Jump to content


Photo

INFECTIONS AD-AWARE CANNOT REMOVE AFTER INITIAL PURCHASE AND INSTALL


  • This topic is locked This topic is locked
10 replies to this topic

#1 JACKBLACK

JACKBLACK

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 21 March 2011 - 05:42 PM

To the Ad-Awre technicians

Since I purchased and installed Ad-Aware Total Security on March 13, I have multiple viruses on my computer which cannot be removed by the Ad-Aware software. For the fourth time, my system has crashed by closing Windows and getting the BLUE screen, when Ad-Aware is running a virus check in the background.

After initiating a manual virus check, the viruses reappear every time.

and now other virus suppliers ICONS are appearing on my Desktop, i.e. McAfee.

I also noticed that the virus database on the Ad-Aware version I purchased has a date of June 29,2010 !
Surely, it is not the latest version ???

I followed the instructions specified in general support e-mail. However, the access to your blog was blocked since my PC could not open the site where I was to copy the scan results from OTL.

I am copying the scan results below which I sent to general support and advised me they could not do anything with the info, unless I post here ??? i AM SENDING FROM ANOTHER PC.

Can you please advise of the resolution and have the viruses removed from my PC ASAP.

OTL SCAN NOTEPAD LOGS:



OTL logfile created on: 19/03/2011 7:23:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85.93 Gb Total Space | 50.91 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive E: | 146.95 Gb Total Space | 66.46 Gb Free Space | 45.23% Space Free | Partition Type: NTFS

Computer Name: JLB-491B504660B | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jack\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe (Lavasoft AB)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (Lavasoft AB)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (Lavasoft AB)
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jack\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AVKService) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe (Lavasoft AB)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (Lavasoft AB)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (Lavasoft AB)
SRV - (GDBackupSvc) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe (Lavasoft AB)
SRV - (GDTunerSvc) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe (Lavasoft AB)
SRV - (AVKWCtl) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe ()
SRV - (GDFwSvc) -- C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe (Lavasoft AB)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Driver Services (SafeList) ==========

DRV - (GRD) -- C:\WINDOWS\system32\drivers\GRD.sys (G Data Software)
DRV - (GDTdiInterceptor) -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (G Data Software AG)
DRV - (GDNdisIc) -- C:\WINDOWS\system32\drivers\GDNdisIc.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\WINDOWS\system32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\WINDOWS\system32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\WINDOWS\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys) -- C:\WINDOWS\system32\drivers\XLoader.sys (Plextor Corp.)
DRV - (WISTechVIDCAP) -- C:\WINDOWS\system32\drivers\Xstream.sys (Plextor Corp.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (EL2000) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys (3Com Corporation)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\e10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [LINK: http://ca.msn.com/?l...en-ca&OCID=iehp] http://ca.msn.com/?l...en-ca&OCID=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 8D 29 BF 51 E3 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe (Lavasoft AB)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe (Lavasoft AB)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [LINK: http://download.micr...heckControl.cab] http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [LINK: http://www.nvidia.co.../sysreqlab2.cab] http://www.nvidia.co.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [LINK: http://update.micros...b?1171139120140] http://update.micros...b?1171139120140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [LINK: http://java.sun.com/...indows-i586.cab] http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [LINK: http://office.micros...ntent/opuc4.cab] http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [LINK: http://java.sun.com/...indows-i586.cab] http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [LINK: http://java.sun.com/...indows-i586.cab] http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [LINK: http://java.sun.com/...indows-i586.cab] http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [LINK: http://fpdownload.ma...ash/swflash.cab] http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [LINK: http://platformdl.ad...Plus/1.6/gp.cab] http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jack\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jack\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/07 20:35:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 19:10:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jack\Desktop\OTL.exe
[2011/03/19 18:51:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jack\Desktop\TFC.exe
[2011/03/17 21:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/03/17 21:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/03/17 21:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/03/13 16:48:48 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/03/13 16:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Total Security
[2011/03/13 16:10:05 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/03/13 16:10:05 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/03/13 16:10:01 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/03/13 16:10:01 | 000,038,600 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011/03/13 16:10:00 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/03/13 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/03/13 16:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2008/01/24 20:02:28 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2008/01/21 18:08:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jack\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/03/19 19:21:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/03/19 19:21:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/19 19:20:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/19 19:20:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/19 19:20:37 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 19:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\Desktop\OTL.exe
[2011/03/19 19:03:31 | 000,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx
[2011/03/19 19:03:31 | 000,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx
[2011/03/19 19:03:31 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx
[2011/03/19 19:03:31 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx
[2011/03/19 19:03:31 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/19 19:03:31 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/19 19:03:31 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
[2011/03/19 19:03:31 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
[2011/03/19 18:50:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\Desktop\TFC.exe
[2011/03/19 17:38:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/19 13:40:11 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/17 21:07:21 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/03/17 21:07:21 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/14 22:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/13 18:59:17 | 019,055,616 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/03/13 18:59:16 | 010,609,664 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/03/13 17:25:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/13 16:48:48 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/03/13 16:10:05 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/03/13 16:10:05 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/03/13 16:10:01 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/03/13 16:10:01 | 000,038,600 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011/03/13 16:10:00 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/03/13 16:09:49 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Total Security.lnk
[2011/03/13 16:02:30 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/13 11:23:07 | 000,442,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 11:23:07 | 000,071,720 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 22:01:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/03/17 21:07:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/03/17 21:07:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/13 16:10:33 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/13 16:09:49 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Total Security.lnk
[2010/07/15 20:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2010/06/16 21:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/02/07 15:30:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2010/02/06 14:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/21 19:30:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolume.dll
[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/02/12 16:27:55 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/02/12 14:41:48 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/02/04 22:20:44 | 021,364,592 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2008/02/03 15:23:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/03 15:23:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/24 19:07:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2008/01/22 21:03:03 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\kodakpcd.ini
[2008/01/21 18:08:14 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\inst.exe
[2008/01/21 18:08:14 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\pcouffin.cat
[2008/01/21 18:08:14 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\pcouffin.inf
[2007/12/09 12:51:51 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/05 02:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/30 17:45:55 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/30 17:42:54 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2007/08/07 15:48:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2007/06/27 20:43:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/04/10 15:49:02 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/17 20:43:57 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
[2007/02/14 21:46:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/02/14 21:18:17 | 000,000,622 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/14 21:08:24 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/02/14 21:08:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/02/14 21:08:24 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/02/14 21:07:45 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2007/02/14 21:06:02 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/14 21:01:02 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2007/02/14 21:01:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2007/02/14 20:56:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/02/14 20:56:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/02/14 20:56:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/02/14 20:56:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/02/14 20:56:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/02/14 20:56:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/02/14 19:53:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/11 18:37:23 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
[2007/02/11 18:37:23 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
[2007/02/11 17:52:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2007/02/11 17:52:55 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2007/02/11 17:39:06 | 000,000,192 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/02/09 18:54:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/07 20:37:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/02/07 20:32:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/07 15:19:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/07 15:16:54 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/03 14:40:02 | 000,176,222 | ---- | C] () -- C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
[2004/08/14 15:22:32 | 000,030,416 | ---- | C] () -- C:\WINDOWS\M402Ufw.bin
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,442,168 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,720 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/16 11:34:00 | 000,143,540 | ---- | C] () -- C:\WINDOWS\M402Usb.bin
[2004/07/16 11:34:00 | 000,000,208 | ---- | C] () -- C:\WINDOWS\M402Ufw_pf.bin
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/07/19 05:38:32 | 000,021,637 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2001/07/13 09:37:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2001/07/13 09:35:00 | 000,162,830 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2001/07/13 09:34:50 | 000,111,123 | R--- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2001/07/13 09:23:16 | 000,111,223 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2001/07/13 09:17:28 | 000,144,493 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2001/07/13 09:11:14 | 000,044,055 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2001/06/28 07:05:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2001/04/06 11:54:30 | 000,000,153 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2001/03/23 10:09:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2011/03/13 14:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/03/16 19:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/02/12 14:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/03/17 16:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2010/08/11 11:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2007/02/14 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/24 16:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/04 19:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/12/20 16:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/13 14:15:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/02/13 10:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\AVG9
[2008/02/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\DVDFab
[2007/02/14 21:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\InterVideo
[2008/11/20 20:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Leadertech
[2008/04/30 20:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\MSNInstaller
[2007/02/10 16:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\OfficeUpdate12
[2008/01/24 18:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\ScanSoft
[2008/08/16 03:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Skinux
[2008/07/08 20:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\SmartDraw
[2009/03/13 17:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Vso
[2011/03/14 22:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/14 20:38:13 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2011/03/19 19:21:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F8C9007

< End of report >


------------------------------------------------------------------------------------------------------------


OTL SCAN NOTEPAD LOG 2


OTL Extras logfile created on: 19/03/2011 7:23:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85.93 Gb Total Space | 50.91 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive E: | 146.95 Gb Total Space | 66.46 Gb Free Space | 45.23% Space Free | Partition Type: NTFS

Computer Name: JLB-491B504660B | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Nero\Nero Sipps\Phone.exe" = C:\Program Files\Nero\Nero Sipps\Phone.exe:*:Disabled:Phone -- (Nero AG)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0A003011-002C-446B-AF91-D6C13C0E08FE}" = Ad-Aware Total Security
"{11439F51-B8D2-4736-9CDF-8889FEBE1033}" = Nero 7 Ultra Edition
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DVDFab 6 by TEAM AHCU_is1" = DVDFab 6.0.2.2 by TEAM AHCU(June 26, 2009)
"DVDFab Gold 4_is1" = DVDFab Gold (Non-CSS Version) 4.0.3.0
"GalleryPlayer Images" = GalleryPlayer Images
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InterActual Player" = InterActual Player
"legacyqcam_10.50" = Logitech Legacy USB Camera Driver Package
"Lotto Pro" = Lotto Pro
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero Sipps!UninstallKey" = Nero Sipps
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"RealPlayer 12.0" = RealPlayer
"Registry Clean Expert_is1" = Registry Clean Expert
"ScanSoft PaperPort Viewer 7.0" = ScanSoft PaperPort Viewer 7.0
"Sound Blaster Audigy" = Sound Blaster Audigy
"SystemRequirementsLab" = System Requirements Lab
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2008" = SmartDraw 2008

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2011 8:21:38 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: This network connection does not exist.

Error - 28/02/2011 8:21:38 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: This network connection does not exist.

Error - 28/02/2011 8:21:46 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 28/02/2011 8:21:46 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: This network connection does not exist.

Error - 28/02/2011 8:21:47 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: This network connection does not exist.

Error - 28/02/2011 9:29:18 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: This operation returned because the timeout period expired.

Error - 28/02/2011 9:29:18 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: The specified server cannot perform the requested operation.

Error - 28/02/2011 9:43:34 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: The server name or address could not be resolved

Error - 28/02/2011 9:43:34 PM | Computer Name = JLB-491B504660B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

with error: This network connection does not exist.

Error - 03/03/2011 7:37:17 PM | Computer Name = JLB-491B504660B | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 19/03/2011 7:09:03 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:09:07 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:09:28 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:09:28 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:09:42 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:10:15 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:21:14 PM | Computer Name = JLB-491B504660B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ElbyCDIO

Error - 19/03/2011 7:21:38 PM | Computer Name = JLB-491B504660B | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86277a00, parameter3
86277b74, parameter4 805fb1d6.

Error - 19/03/2011 7:34:21 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 19/03/2011 7:34:37 PM | Computer Name = JLB-491B504660B | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}


< End of report >


Jack

#2 JACKBLACK

JACKBLACK

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 21 March 2011 - 06:11 PM

Here is my file number sent by general support: [KS#TKT-uToMa-279] Support - Ad-Aware Total Security

Thank you,

Jack

#3 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7232 posts

Posted 23 March 2011 - 09:24 AM

Hi Jack,

In this forum it is only volunteers that are helping other members clean their computers.
Maybe you should remove the "file number" from your post, I don't know if anyone else can use it.

"McAfee Security Scan" is downloaded together with something else, if you don't deselect it during downloading or installation. I'm not sure but maybe it is together with Adobe Reader.

What infected files are found in the computer? Please, copy the information with file names, folders and type of infections.

#4 JACKBLACK

JACKBLACK

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 24 March 2011 - 03:59 PM

Hi Jack,

In this forum it is only volunteers that are helping other members clean their computers.
Maybe you should remove the "file number" from your post, I don't know if anyone else can use it.

"McAfee Security Scan" is downloaded together with something else, if you don't deselect it during downloading or installation. I'm not sure but maybe it is together with Adobe Reader.

What infected files are found in the computer? Please, copy the information with file names, folders and type of infections.


Thank you CeciliaB,

I was told by General support that this was the way to have my infections removed by technical support ???

I am trying to bring this up with Lavasoft.

Jack

#5 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7232 posts

Posted 24 March 2011 - 11:28 PM

As far as I know the price for Ad-Aware does not include removal of virus or other malicious files by Lavasoft staff, and that is a common rule with other antivirus and antimalware products, too.

#6 JACKBLACK

JACKBLACK

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 25 March 2011 - 01:45 PM

This is absurd ! I paid for an antivirus software which is supposed to be their best product. I paid to have a software
which REMOVES VIRUSES and it is not doing whaty I paid it to do. It says on the right of this page "Get immediate support by chat or e-mail". Is this false advertising ??

The anti virus I had before offered me e-mail, phone and remote assistance support !

Furthermore, general support does not even answer my questions on the version of the softwatre I have and all my other concerns.

I cannot even copy and paste the information of the virus from a virus scan ? How can I copy the information ?

Here is the latest info I sent to general support which they can<t or will not answer:

IN ADDITION TO HAVING VIRUSES WHICH CANNOT BE REMOVED BY LAVASOFT, A NEW ICON APPEARED ON MY DESKTOP NAMED: THUMB.DB WHICH IS SOME KIND OF DATABASE WHICH APPEARS WHEN OPENING DIFFERENT FOLDERS UNDER WHICH I SAVE PICTURES.

Why did general support ask me to perform a scan and copy all the info which I did in a previous post ?? From what you are telling me, this info is useless.

Thank you for any help you can provide CeciliaB

Jack

#7 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7232 posts

Posted 26 March 2011 - 02:05 AM

Hi,

Which antivirus program did you have before? Would be nice to know one that has free malware removal.

Many paid antivirus programs has free support only for installation issues, error messages and similar questions but not for removal of infections, for example Norton http://us.norton.com/support/index.jsp

But you can get free help by me, I help people with infected computers in this and other forums. I need the OTL logs to be able to do that, so it was not useless to post them.

You can find old Ad-Aware logs in the folder C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log. Please, post one that contains the infections that cannot be removed.

Thumb.db is placed in folders by Windows when you use the thumbnail view, see http://en.wikipedia....thumbnail_cache It has nothing to do with Ad-Aware or infections.

#8 JACKBLACK

JACKBLACK

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 26 March 2011 - 02:02 PM

Hi CeciliaB,

thank you for your response and info. Between you and me, it is absurd that we pay for an anti-virus software and they do not support us when we get viruses that their product cannot remove !!! Especially when it happens at the initial installation ! I had the AVG antivirus software.

Anyhow, here is the results of a scan containing the viruses:

Virus check with Ad-Aware Total Security
Version 21.1.0.30 (29/06/2010)
Virus signature dated
Start time: 23/03/2011 8:27:23 PM
Engine(s): Engine A, Engine B
Heuristics: On
Archive: On
System areas: On
Check rootkits: On

Check system areas...
Check for rootkits...
Check for spyware/adware...
Check all local hard disks...
Analysis performed in full: 23/03/2011 9:42:14 PM
91713 files checked
2 infected files detected
0 suspicious files found


Object: user32.DLL
Path: C:\WINDOWS\system32
Status: Virus could not be removed
Virus: Application.Generic.211594 (Engine-A)

Object: A0108461.DLL
Path: C:\System Volume Information\_restore{92668664-2F60-4256-B056-7BA520CA507D}\RP1217
Status: File moved to quarantine
Virus: Application.Generic.211594 (Engine-A)


+ Access to the following files was denied:


--------------------------------------------------------------------------------
C:\hiberfil.sys
C:\pagefile.sys
C:\System Volume Information\MountPointManagerRemoteDatabase
E:\System Volume Information\MountPointManagerRemoteDatabase

--------------------------------------------------------------------------------



+ The following files are password-protected:


--------------------------------------------------------------------------------
C:\Software Downloads\WinZip\winzip110.exe
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate7.zip
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi

--------------------------------------------------------------------------------


I hope this helps to remove my infections. What about the version of the Ad-Aware Total Protection I purchased. I keep asking the support and they don't answer. I have version: 21.0.1.30 dated June 29 2010 !!

I also asked about the blue screen which shuts down windows when the automatic virus scan is run. It does it every time so I cancel the scan now to avoid getting windows shutdown abruptly.

Thanks CeciliaB,

Jack

#9 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7232 posts

Posted 26 March 2011 - 03:41 PM

Hi Jack,

I am not familiar with Ad-Aware Total Security but I googled around and my understanding is that 21.1.0.30 and 29th of June are version number and date for the program and not for the virus definitions. Most antivirus programs are released once a year.

Between you and me, it is absurd that we pay for an anti-virus software and they do not support us when we get viruses that their product cannot remove !!!

I guess some persons would misuse it and be very careless since they would know that someone else always will clean the computer for them.

We will start to investigate the User32.dll file.

Save SystemLook on the desktop from one of these linkes:
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe

Double-click on SystemLook file to run it.

Copy all lines in the box
&#58;filefind 
user32.dll
&#58;file
C&#58;\WINDOWS\system32\user32.dll
and paste in the big text field in SıstemLook.
Click on the Look button to start the search.
When finished Notepad will pop-up with the log. Copy the log and paste into your answer. If Notepad doesn't pop-up you can find the log as SystemLook.txt on the Desktop.

#10 LS Digger Barnes

LS Digger Barnes

    Forum demigod

  • Valued Member
  • PipPipPip
  • 226 posts

Posted 28 March 2011 - 09:23 AM

Hi

I just had a look at this topic and also at the email ticket.

There seems to have been a bit of misunderstanding and you have been sent to the forums a bit prematurely.

First of all, the tech support for our products do not include a Virus Removal service. (We do offer a separate service covering that, but please note that it is separate from our products.)
Our products do include scanning technology which removes malware present, but first and foremost it protects the systems from being infected in the first place.
If a system is infected before Ad-Aware is installed it is very likely that you may have big problems installing it at all since it is very common that a malware infection include self protection mechanisms that targets well known antimalware products.

As CeciliaB point out the version is for the software version and not the definitions.

It could also be that the McAfee program is causing the system crashes/Blue screens since it the scanners is likely to conflict.
Please uninstall any other AntiVirus or Security products on your system.

Further the thumbs.db file is a system file that is NOT malicious. The reason why you can see it probably because you have changed your Folder->View options.

Finally, I have sent you a separate email as a continuation of the email ticket thread. It would be nice if Cecilia would continue investigate the files not removed, but I suggest that until we have need for continued help from our malware expert here on the forum, we should see what can be done with the software issues. They may not relate to an infection. They may be caused by a software conflict.
Kind regards,

Lavasoft Support Team

#11 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7232 posts

Posted 10 May 2011 - 10:23 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users