11EA [administrator]
5/7/2013 1:14:55 PM
mbam-log-2013-05-07 (13-14-55).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283018
Time elapsed: 1 hour(s), 20 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe -> Delete on reboot.
Registry Data Items Detected: 5
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Autorun.B) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe) Good: () -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
Folders Detected: 1
C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
Files Detected: 7
C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions\trash\5affxtbr-bs@MyWebFace_5a.com\content\MyWebFace.exe (PUP.FunWebProducts) -> No action taken.
C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
D:\Program files\Hijackthis\HijackThis.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Program files\Internet Explorer\iexplore.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
D:\Program files\Winampppp\winampa.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
D:\VIAUSB2V256-L\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
(end)
OTL:
OTL logfile created on: 5/7/2013 4:00:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Logan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.50 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 65.02% Memory free
2.11 Gb Paging File | 1.70 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 1.34 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive D: | 97.13 Gb Total Space | 12.94 Gb Free Space | 13.33% Space Free | Partition Type: NTFS
Drive E: | 585.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 454.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HOME-FA201A11EA | User Name: Logan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/05/07 16:00:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Logan\My Documents\Downloads\OTL.exe
PRC - [2013/04/12 23:58:29 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/11 22:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/12/09 20:22:26 | 000,152,576 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010/04/19 14:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/11/15 13:20:20 | 000,151,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (No Company Name) ==========
MOD - [2013/04/12 23:58:16 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/28 13:09:50 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2008/04/14 03:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Unknown (-1) | Stopped] -- -- (diovmvo)
SRV - [2013/03/08 20:30:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/28 13:09:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/07 03:02:47 | 000,504,648 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012/03/11 22:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] -- -- (diovmvo)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llrjkn.sys -- (abp470n5)
DRV - [2013/01/08 21:47:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 22:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2012/03/11 22:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard)
DRV - [2012/03/11 22:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 21:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/11/17 14:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - [2004/08/04 01:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/16 09:19:52 | 000,070,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 23:58:40 | 000,000,000 | ---D | M]
[2012/03/07 21:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Extensions
[2013/01/20 02:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions
[2013/01/20 02:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions\trash
[2013/04/12 23:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 23:58:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/12 23:57:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/12 23:57:55 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ro/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: c\u0103utare Google = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.96.7.88 95.77.94.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{561FCA04-03EC-4ECD-A742-B656D6FA86EF}: DhcpNameServer = 78.96.7.88 95.77.94.88
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/23 21:58:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/10/04 10:57:04 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/06/20 16:23:22 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0b33f200-58f7-11e2-b569-00e04c811a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{0b33f200-58f7-11e2-b569-00e04c811a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b33f200-58f7-11e2-b569-00e04c811a7b}\Shell\AutoRun\command - "" = F:\setup.exe -- [2000/10/05 17:00:06 | 000,054,272 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{7da56a47-fe3b-11e1-b434-00e04c811a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{7da56a47-fe3b-11e1-b434-00e04c811a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7da56a47-fe3b-11e1-b434-00e04c811a7b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{7da56a49-fe3b-11e1-b434-00e04c811a7b}\Shell\AutoRun\command - "" = G:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
O33 - MountPoints2\{7da56a49-fe3b-11e1-b434-00e04c811a7b}\Shell\open\command - "" = G:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
O33 - MountPoints2\{8f2d715c-6932-11e2-b5a4-00e04c811a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2d715c-6932-11e2-b5a4-00e04c811a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f2d715c-6932-11e2-b5a4-00e04c811a7b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a1e2f18e-8d58-11e1-b340-00e04c811a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{a1e2f18e-8d58-11e1-b340-00e04c811a7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1e2f18e-8d58-11e1-b340-00e04c811a7b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ad99bd18-123d-11e2-b47a-00e04c811a7b}\Shell\AutOplAy\cOmmANd - "" = G:\udgtms.pif
O33 - MountPoints2\{ad99bd18-123d-11e2-b47a-00e04c811a7b}\Shell\AutoRun\command - "" = G:\udgtms.pif
O33 - MountPoints2\{ad99bd18-123d-11e2-b47a-00e04c811a7b}\Shell\exPloRE\COMMANd - "" = G:\udgtms.pif
O33 - MountPoints2\{ad99bd18-123d-11e2-b47a-00e04c811a7b}\Shell\OpEn\CommAnd - "" = G:\udgtms.pif
O33 - MountPoints2\{b5944fca-675b-11e1-b30f-00e04c811a7b}\Shell\AutOplay\cOmMaND - "" = G:\rygj.exe
O33 - MountPoints2\{b5944fca-675b-11e1-b30f-00e04c811a7b}\Shell\AutoRun\command - "" = G:\rygj.exe
O33 - MountPoints2\{b5944fca-675b-11e1-b30f-00e04c811a7b}\Shell\Explore\COmMANd - "" = G:\rygj.exe
O33 - MountPoints2\{b5944fca-675b-11e1-b30f-00e04c811a7b}\Shell\open\ComMAnD - "" = G:\rygj.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/07 15:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\Desktop\RK_Quarantine
[2013/05/07 15:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/05/07 13:08:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/04/12 23:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/07 16:04:10 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/07 15:29:35 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/07 15:29:35 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/07 15:25:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/07 15:24:54 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/23 15:02:22 | 000,034,799 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\la multi ani!.jpg
[2013/04/23 14:55:59 | 000,360,457 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\photo.htm
[2013/04/19 22:00:40 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/23 15:02:20 | 000,034,799 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\la multi ani!.jpg
[2013/04/23 14:55:54 | 000,360,457 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\photo.htm
[2013/01/28 13:01:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2013/01/07 21:54:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/23 04:05:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/08/02 10:17:08 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 17:04:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/15 17:02:48 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 15:49:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 15:25:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/02/15 15:25:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/02/15 15:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/15 15:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 15:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 15:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
OTL EXTRAS
OTL Extras logfile created on: 5/7/2013 4:00:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Logan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.50 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 65.02% Memory free
2.11 Gb Paging File | 1.70 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 1.34 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive D: | 97.13 Gb Total Space | 12.94 Gb Free Space | 13.33% Space Free | Partition Type: NTFS
Drive E: | 585.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 454.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HOME-FA201A11EA | User Name: Logan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4559:TCP" = 4559:TCP:*:Enabled:grcxjap
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe" = G:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe" = c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe:*:Enabled:ipsec
"C:\Program Files\Winamp\winampa.exe" = C:\Program Files\Winamp\winampa.exe:*:Enabled:ipsec -- (Nullsoft, Inc.)
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" = C:\Program Files\COMODO\COMODO Internet Security\cfp.exe:*:Enabled:ipsec -- (COMODO)
"C:\WINDOWS\SOUNDMAN.EXE" = C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec -- (Realtek Semiconductor Corp.)
"C:\WINDOWS\system32\netsh.exe" = C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" = C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:ipsec
"C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" = C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" = C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe" = C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe:*:Enabled:ipsec
"C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe" = C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe:*:Enabled:ipsec -- (TuneUp Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/7/2013 7:40:33 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 5/7/2013 7:46:20 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 5/7/2013 8:03:25 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 5/7/2013 8:03:25 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 5/7/2013 8:05:45 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 5/7/2013 8:30:52 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 5/7/2013 8:30:52 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 5/7/2013 8:37:56 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 5/7/2013 8:41:37 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 5/7/2013 8:48:25 AM | Computer Name = HOME-FA201A11EA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
[ System Events ]
Error - 5/7/2013 7:51:19 AM | Computer Name = HOME-FA201A11EA | Source = Service Control Manager | ID = 7023
Description = The Config Image service terminated with the following error: %%1114
Error - 5/7/2013 8:08:26 AM | Computer Name = HOME-FA201A11EA | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{561FCA04-03EC-4ECD-A742-B656D6FA86EF}. The
backup browser is stopping.
Error - 5/7/2013 8:10:10 AM | Computer Name = HOME-FA201A11EA | Source = Service Control Manager | ID = 7000
Description = The abp470n5 service failed to start due to the following error: %%2
Error - 5/7/2013 8:10:10 AM | Computer Name = HOME-FA201A11EA | Source = Service Control Manager | ID = 7000
Description = The abp470n5 service failed to start due to the following error: %%2
Error - 5/7/2013 8:14:21 AM | Computer Name = HOME-FA201A11EA | Source = Service Control Manager | ID = 7023
Description = The Config Image service terminated with the following error: %%1114
Error - 5/7/2013 8:16:05 AM | Computer Name = HOME-FA201A11EA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 5/7/2013 8:16:05 AM | Computer Name = HOME-FA201A11EA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 5/7/2013 8:25:30 AM | Computer Name = HOME-FA201A11EA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 5/7/2013 8:25:33 AM | Computer Name = HOME-FA201A11EA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 5/7/2013 8:26:35 AM | Computer Name = HOME-FA201A11EA | Source = Service Control Manager | ID = 7023
Description = The Config Image service terminated with the following error: %%1114
< End of report >