SUPERAntiSpyware Scan Log

[High1]

Hello

I was asked on the XP forum by a moderator to post the following here. Many thanks for your help. I will now download Malwarebytes Anti-Malware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/19/2012 at 07:51 PM

Application Version : 5.0.1144

Core Rules Database Version : 8260
Trace Rules Database Version: 6072

Scan type       : Complete Scan
Total Scan Time : 02:44:59

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 521
Memory threats detected   : 0
Registry items scanned    : 34952
Registry threats detected : 2
File items scanned        : 158864
File threats detected     : 286

Disabled.SecurityCenterOption
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

Adware.Tracking Cookie
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@eyewonder[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@doubleclick[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@atdmt[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@serving-sys[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@tradedoubler[2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][6].txt [ Cookie:hil [email protected]/pagead/conversion/1054125534/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@specificclick[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@adrevolver[2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@casalemedia[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@adviva[2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][3].txt [ Cookie:hil [email protected]/adrevolver/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/pagead/conversion/1068069736/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][8].txt [ Cookie:hil [email protected]/pagead/conversion/1062950274/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@statcounter[2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@ufindus[2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@apmebf[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@adtech[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@2o7[2].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@valueclick[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@imrworldwide[1].txt [ Cookie:hil [email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\hil_higham@fastclick[1].txt [ Cookie:hil [email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\Cookies\[email protected][4].txt [ Cookie:hil [email protected]/pagead/conversion/1037689773/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\lee@imrworldwide[1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\[email protected][2].txt [ Cookie:[email protected]/pagead/conversion/1071765850/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\lee@pointroll[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\[email protected][1].txt [ Cookie:[email protected]/jobs/jobs/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\[email protected][2].txt [ Cookie:[email protected]/accounts ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\lee@collective-media[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\ILCF8G1L.txt [ Cookie:[email protected]/touchplc/local/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\SNIHLGF8.txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\M9V6FPQ6.txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\[email protected][4].txt [ Cookie:[email protected]/pagead/conversion/1067596046/ ]
   C:\DOCUMENTS AND SETTINGS\LEE\Cookies\7QQ3GZBI.txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@indextools[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@interclick[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@adecn[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/cassava/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/achmea/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@questionmarket[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@findicon[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@partypoker[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@2o7[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@adtech[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@burstnet[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@stylefinder[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@weborama[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@imrworldwide[1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@spamblockerutility[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@serving-sys[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@tacoda[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@insightexpressai[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@revenue[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@roiservice[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@hitbox[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@routefinder[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@atdmt[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@statcounter[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@advertising[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][4].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][3].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@adlegend[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@overture[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@indexstats[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@adbrite[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@komtrack[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@commission-junction[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/adrevolver/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@enhance[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@tribalfusion[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/next/next/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@casalemedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@zedo[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@precisionclick[1].txt [ Cookie:[email protected]/ad ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@adviva[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@fastclick[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/soundtracks/l/loveactuallylyrics/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][6].txt [ Cookie:[email protected]/lsbu/lsbu/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][4].txt [ Cookie:[email protected]/city/city/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@bravenet[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@media6degrees[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@chitika[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@revsci[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@azjmp[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@thefind[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][3].txt [ Cookie:[email protected]/touchplc/local/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@clicksor[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@dealtime[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][7].txt [ Cookie:[email protected]/hero/hero/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@pro-market[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@kontera[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][5].txt [ Cookie:[email protected]/city/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@yieldmanager[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][3].txt [ Cookie:[email protected]/c/i/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/cassava/888/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@socialmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][3].txt [ Cookie:[email protected]/lse/lse/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/uel/uel/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@crackle[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@advertstream[2].txt [ Cookie:[email protected]/a ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@burstbeacon[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][5].txt [ Cookie:[email protected]/pagead/conversion/1053353320/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][10].txt [ Cookie:[email protected]/pagead/conversion/1065001945/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@myroitracking[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@dmtracker[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][4].txt [ Cookie:[email protected]/pagead/conversion/1068755026/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][9].txt [ Cookie:[email protected]/pagead/conversion/1072266959/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][10].txt [ Cookie:[email protected]/eteach/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@lfstmedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/pagead/conversion/1055216656/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\rachel@specificmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][3].txt [ Cookie:[email protected]/hc/32020749 ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\Cookies\[email protected][9].txt [ Cookie:[email protected]/eteach/fejobs/ ]
   m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KQLR7UKJ ]
   tracking.onefeed.co.uk [ C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KQLR7UKJ ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][1].TXT [ /AD.UK.TANGOZEBRA ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][1].TXT [ /AD.YIELDMANAGER ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][2].TXT [ /ADS.POINTROLL ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\HIL_HIGHAM@ADVERTISING[2].TXT [ /ADVERTISING ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\HIL_HIGHAM@BLUESTREAK[1].TXT [ /BLUESTREAK ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][1].TXT [ /BS.SERVING-SYS ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][1].TXT [ /MEDIA.ADREVOLVER ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\HIL_HIGHAM@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\HIL_HIGHAM@REVSCI[2].TXT [ /REVSCI ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][1].TXT [ /TRACK.WEBGAINS ]
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\COOKIES\[email protected][1].TXT [ /WWW.CLICKSAFE.LLOYDSTSB ]
   C:\DOCUMENTS AND SETTINGS\LEE\COOKIES\[email protected][3].TXT [ /WWW.GOOGLEADSERVICES ]
   2mdn.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   adtech.de [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   atdmt.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   crackle.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   m.uk.2mdn.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   m1.emea.2mdn.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   macromedia.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   media.socialvibe.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   media2.firstshowing.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   mediaplex.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   oddcast.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   uk.2mdn.net [ C:\DOCUMENTS AND SETTINGS\RACHEL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JAM56QF8 ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /008.FREE-COUNTER.CO ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@247REALMEDIA[2].TXT [ /247REALMEDIA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /AD.LOOKERY ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /AD.UK.TANGOZEBRA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /AD.UK.TANGOZEBRA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /AD1.EMEDIATE ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@ADINTERAX[2].TXT [ /ADINTERAX ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADOPT.SPECIFICCLICK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@ADREVOLVER[1].TXT [ /ADREVOLVER ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADS.1001SKINS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADS.ANM.CO ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /ADS.AOL.CO ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADS.HABBOGROUP ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADS.HAIRBOUTIQUE ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /ADS.ITV ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADS.US.E-PLANNING ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADS.WIDGETBUCKS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /ADS2.NET-COMMUNITIES.CO ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /ADSERVER.ADREMEDY ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADSERVER.EASYAD ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /ADSERVER.ROZENBERGADS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /ANAD.TACODA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@APMEBF[1].TXT [ /APMEBF ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /BIZRATE.CO ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@BLUESTREAK[1].TXT [ /BLUESTREAK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /BS.SERVING-SYS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][3].TXT [ /CONTENT.YIELDMANAGER ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /DATA.COREMETRICS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /DE.AT.ATWOLA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /EHG-DIG.HITBOX ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /EHG-MYSPACEINC.HITBOX ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@EUROCLICK[2].TXT [ /EUROCLICK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /FINDJEWELLERY.CO ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /HMT.CONNEXPROMOTIONS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@LINKSYNERGY[2].TXT [ /LINKSYNERGY ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /MEDIA.ADREVOLVER ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /MSNPORTALBEETOFFICE2007.112.2O7 ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /PERF.OVERTURE ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@REALMEDIA[2].TXT [ /REALMEDIA ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /SCREEN.T10-CLICK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /SECURE-MEDIA-SF2P.FACEBOOK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /SERVER.IAD.LIVEPERSON ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][2].TXT [ /STATS.CLICKTRACKS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@TRAFFICMP[1].TXT [ /TRAFFICMP ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@TRIPOD[1].TXT [ /TRIPOD ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /VIDEOEGG.ADBUREAU ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /WWW.3DSTATS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /WWW.GOOGLEADSERVICES ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][6].TXT [ /WWW.GOOGLEADSERVICES ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /WWW.MYWEBSTATS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\[email protected][1].TXT [ /WWW.YOURHITSTATS ]
   C:\DOCUMENTS AND SETTINGS\RACHEL\COOKIES\RACHEL@XITI[1].TXT [ /XITI ]

Application.PowerReg Scheduler
   C:\DOCUMENTS AND SETTINGS\HIL HIGHAM\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

[Allan]

You were asked to follow the directions in the following link and post ALL requested logs:

http://www.computerhope.com/forum/index.php/topic,46313.0.html

[High1]

Hello Allan

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Don Higham :: D45YHY0J [administrator]

Protection: Enabled

19/02/2012 22:47:26
mbam-log-2012-02-19 (22-47-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261557
Time elapsed: 13 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|load (Backdoor.Bot) -> Data: C:\WINDOWS\svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("%1" /S) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I cannot seem to open the dds file - I just get goodbledeegook.

Thanks for your help.

High1

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

[High1]

Hello Dave

Thanks for your message.

Please see below the OTL log:


========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.0 log created on 02202012_084602

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

and the Combo_Fix log (I could only obtain this in Safe Mode - in Windows Normal I was always bombed out of the application):



ComboFix 12-02-19.02 - Don Higham 20/02/2012  13:21:46.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.783 [GMT 0:00]
Running from: c:\documents and settings\Don Higham\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-20 to 2012-02-20  )))))))))))))))))))))))))))))))
.
.
2012-02-20 09:13 . 2012-02-20 10:45   --------   d-----w-   C:\## aswSnx private storage
2012-02-19 23:08 . 2012-02-19 23:08   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-02-19 23:08 . 2012-02-19 23:08   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-02-19 22:45 . 2012-02-19 22:45   --------   d-----w-   c:\documents and settings\Don Higham\Application Data\Malwarebytes
2012-02-19 22:45 . 2012-02-19 22:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 22:45 . 2012-02-19 22:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-19 22:45 . 2011-12-10 15:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-19 16:51 . 2012-02-19 16:51   --------   d-----w-   c:\documents and settings\Don Higham\Application Data\SUPERAntiSpyware.com
2012-02-19 16:50 . 2012-02-19 16:53   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-19 16:50 . 2012-02-19 16:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-19 16:31 . 2012-02-19 16:31   --------   d-----w-   c:\program files\CCleaner
2012-02-19 16:25 . 2012-02-19 16:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2012-02-19 16:25 . 2012-02-19 16:25   --------   d-----w-   c:\documents and settings\Don Higham\Application Data\OnlineArmor
2012-02-19 16:21 . 2012-02-10 14:33   42152   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2012-02-19 16:21 . 2012-02-10 14:33   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2012-02-19 16:21 . 2012-02-10 14:33   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2012-02-19 16:21 . 2012-02-10 14:33   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2012-02-19 16:21 . 2012-02-20 08:35   --------   d-----w-   c:\program files\Online Armor
2012-02-18 21:09 . 2012-02-18 21:09   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2012-02-18 21:09 . 2011-11-28 17:51   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-02-18 21:09 . 2011-11-28 17:53   314456   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-02-18 21:09 . 2011-11-28 17:52   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2012-02-18 21:09 . 2011-11-28 17:52   52952   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-02-18 21:09 . 2011-11-28 17:53   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-02-18 21:09 . 2011-11-28 17:52   111320   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2012-02-18 21:09 . 2011-11-28 17:51   105176   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2012-02-18 21:09 . 2011-11-28 17:48   30808   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2012-02-18 21:08 . 2011-11-28 18:01   41184   ----a-w-   c:\windows\avastSS.scr
2012-02-18 21:08 . 2011-11-28 18:01   199816   ----a-w-   c:\windows\system32\aswBoot.exe
2012-02-18 21:08 . 2012-02-18 21:08   --------   d-----w-   c:\program files\AVAST Software
2012-02-18 21:08 . 2012-02-18 21:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2012-02-17 10:30 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-02-17 10:30 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\dllcache\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 13:00 . 2011-12-27 19:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2002-08-29 05:00   1859968   ----a-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-06-23 11:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2002-08-29 05:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-08-29 05:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59   385024   ------w-   c:\windows\system32\html.iec
2011-11-25 21:57 . 2002-08-29 05:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2009-12-24 19:19 . 2009-12-24 19:19   6210048   -c--a-w-   c:\program files\XenAppWeb.msi
2007-01-21 15:49 . 2007-01-21 15:49   12640   -c--a-w-   c:\program files\GoogleToolbarDownloader.exe
2001-06-20 15:19 . 2001-06-19 15:34   40960   -c--a-w-   c:\program files\ACMonitor_X83.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Don Higham\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-02-10 2645440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Lee\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-25 333088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-10 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-02-10 359352]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 8.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2011-01-13 02:01   6129496   ----a-w-   c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36   2793304   ----a-w-   c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Documents and Settings\\Don Higham\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 OAmon;OAmon;c:\windows\SYSTEM32\DRIVERS\OAmon.sys [19/02/2012 16:21 25192]
R1 OAnet;OAnet;c:\windows\SYSTEM32\DRIVERS\OAnet.sys [19/02/2012 16:21 29464]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
S1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [18/02/2012 21:09 435032]
S1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [18/02/2012 21:09 314456]
S1 OADevice;OADriver;c:\windows\SYSTEM32\DRIVERS\OADriver.sys [19/02/2012 16:21 205864]
S1 oahlpXX;Online Armor helper driver;c:\windows\SYSTEM32\DRIVERS\oahlp32.sys [19/02/2012 16:21 42152]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29/08/2002 05:00 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [18/02/2012 21:09 20568]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [09/01/2006 12:32 15104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/02/2012 22:45 652360]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [19/02/2012 16:21 208472]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [19/02/2012 16:21 4369208]
S3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [19/02/2012 22:45 20464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BULKUSB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33]
.
2003-12-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2004-01-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-12-16 09:04]
.
2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{C9E76435-7127-4B61-937A-5E0C5F5A493D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?b2782a01f8cc493f831011bb16da6f7c
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?b2782a01f8cc493f831011bb16da6f7c
TCP: Interfaces\{B7784DD1-2021-4BE6-AD32-E00F35508C6C}: NameServer = 192.168.0.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(380)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(856)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-02-20  13:35:47
ComboFix-quarantined-files.txt  2012-02-20 13:35
.
Pre-Run: 50,116,468,736 bytes free
Post-Run: 50,110,660,608 bytes free
.
- - End Of File - - CE9BB25A3FE46AC356D602824F7BF75E

Thanks

High1

[SuperDave]

What exactly is the problem with this computer?

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[High1]

Hello Dave

Here are the log files:

Security Check:

 Results of screen317's Security Check version 0.99.31 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 Online Armor 5.5   
```````````````````````````````
Anti-malware/Other Utilities Check:
 SUPERAntiSpyware     
 CCleaner     
 Java(TM) 6 Update 31 
 Java 2 Runtime Environment, SE v1.4.2
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Tall Emu Online Armor OAcat.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
``````````End of Log````````````



SysProt AntiRootkit v1.0.1.0:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\smss.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\csrss.exe
PID: 440
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\services.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\lsass.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 920
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\Program Files\Online Armor\oacat.exe
PID: 1072
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PID: 1428
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\spoolsv.exe
PID: 1800
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PID: 1840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SASCore.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1928
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 416
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 656
Hidden: No
Window Visible: No

Name: C:\Program Files\UPHClean\uphclean.exe
PID: 892
Hidden: No
Window Visible: No

Name: C:\WINDOWS\wanmpsvc.exe
PID: 1200
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\alg.exe
PID: 2852
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\hkcmd.exe
PID: 3112
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PID: 3152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\DSentry.exe
PID: 3168
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
PID: 3212
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\Media Experience\PCMService.exe
PID: 3248
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
PID: 3260
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PID: 3288
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PID: 3300
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\hphmon05.exe
PID: 3312
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PID: 3324
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 3388
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PID: 3400
Hidden: No
Window Visible: No

Name: C:\Program Files\AVAST Software\Avast\AvastUI.exe
PID: 3412
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Akamai\netsession_win.exe
PID: 3576
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PID: 3592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ctfmon.exe
PID: 3608
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Akamai\netsession_win.exe
PID: 3752
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
PID: 3780
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PID: 3788
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 408
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2224
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2960
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Don Higham\Desktop\ysrot\SysProt\SysProt\SysProt.exe
PID: 1988
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Don Higham\Desktop\ysrot\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: EBD74000
Module End: EBD7F000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EE580
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EF000
Module End: 8070F300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7D65000
Module End: F7D67000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7C75000
Module End: F7C78000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7816000
Module End: F7844000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7D67000
Module End: F7D69000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7805000
Module End: F7816000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7865000
Module End: F786F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7E2D000
Module End: F7E2E000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7AE5000
Module End: F7AEC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7875000
Module End: F7880000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F77E6000
Module End: F7805000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7AED000
Module End: F7AF2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7885000
Module End: F7892000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F77CE000
Module End: F77E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7895000
Module End: F789E000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F78A5000
Module End: F78B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F77AE000
Module End: F77CE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F779C000
Module End: F77AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F78B5000
Module End: F78BF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: F7787000
Module End: F779C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7770000
Module End: F7787000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F76E3000
Module End: F7770000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F76B6000
Module End: F76E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F769C000
Module End: F76B6000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7AA5000
Module End: F7AAE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F7535000
Module End: F754C000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7521000
Module End: F7535000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7B25000
Module End: F7B2B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F74FD000
Module End: F7521000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7B2D000
Module End: F7B35000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: F74D6000
Module End: F74FD000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F73CB000
Module End: F74D6000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F733F000
Module End: F73CB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7B35000
Module End: F7B3D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: F7AB5000
Module End: F7AC0000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7AC5000
Module End: F7AD2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7B45000
Module End: F7B4B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7AD5000
Module End: F7AE5000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F7D59000
Module End: F7D5D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F732B000
Module End: F733F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F78D5000
Module End: F78E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Afc.sys
Service Name: Afc
Module Base: F7B4D000
Module End: F7B55000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: F78E5000
Module End: F78EF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pfc.sys
Service Name: pfc
Module Base: F7D5D000
Module End: F7D60000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: F7D99000
Module End: F7D9B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F78F5000
Module End: F7905000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7905000
Module End: F7914000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ks.sys
Service Name: ---
Module Base: F7308000
Module End: F732B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7B55000
Module End: F7B5B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\smwdm.sys
Service Name: smwdm
Module Base: F7282000
Module End: F7308000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F725E000
Module End: F7282000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7925000
Module End: F7934000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aeaudio.sys
Service Name: aeaudio
Module Base: F7D9D000
Module End: F7D9F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serscan.sys
Service Name: StillCam
Module Base: F7DA3000
Module End: F7DA5000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7ECE000
Module End: F7ECF000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F79B5000
Module End: F79C2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7570000
Module End: F7573000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F721C000
Module End: F7233000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F79C5000
Module End: F79D0000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F79D5000
Module End: F79E1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7B65000
Module End: F7B6A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7B6D000
Module End: F7B72000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7B75000
Module End: F7B7A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F79E5000
Module End: F79EF000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7B7D000
Module End: F7B83000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7DC1000
Module End: F7DC3000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\update.sys
Service Name: Update
Module Base: F711E000
Module End: F717C000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\omci.sys
Service Name: omci
Module Base: F7B85000
Module End: F7B8A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7568000
Module End: F756C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F79F5000
Module End: F79FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ialmkchw.sys
Service Name: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
Module Base: EF08A000
Module End: EF09E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ialmsbw.sys
Service Name: {6080A529-897E-4629-A488-ABA0C29B635E}
Module Base: EF06E000
Module End: EF08A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7A25000
Module End: F7A34000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7DC9000
Module End: F7DCB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F7B8D000
Module End: F7B92000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F7CFD000
Module End: F7D00000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7DD7000
Module End: F7DD9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7FB3000
Module End: F7FB4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7DD9000
Module End: F7DDB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: F7B9D000
Module End: F7BA3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7BA5000
Module End: F7BAC000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F7BAD000
Module End: F7BB3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7DDB000
Module End: F7DDD000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7DDD000
Module End: F7DDF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7BB5000
Module End: F7BBA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F7BBD000
Module End: F7BC5000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7D05000
Module End: F7D08000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\OAnet.sys
Service Name: OAnet
Module Base: F7BC5000
Module End: F7BCB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EED43000
Module End: EED56000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7A55000
Module End: F7A5E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EECEA000
Module End: EED43000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\MpFirewall.sys
Service Name: MPFIREWL
Module Base: EECD6000
Module End: EECEA000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\OAmon.sys
Service Name: OAmon
Module Base: F7A65000
Module End: F7A6E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: F7A75000
Module End: F7A80000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EECAE000
Module End: EECD6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: F7BCD000
Module End: F7BD4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F7D11000
Module End: F7D14000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EEC8C000
Module End: EECAE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7A85000
Module End: F7A8E000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: EEBCA000
Module End: EEBEC000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F7BD5000
Module End: F7BDB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EEB9F000
Module End: EEBCA000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\oahlp32.sys
Service Name: oahlpXX
Module Base: F7935000
Module End: F793E000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Service Name: OADevice
Module Base: EEB46000
Module End: EEB77000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EEAD6000
Module End: EEB46000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7945000
Module End: F7950000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EEAB0000
Module End: EEAD6000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7955000
Module End: F795E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: EE9F8000
Module End: EEA43000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSnx.SYS
Service Name: aswSnx
Module Base: EE98B000
Module End: EE9F8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F7BE5000
Module End: F7BED000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: F7BF5000
Module End: F7BFB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F7BFD000
Module End: F7C04000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HPZius12.sys
Service Name: HPZius12
Module Base: F7C05000
Module End: F7C0B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F7C0D000
Module End: F7C14000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\LVUSBSta.sys
Service Name: LVUSBSta
Module Base: F7965000
Module End: F796E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbscan.sys
Service Name: BulkUsb
Module Base: F7D49000
Module End: F7D4D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F7D4D000
Module End: F7D50000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7975000
Module End: F797E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HPZid412.sys
Service Name: HPZid412
Module Base: F7995000
Module End: F79A2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F7D55000
Module End: F7D59000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
Service Name: HPZipr12
Module Base: F7CE9000
Module End: F7CED000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: ED801000
Module End: ED811000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ED03C000
Module End: ED054000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7DFF000
Module End: F7E01000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EE97F000
Module End: EE982000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: EE93B000
Module End: EE940000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7F98000
Module End: F7F99000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Service Name: aswFsBlk
Module Base: F7C85000
Module End: F7C88000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: ED61A000
Module End: ED624000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: F7EF5000
Module End: F7EF6000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: ECF87000
Module End: ECF9C000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: ED034000
Module End: ED038000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: F7D7D000
Module End: F7D7F000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: EE92B000
Module End: EE932000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: ED5F6000
Module End: ED5FF000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: F7EF9000
Module End: F7EFA000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: ECF6F000
Module End: ECF87000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: ECF56000
Module End: ECF6F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Service Name: fssfltr
Module Base: F71FC000
Module End: F7208000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: ECFCC000
Module End: ECFD0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: ECE42000
Module End: ECE66000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: ECDD8000
Module End: ECDF2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: ECB43000
Module End: ECB58000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: ECD90000
Module End: ECD9F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EC930000
Module End: EC95D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F7DAB000
Module End: F7DAD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Service Name: ASCTRM
Module Base: F7DCB000
Module End: F7DCD000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: ECC90000
Module End: ECC93000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys
Service Name: Srv
Module Base: EC7E8000
Module End: EC840000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Service Name: ---
Module Base: EC798000
Module End: EC79B000
Hidden: Yes

Module Name: C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
Service Name: LVPr2Mon
Module Base: F7C1D000
Module End: F7C22000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: EC2CF000
Module End: EC310000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: EC247000
Module End: EC250000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: EBEE4000
Module End: EBF0F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7B3D000
Module End: F7B44000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: EE99DFC4
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: EEA02510
Driver Base: EE9F8000
Driver End: EEA43000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwAssignProcessToJobObject
Address: EEB49928
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwClose
Address: EE9C16A9
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwConnectPort
Address: EEB4864C
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateEvent
Address: EE9A0456
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: EE9A04AE
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateFile
Address: EEB4F316
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateIoCompletion
Address: EE9A05C4
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: EE9C105D
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: EE9A03AC
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreatePort
Address: EEB4846A
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcess
Address: EEB49EE8
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcessEx
Address: EEB46978
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateSection
Address: EE9A04FE
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: EE9A0400
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateThread
Address: EEB47634
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateTimer
Address: EE9A0572
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDebugActiveProcess
Address: EEB47D22
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwDeleteBootEntry
Address: EE99DFE8
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: EE9C1D6F
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: EE9C2025
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: EE9A0848
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: EE9C1BDA
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: EE9C1A45
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: EEA025C0
Driver Base: EE9F8000
Driver End: EEA43000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: EE99DDB2
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: EE99E00C
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: EE9A09BC
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: EE99EAA4
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: EE9A0486
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: EE9A04D6
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenFile
Address: EEB4F694
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenIoCompletion
Address: EE9A05EE
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: EE9C13B9
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: EE9A03D8
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: EE9A0680
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: EE9A053E
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: EE9A042E
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: EE9A0764
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: EE9A059C
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: EEA02658
Driver Base: EE9F8000
Driver End: EEA43000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: EE9C18C0
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: EE99E96A
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: EE9C1712
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueueApcThread
Address: EEB49A44
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRenameKey
Address: EEA0A9E6
Driver Base: EE9F8000
Driver End: EEA43000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRequestPort
Address: EEB48CB0
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRequestWaitReplyPort
Address: EEB49018
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRestoreKey
Address: EE9C06D0
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwResumeThread
Address: EEB480CE
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSecureConnectPort
Address: EEB4886E
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetBootEntryOrder
Address: EE99E030
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: EE99E054
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetContextThread
Address: EEB47BCC
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetSystemInformation
Address: EE99DE0C
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: EE99DF48
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: EE9C1E76
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: EE99DF24
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSuspendProcess
Address: EEB481FE
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSuspendThread
Address: EEB47F7A
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSystemDebugControl
Address: EE99DF6C
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess
Address: EEB47472
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwTerminateThread
Address: EEB47A66
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwUnloadDriver
Address: EEB49518
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwUnloadKey
Address: EC7986D0
Driver Base: EC798000
Driver End: EC79B000
Driver Name: \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys

Function Name: ZwVdmControl
Address: EE99E078
Driver Base: EE98B000
Driver End: EE9F8000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteVirtualMemory
Address: EEB49804
Driver Base: EEB46000
Driver End: EEB77000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ObMakeTemporaryObject
At Address: 805A038B
Jump To: EEA1369C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805650BA
Jump To: EEA1515C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0635.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0636.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0637.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0638.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0639.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0640.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0641.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0642.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0643.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0644.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0645.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0646.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0647.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0648.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0649.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0650.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0651.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0652.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0653.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0654.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0655.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0656.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0657.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0658.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0659.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0660.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0661.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0662.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0663.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0664.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0665.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0666.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0667.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0668.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0669.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0670.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0671.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0672.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0673.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0674.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0675.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0676.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0677.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0678.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0679.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0680.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0681.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0689.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0690.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0691.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0692.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0693.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0694.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0695.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0696.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0697.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0698.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0699.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0700.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0701.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0702.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0703.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0704.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0705.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0706.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0707.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0708.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0709.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0710.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0711.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0712.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0713.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0714.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0715.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0716.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0717.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0718.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0719.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0720.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0721.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0722.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0723.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0724.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0725.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0726.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0727.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0728.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0729.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0730.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0731.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0732.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0733.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0734.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0735.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0736.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0737.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0738.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0739.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0740.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0741.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0742.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0743.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0744.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0745.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0746.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0747.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0748.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0749.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0750.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\IMG_0751.JPG
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 061.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 062.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 063.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 064.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 065.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 066.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 067.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 068.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 069.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 070.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 071.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 072.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 073.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 074.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\LPool R.O.Pics - October 08 075.jpg
Status: Access denied

Object: C:\0ebf499d58908eb22937c3c82992ec\1 - LV RO Pictures\Thumbs.db
Status: Access denied

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{9A02A81E-BD94-AABE-DCF5-538661AB6A58}\01\10-{9A02A81E-BD94-AABE-DCF5-538661AB6A58}-v1-{B2A7
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\00\427-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\01\11-{D97343BA-678F-F720-2F4D-86BD4A8269B5}-v1
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\01\471-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\02\418-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\03\426-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\04\470-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\05\420-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\06\430-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\07\425-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\08\431-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\09\428-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\10\429-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\12\434-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\13\433-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\14\435-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\15\438-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D97343BA-678F-F720-2F4D-86BD4A8269B5}\16\447-{B2A7C221-3E8D-43D6-99FB-62FB66B7DC43}-v
Status: Hidden

Object: C:\Documents and Settings\Don Higham\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\romaburdett@hotma

[SuperDave]

You still haven't told me what the problem is with your computer.
You have two firewalls; Windows Firewall and Online Armor 5.5 . One will have to be disabled as they can cause conflicts.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[High1]

Hello Dave

Please find attached the ESET text file.

Cheers

High1

[year+ old attachment deleted by admin]

[SuperDave]

Please run ESET again and this time, fix the infections.

[High1]

Hello Dave

I have run the ESET scanner again and it is now showing 'No threats found'. Does that mean the Trojan has gone?

Thanks

High1

[SuperDave]

have run the ESET scanner again and it is now showing 'No threats found'. Does that mean the Trojan has gone?

I would say so. Are there any other issues before we cleanup?

[High1]

No, Dave - no malware/virus issues, anyway.

You have been a marvellous help, so many thanks for your patience.

Much appreciated.

High1

[SuperDave]

You're welcome. We should do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!