invalid security warnings
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3200826A
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 182.00GB
Starting Offset: 4770662400
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 32256
Hidden sectors: 0
< >
[2004/08/26 09:12:03 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/26 11:08:56 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2007/02/20 04:57:23 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1C01F64A-466A-4696-AA08-7A98BA326994}.job
[2009/03/01 12:05:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/03/30 05:04:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/07/08 06:51:34 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
< End of report >
OTL Extras logfile created on: 2/6/2012 7:03:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.12 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 57.54% Memory free
1.98 Gb Paging File | 1.62 Gb Available in Paging File | 81.82% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.86 Gb Total Space | 142.52 Gb Free Space | 78.37% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.07% Space Free | Partition Type: FAT32
Computer Name: YOUR-382F8BB83C | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1147074895\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1147074895\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\PeoplePC\ISP6330\SmartDialer\Dialer.log" = C:\Program Files\PeoplePC\ISP6330\SmartDialer\Dialer.log:*:Enabled:Dialer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mshta.exe" = C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Disabled:CallWave
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216020FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216021FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216022FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216023FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216024FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216026FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216029FB}" =
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}" = Quicken 2003 Deluxe
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{50915408-4940-4C36-B4CC-0D9944FA4C59}" =
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{688A3383-3CE7-4094-9188-9C39D1E4FCB6}" =
"{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89C43B94-02D9-47CB-A338-8CEC0E70F638}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB2604110" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB2656407" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB2756918" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" =
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2478658" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2518864" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2539631" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2572058" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2572073" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2604092" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2616155" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2633880" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2639328" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2656352" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2656369" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2656369v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2686828" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2698022" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2729450" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2742596" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2695869" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" =
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Edimax Wireless LAN
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe
invalid security warnings
-Zip" = 7-Zip 3.13
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Branding" =
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"EarthLink TotalAccess 2004" =
"ERUNT_is1" = ERUNT 1.1j
"Fontcore" =
"getPlus(R)_ocx" = getPlus(R)_ocx
"HP Photo & Imaging" = HP Image Zone 3.5
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}" = Quicken 2003 Deluxe
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Internet Call Waiting" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPlayer2" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSNINST" = MSN
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpress" =
"PC Pitstop Erase_is1" = PC Pitstop Erase 1.1
"PC Pitstop Exterminate_is1" = PC Pitstop Exterminate 1.0
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SchedulingAgent" =
"WIC" =
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 12/26/2007 3:30:19 PM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
Description =
Error - 12/27/2007 5:08:36 PM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
Description =
Error - 4/6/2008 8:21:49 AM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
Description =
Error - 4/7/2008 8:22:43 AM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
Description =
Error - 4/7/2008 5:50:54 PM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
Description =
Error - 3/10/2010 8:18:54 AM | Computer Name = YOUR-382F8BB83C | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 2/3/2012 11:18:20 AM | Computer Name = YOUR-382F8BB83C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 2/3/2012 11:18:21 AM | Computer Name = YOUR-382F8BB83C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 2/4/2012 8:44:10 AM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/4/2012 4:03:42 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/5/2012 8:14:21 AM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/5/2012 6:52:39 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/5/2012 7:33:54 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/6/2012 8:53:41 AM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/6/2012 5:59:56 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
Error - 2/6/2012 9:49:06 PM | Computer Name = YOUR-382F8BB83C | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.
[ System Events ]
Error - 2/6/2012 8:54:51 AM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 2/6/2012 8:54:51 AM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 2/6/2012 5:58:50 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7000
Description = The a-squared Free Service service failed to start due to the following
error: %%21
Error - 2/6/2012 5:58:50 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 2/6/2012 5:58:53 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.
Error - 2/6/2012 5:58:53 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.
Error - 2/6/2012 9:49:04 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7000
Description = The a-squared Free Service service failed to start due to the following
error: %%21
Error - 2/6/2012 9:49:04 PM | Computer Name = YOUR-382F8BB83C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 2/6/2012 9:49:09 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.
Error - 2/6/2012 9:49:10 PM | Computer Name = YOUR-382F8BB83C | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.
< End of report >
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 19:23:37
-----------------------------
19:23:37.296 OS Version: Windows 5.1.2600 Service Pack 3
19:23:37.296 Number of processors: 1 586 0x3702
19:23:37.296 ComputerName: YOUR-382F8BB83C UserName: Owner
19:23:37.796 Initialize success
19:23:40.625 AVAST engine defs: 13020601
19:23:56.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:23:56.546 Disk 0 Vendor: ST3200826A 3.03 Size: 190782MB BusType: 3
19:23:56.562 Disk 0 MBR read successfully
19:23:56.578 Disk 0 MBR scan
19:23:56.578 Disk 0 unknown MBR code
19:23:56.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186222 MB offset 9317700
19:23:56.593 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4549 MB offset 63
19:23:56.593 Disk 0 scanning sectors +390700800
19:23:56.687 Disk 0 scanning C:\WINDOWS\system32\drivers
19:24:15.390 Service scanning
19:24:29.859 Modules scanning
19:24:45.390 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
19:24:48.156 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
19:24:48.500 Disk 0 trace - called modules:
19:24:48.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:24:48.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b46ab8]
19:24:48.531 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000088[0x88b8bf18]
19:24:48.531 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x88b5d940]
19:24:49.046 AVAST engine scan C:\WINDOWS
19:25:23.265 AVAST engine scan C:\WINDOWS\system32
19:29:28.390 AVAST engine scan C:\WINDOWS\system32\drivers
19:30:06.718 AVAST engine scan C:\Documents and Settings\Owner
19:39:29.000 AVAST engine scan C:\Documents and Settings\All Users
19:41:01.718 Scan finished successfully
19:41:18.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:41:18.750 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Upon opening MSN.com, I still get the invalid security warning!< did note some suspicious files in the Windows/system32 and ion the other logs I can see a lot of errors the day, I knew that my computer was infected 2/2/13
Thank you very much, and so look forward to our further interactions to save my computer!