Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious services running


  • This topic is locked This topic is locked
30 replies to this topic

#1 Pattir118

Pattir118

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 23 February 2012 - 10:01 PM

After removing Security Shield my Windows XP SP3 computer would not access the internet and my keyboard was disabled. Upon computer reboot I am greeted by "Master Boot Record Error, press a key" I have tried to use FixMbr from the Recovery Console but I still get that error.
I have run several scans and posted logs back into this forum Original Forum Post
I have since fixed the keyboard issue and with the excellent service and assistance in these forums I am back online. I was instructed to post logs and look for assistance in this forum.

DDS.txt Scan

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Compaq_Owner at 19:13:47 on 2012-02-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.313 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {C94158E1-6151-4442-ABE6-FD53D6534CCB} - No File
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\compaq_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
IE: &AIM Search
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154445660703
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.geni.com/ImageUploader4.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9344D2F8-932D-4950-AC7F-EEEDFDAEED57} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9B3CD782-87EF-445A-96DD-85DFB9AFF3A6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C2E901D1-F153-4EE1-A1B1-B90346F67901} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\h9i0f9b2.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=CplX2lKl&q=
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\h9i0f9b2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\h9i0f9b2.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\robloxversions\version-b3dc906c765c40b6\NPRobloxProxy.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.95\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=CplX2lKl&q=
.
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-9 64512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsla1c7c6b1;MpKsla1c7c6b1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d062520b-c649-4de0-a26f-b1613ba7a0f1}\MpKsla1c7c6b1.sys [2012-2-23 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2012-2-23 67584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-28 652360]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-3-13 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-28 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-23 40776]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-3-13 588032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-11 135664]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-11 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\system32\drivers\MN710-51.sys [2004-1-7 339520]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\wusb54gscv2.sys --> c:\windows\system32\drivers\WUSB54GSCV2.sys [?]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-18 24652]
S4 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2011-3-13 167936]
.
=============== Created Last 30 ================
.
2012-02-23 22:47:16 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Safe mirror
2012-02-23 22:46:26 -------- d-----w- c:\program files\Cobian Backup 10
2012-02-23 21:21:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d062520b-c649-4de0-a26f-b1613ba7a0f1}\MpKsla1c7c6b1.sys
2012-02-23 20:21:56 40776 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-23 20:18:41 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d062520b-c649-4de0-a26f-b1613ba7a0f1}\offreg.dll
2012-02-23 20:16:08 709968 ----a-w- c:\windows\isRS-000.tmp
2012-02-23 18:17:45 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d062520b-c649-4de0-a26f-b1613ba7a0f1}\mpengine.dll
2012-02-23 17:12:04 75264 ------w- c:\windows\system32\drivers\ipsec.sys
2012-02-23 17:12:04 75264 ------w- c:\windows\system32\dllcache\ipsec.sys
2012-02-23 17:12:04 162816 ------w- c:\windows\system32\drivers\netbt.sys
2012-02-23 17:12:04 162816 ------w- c:\windows\system32\dllcache\netbt.sys
2012-02-23 17:12:04 138496 ------w- c:\windows\system32\drivers\afd.sys
2012-02-23 17:12:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2012-02-23 04:21:13 52480 ------w- c:\windows\system32\drivers\i8042prt.sys
2012-02-23 04:21:13 52480 ------w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-23 01:35:46 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-23 01:35:29 -------- d-----w- c:\documents and settings\compaq_owner\application data\TestApp
2012-02-20 20:06:07 1409 ----a-w- c:\windows\QTFont.for
2012-02-18 16:05:49 0 --sh--w- c:\windows\system32\dds_trash_log.cmd
2012-02-18 14:09:20 -------- d-----w- c:\documents and settings\compaq_owner\application data\calibre
2012-02-18 14:08:29 -------- d-----w- c:\program files\Calibre2
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ------w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
2011-12-15 03:32:40 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06 20464 ------w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:15:07.70 ===============


I completed the GMER but it did not generate a log, can I go back into the program and find it?
Thanks!

I apologize, the attach did not attach :)Attached File  attach.txt   33.16KB   0 downloads

Edited by boopme, 23 February 2012 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 29 February 2012 - 03:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 29 February 2012 - 09:48 AM

Thank you for your reply

I was told by a tech on bleeping computer that I have alot of suspicious services running so this is what led me to this forum.
I am currently running Windows XP SP3
I have a string of viruses on my computer that no matter how many times they are removed they come back
I get a "Master Boot record error" every time I start the computer, I have tried a fixmbr and this did not work
My CD Drive does not work, I have tried to take it out and put it back in and this does not fix it either, it will however work in a different system.
The system is running very slow

OTL.txt results

OTL logfile created on: 2/29/2012 9:22:19 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 37.89% Memory free
1.28 Gb Paging File | 0.72 Gb Available in Paging File | 55.76% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.30 Gb Total Space | 28.82 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.76 Gb Free Space | 14.45% Space Free | Partition Type: FAT32
Drive K: | 465.64 Gb Total Space | 435.56 Gb Free Space | 93.54% Space Free | Partition Type: FAT32

Computer Name: FAMILY2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 09:20:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2012/02/20 18:05:58 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/02/17 17:47:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/01 15:51:20 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/11/09 22:01:05 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/09 22:01:03 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/09/10 16:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/29 09:17:58 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/02/29 09:17:55 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/02/18 12:53:13 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/18 12:08:46 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/18 12:08:05 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/17 17:47:09 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012/01/10 18:40:30 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko10.dll
MOD - [2011/11/09 22:01:27 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/11/09 22:01:24 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/09 22:00:25 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/10/14 22:24:53 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/02 12:57:38 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/02 12:57:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2009/08/06 15:34:26 | 000,221,184 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanDll.dll
MOD - [2009/03/24 13:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanSup.dll
MOD - [2009/01/23 10:54:34 | 000,212,992 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanCtl.dll
MOD - [2008/06/27 09:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWps.dll
MOD - [2007/12/15 00:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\acAuth.dll
MOD - [2004/01/22 09:53:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXBRPMON.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WmaCVideo32)
SRV - File not found [Auto | Stopped] -- -- (w200bus)
SRV - File not found [Auto | Stopped] -- -- (uiusys)
SRV - File not found [Auto | Stopped] -- -- (tmesrv3)
SRV - File not found [Auto | Stopped] -- -- (suservice)
SRV - File not found [Auto | Stopped] -- -- (SfCtlCom)
SRV - File not found [Auto | Stopped] -- -- (sermouse)
SRV - File not found [Auto | Stopped] -- -- (Packet)
SRV - File not found [Auto | Stopped] -- -- (nvport)
SRV - File not found [Auto | Stopped] -- -- (mxssvr)
SRV - File not found [Auto | Stopped] -- -- (msfwsvc)
SRV - File not found [Auto | Stopped] -- -- (mgabgexe)
SRV - File not found [Auto | Stopped] -- -- (lcs)
SRV - File not found [Auto | Stopped] -- -- (hclinetd)
SRV - File not found [Auto | Stopped] -- -- (etoksrv)
SRV - File not found [Auto | Stopped] -- -- (ds1)
SRV - File not found [Auto | Stopped] -- -- (datasvr2)
SRV - File not found [Auto | Stopped] -- -- (CTAudSvcService)
SRV - File not found [Auto | Stopped] -- -- (AppnApi)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/09 22:01:03 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/02 10:59:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/02/11 18:12:38 | 000,167,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)
SRV - [2007/01/16 16:10:14 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2012/02/23 15:22:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/02 10:59:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/02 10:59:27 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/05 21:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/02/27 09:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/02/03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2007/01/23 03:56:04 | 000,016,896 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/01/23 03:35:20 | 000,317,952 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/11/16 16:31:40 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2006/11/16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/20 17:20:34 | 000,044,800 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dptrackerd.sys -- (dptrackerd)
DRV - [2005/04/20 13:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/01/07 16:04:00 | 000,339,520 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MN710-51.sys -- (MN710-51) Microsoft®
DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/12/10 04:53:24 | 000,236,121 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111004
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=CplX2lKl&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=CplX2lKl&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\RobloxVersions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 17:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 17:34:31 | 000,000,000 | ---D | M]

[2009/12/19 00:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2012/02/17 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions
[2011/02/05 11:54:03 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/19 07:28:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/17 17:20:54 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/01/25 17:29:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/11 09:04:12 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/02/12 16:23:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/16 10:05:59 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\runtime@panda3d.org
[2012/01/22 12:14:34 | 000,000,000 | ---D | M] (Shockwave Game Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\toolbar@ask.com
[2011/08/23 21:16:36 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\searchplugins\askcom.xml
[2011/10/04 16:30:44 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\searchplugins\bing-zugo.xml
[2011/11/13 14:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 17:47:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/01 07:24:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/03/16 14:59:52 | 000,002,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2011/11/13 14:20:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\RobloxVersions\version-b3dc906c765c40b6\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/02/22 21:32:24 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C94158E1-6151-4442-ABE6-FD53D6534CCB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &AIM Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154445660703 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.geni.com/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9344D2F8-932D-4950-AC7F-EEEDFDAEED57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B3CD782-87EF-445A-96DD-85DFB9AFF3A6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E901D1-F153-4EE1-A1B1-B90346F67901}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://lh5.google.com/JenniferLorenzana/R1CjCo2egjI/AAAAAAAABio/YsyFkvtkHck/100_2530-1.JPG?imgmax=512
O24 - Desktop Components:1 () - http://images.plaxo.com/fetch_image?path=51541024740_0_-953510785&width=180&size=180
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 12:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/10/23 14:12:02 | 000,000,000 | -H-D | M] - K:\autorun -- [ FAT32 ]
O33 - MountPoints2\{47319834-62f2-11dc-98f3-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{54c790b6-6202-11dc-98e9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{54c790b6-6202-11dc-98e9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\wd_windows_tools\WDSetup.exe -- [2008/06/19 12:46:02 | 001,760,476 | -H-- | M] (Western Digital Corporation )
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "iPodService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "ProtexisLicensing"
MsConfig - Services: "ose"
MsConfig - Services: "MyWebSearchService"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate Notice"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "idsvc"
MsConfig - Services: "DTSRVC"
MsConfig - Services: "WANMiniportService"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "Symantec Core LC"
MsConfig - Services: "LVPrcSrv"
MsConfig - Services: "LVCOMSer"
MsConfig - Services: "KodakCCS"
MsConfig - Services: "IDriverT"
MsConfig - Services: "gusvc"
MsConfig - Services: "comHost"
MsConfig - Services: "CLTNetCnService"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "Brother XP spl Service"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - Services: "WLSVC"
MsConfig - Services: "MsMpSvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "BBUpdate"
MsConfig - Services: "BBSvc"
MsConfig - Services: "!SASCORE"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^AOL Desktop.lnk - - File not found
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: AlcxMonitor - hkey= - key= - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HostManager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IncrediMail - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: LVCOMS - hkey= - key= - C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: osCheck - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Performance Center - hkey= - key= - C:\Program Files\Ascentive\Performance Center\APCMain.exe (Ascentive)
MsConfig - StartUpReg: PS2 - hkey= - key= - c:\hp\drivers\keyboard\PS2.EXE (Hewlett-Packard Company)
MsConfig - StartUpReg: Pure Networks Port Magic - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - File not found
MsConfig - StartUpReg: Verizon Custom Uninstall Tracking - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Vision - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: WebCamRT.exe - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{f31449ef-6eb3-4660-a2fd-b55710da5882} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mxmc - MimicICM.DLL File not found
Drivers32: VIDC.S261 - s261_32.dll File not found
Drivers32: VIDC.S263 - s263_32.dll File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Packet - File not found
NetSvcs: lcs - File not found
NetSvcs: SfCtlCom - File not found
NetSvcs: sermouse - File not found
NetSvcs: atkdisplf - File not found
NetSvcs: uiusys - File not found
NetSvcs: w200bus - File not found
NetSvcs: datasvr2 - File not found
NetSvcs: mxssvr - File not found
NetSvcs: msfwsvc - File not found
NetSvcs: etoksrv - File not found
NetSvcs: suservice - File not found
NetSvcs: WmaCVideo32 - File not found
NetSvcs: hclinetd - File not found
NetSvcs: pcctlcom - File not found
NetSvcs: ds1 - File not found
NetSvcs: mgabgexe - File not found
NetSvcs: tmesrv3 - File not found
NetSvcs: nvport - File not found
NetSvcs: CTAudSvcService - File not found
NetSvcs: AppnApi - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 09:20:27 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/23 18:03:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2012/02/23 17:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Safe mirror
[2012/02/23 17:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2012/02/23 17:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2012/02/23 15:21:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/23 15:00:32 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/23 15:00:21 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/23 12:12:04 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2012/02/23 12:12:04 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/02/23 12:12:04 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2012/02/22 23:21:13 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2012/02/22 21:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/02/22 20:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/02/22 20:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\TestApp
[2012/02/22 18:25:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/02/21 18:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2012/02/21 16:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2012/02/21 16:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2012/02/20 15:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/02/19 18:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\New Folder
[2012/02/18 12:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/18 11:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/18 11:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/02/18 09:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\e-Books
[2012/02/18 09:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\calibre
[2012/02/18 09:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/02/18 09:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/02/18 09:01:34 | 000,313,912 | ---- | C] (Softonic) -- C:\Documents and Settings\Compaq_Owner\Desktop\SoftonicDownloader_for_calibre.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 09:29:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/29 09:22:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/29 09:20:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/29 09:18:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/29 09:18:18 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (reg).job
[2012/02/29 09:17:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/29 09:17:29 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/29 09:16:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 09:16:52 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 09:16:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/29 09:16:41 | 1207,488,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 09:10:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/29 08:56:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1270002908-2450586696-2491714033-1009UA.job
[2012/02/28 23:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/02/28 23:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/02/28 22:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/02/28 22:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/02/28 21:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/02/28 21:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/02/28 20:46:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/02/28 20:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/02/28 19:46:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/02/28 19:46:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/02/28 18:46:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/02/28 18:46:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/02/28 17:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/02/28 17:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/02/28 16:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/02/28 16:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/02/28 15:56:02 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1270002908-2450586696-2491714033-1009Core.job
[2012/02/28 15:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/02/28 15:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/02/28 14:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/02/28 14:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/02/28 13:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/02/28 13:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/02/28 12:46:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/02/28 12:46:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/02/26 19:38:24 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Play Roblox.lnk
[2012/02/23 19:19:34 | 000,006,332 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\attach.rar
[2012/02/23 18:05:09 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2012/02/23 18:03:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2012/02/23 18:02:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2012/02/23 17:49:07 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2012/02/23 17:19:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/02/23 15:22:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/23 15:16:08 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 15:02:43 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/23 15:02:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/23 14:58:59 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SecurityCheck.exe
[2012/02/23 13:10:20 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/23 13:10:20 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 21:32:24 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/22 21:24:30 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/02/22 21:11:28 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\sdasetup.exe.lnk
[2012/02/22 05:57:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/21 19:48:01 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/21 19:43:15 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\VT0Ya14.dat
[2012/02/20 15:06:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/02/20 15:06:07 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/02/18 12:39:58 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 09:35:50 | 000,058,875 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\0218_NCLO_LS_FENWAY148_t607.jpg
[2012/02/18 09:09:10 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/02/18 09:07:14 | 045,470,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\calibre-0.8.39.msi
[2012/02/18 09:01:45 | 000,313,912 | ---- | M] (Softonic) -- C:\Documents and Settings\Compaq_Owner\Desktop\SoftonicDownloader_for_calibre.exe
[2012/02/17 16:22:26 | 000,483,926 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NOOK.zip
[2012/02/17 14:39:14 | 000,483,875 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Paragon Book New Fonts 2-17.zip
[2012/02/16 04:59:35 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 04:59:34 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Google Chrome.lnk
[2012/02/15 16:47:10 | 002,603,846 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\indesign-to-ipad.pdf
[2012/02/15 11:44:12 | 051,856,167 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\indesign_cs5_help.pdf
[2012/02/12 15:51:23 | 000,092,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Trialor day at Fenway.jpg
[2012/02/07 06:29:56 | 000,040,928 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\190032_10150148556600240_21977955239_8394044_2267925_n.jpg
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 18:45:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
[2012/02/23 18:42:39 | 000,006,332 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\attach.rar
[2012/02/23 18:04:54 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2012/02/23 18:02:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2012/02/23 17:49:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2012/02/23 17:19:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/02/23 14:58:41 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SecurityCheck.exe
[2012/02/23 12:53:09 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Winsock.reg
[2012/02/22 21:09:42 | 1207,488,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/22 20:35:54 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\sdasetup.exe.lnk
[2012/02/21 15:44:31 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VT0Ya14.dat
[2012/02/21 15:44:19 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/02/21 15:44:19 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/02/21 15:44:18 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/02/21 15:44:17 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/02/21 15:44:16 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/02/21 15:44:15 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/02/21 15:44:14 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/02/21 15:44:13 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/02/21 15:44:12 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/02/21 15:44:11 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/02/21 15:44:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/02/21 15:44:09 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/02/21 15:44:08 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/02/21 15:44:08 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/02/21 15:44:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/02/21 15:44:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/02/21 15:44:04 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/02/21 15:44:04 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/02/21 15:44:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/02/21 15:44:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/02/21 15:44:01 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/02/21 15:44:00 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/02/21 15:43:59 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/02/21 15:43:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/02/20 15:06:07 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/02/20 15:06:07 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/02/20 07:26:09 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (reg).job
[2012/02/18 15:53:12 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 11:34:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/18 11:05:49 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/18 09:35:48 | 000,058,875 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\0218_NCLO_LS_FENWAY148_t607.jpg
[2012/02/18 09:09:10 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/02/18 09:03:00 | 045,470,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\calibre-0.8.39.msi
[2012/02/17 17:11:11 | 000,483,926 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NOOK.zip
[2012/02/17 17:11:11 | 000,483,875 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Paragon Book New Fonts 2-17.zip
[2012/02/15 17:22:58 | 051,856,167 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\indesign_cs5_help.pdf
[2012/02/15 17:22:57 | 002,603,846 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\indesign-to-ipad.pdf
[2012/02/12 15:51:07 | 000,092,312 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Trialor day at Fenway.jpg
[2012/02/07 06:29:52 | 000,040,928 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\190032_10150148556600240_21977955239_8394044_2267925_n.jpg
[2011/11/12 21:54:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/12 21:54:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/10 04:24:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/13 14:21:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2011/03/13 14:21:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/04/21 07:49:32 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/04/21 06:58:28 | 000,176,140 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
[2010/04/21 06:58:27 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
[2010/04/21 06:38:13 | 000,176,495 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/04/21 06:38:13 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 19:31:01 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CA54532
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Extras.txt results
OTL Extras logfile created on: 2/29/2012 9:22:19 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 37.89% Memory free
1.28 Gb Paging File | 0.72 Gb Available in Paging File | 55.76% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.30 Gb Total Space | 28.82 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.76 Gb Free Space | 14.45% Space Free | Partition Type: FAT32
Drive K: | 465.64 Gb Total Space | 435.56 Gb Free Space | 93.54% Space Free | Partition Type: FAT32

Computer Name: FAMILY2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility -- (Microsoft Corporation)
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray -- (Microsoft Corporation)
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup -- (Microsoft Corporation)
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update -- (Microsoft Corporation)
"C:\FarmVilleBot_2.1\farmvillebot.exe" = C:\FarmVilleBot_2.1\farmvillebot.exe:*:Enabled:farmvillebot
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{4105BF5B-1DC2-4EEF-88AF-3C9EAF69827F}" = calibre
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link DWA-130 Wireless N USB Adapter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Shockwave Game Bar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC15633-2327-43F4-BA85-B83FDB4B59BE}" = Microsoft Broadband Networking
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BackWeb-6750491 Uninstaller" = Compaq Connections
"CCleaner" = CCleaner
"CobBackup10" = Cobian Backup 10
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Gutterball 2" = Gutterball 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"RealPlayer 6.0" = RealPlayer
"RiddleMe" = Riddle Me
"Shockwave" = Shockwave
"SiS VGA Driver" = SiS VGA Utilities
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"vol_toolbar" = Verizon Broadband Toolbar
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBTB05365.XBTB05365IEToolbar" = HearMore.com Toolbar
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Compaq_Owner
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Shockwave Game Bar Updater
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2012 2:08:02 PM | Computer Name = FAMILY2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/23/2012 2:08:09 PM | Computer Name = FAMILY2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/23/2012 2:36:03 PM | Computer Name = FAMILY2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/23/2012 2:36:03 PM | Computer Name = FAMILY2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/23/2012 2:36:03 PM | Computer Name = FAMILY2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/23/2012 2:36:03 PM | Computer Name = FAMILY2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/24/2012 6:41:44 PM | Computer Name = FAMILY2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2/24/2012 6:41:55 PM | Computer Name = FAMILY2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2/24/2012 6:41:56 PM | Computer Name = FAMILY2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2/24/2012 6:41:57 PM | Computer Name = FAMILY2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 2/29/2012 10:16:52 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7023
Description = The SNDO763 service terminated with the following error: %%126

Error - 2/29/2012 10:16:57 AM | Computer Name = FAMILY2 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/29/2012 10:16:57 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/29/2012 10:16:57 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/29/2012 10:17:33 AM | Computer Name = FAMILY2 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/29/2012 10:17:33 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/29/2012 10:17:33 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/29/2012 10:17:37 AM | Computer Name = FAMILY2 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/29/2012 10:17:37 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/29/2012 10:17:37 AM | Computer Name = FAMILY2 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 29 February 2012 - 10:17 AM

Hi,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 29 February 2012 - 11:39 AM

Combofix log

ComboFix 12-02-29.01 - Compaq_Owner 02/29/2012 10:41:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.724 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~GLHTTP1.TMP
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\windows\$NtUninstallKB17296$
c:\windows\$NtUninstallKB17296$\3872299613
c:\windows\bcm36.tmp
c:\windows\bcm37.tmp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\fbecafaadabbfb_g.dll
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET38A.tmp
D:\Autorun.inf
K:\autorun.inf
K:\setup.exe
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\serial.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_.i8042prt
-------\Service_.mrxsmb
-------\Service_.netbt
-------\Service_.serial
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 16:04 . 2012-02-29 16:04 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA53D1-C2F1-4235-B5DE-E75E53FAFCAF}\MpKsl344666f2.sys
2012-02-29 16:03 . 2012-02-29 16:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA53D1-C2F1-4235-B5DE-E75E53FAFCAF}\offreg.dll
2012-02-29 15:57 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-02-29 15:57 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-02-28 23:46 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA53D1-C2F1-4235-B5DE-E75E53FAFCAF}\mpengine.dll
2012-02-23 22:47 . 2012-02-23 22:47 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Safe mirror
2012-02-23 22:46 . 2012-02-23 22:46 -------- d-----w- c:\program files\Cobian Backup 10
2012-02-23 20:21 . 2012-02-23 20:22 40776 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-23 17:12 . 2011-08-17 13:49 138496 ------w- c:\windows\system32\drivers\afd.sys
2012-02-23 17:12 . 2011-08-17 13:49 138496 ------w- c:\windows\system32\dllcache\afd.sys
2012-02-23 17:12 . 2008-04-13 19:21 162816 ------w- c:\windows\system32\drivers\netbt.sys
2012-02-23 17:12 . 2008-04-13 19:21 162816 ------w- c:\windows\system32\dllcache\netbt.sys
2012-02-23 17:12 . 2008-04-13 19:19 75264 ------w- c:\windows\system32\drivers\ipsec.sys
2012-02-23 17:12 . 2008-04-13 19:19 75264 ------w- c:\windows\system32\dllcache\ipsec.sys
2012-02-23 04:21 . 2008-04-13 19:18 52480 ------w- c:\windows\system32\drivers\i8042prt.sys
2012-02-23 04:21 . 2008-04-13 19:18 52480 ------w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-23 02:21 . 2012-02-23 02:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-02-23 02:05 . 2012-02-23 02:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-02-23 02:00 . 2012-02-23 02:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-02-23 01:35 . 2012-02-23 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-23 01:35 . 2012-02-23 01:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\TestApp
2012-02-23 00:08 . 2012-02-23 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-02-22 22:08 . 2012-02-22 22:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-22 12:11 . 2012-02-22 12:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-21 23:43 . 2012-02-21 23:43 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-02-21 23:41 . 2012-02-21 23:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-02-21 21:19 . 2012-02-23 05:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2012-02-20 20:06 . 2012-02-20 20:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-02-20 20:06 . 2012-02-20 20:06 1409 ----a-w- c:\windows\QTFont.for
2012-02-18 16:05 . 2012-02-22 00:48 0 --sh--w- c:\windows\system32\dds_trash_log.cmd
2012-02-18 14:09 . 2012-02-18 14:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\calibre
2012-02-18 14:08 . 2012-02-18 14:09 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2010-09-23 12:51 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-09-22 12:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2004-08-04 18:00 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 18:00 916992 ------w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 18:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 18:00 385024 ------w- c:\windows\system32\html.iec
2011-12-15 03:32 . 2011-06-05 22:19 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-01-29 02:48 20464 ------w- c:\windows\system32\drivers\mbam.sys
2012-02-17 22:47 . 2011-06-22 11:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-20 4617600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2011-3-13 505152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Custom Uninstall Tracking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vision
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 19:01 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 21:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-31 20:25 136176 ----atw- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-07 16:45 196608 ------w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 02:02 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-11 00:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
2007-07-03 16:48 3039232 ----a-w- c:\program files\Ascentive\Performance Center\ApcMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 02:13 98304 ----a-w- c:\hp\drivers\keyboard\PS2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 19:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-11-11 22:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"ose"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"idsvc"=3 (0x3)
"DTSRVC"=3 (0x3)
"WANMiniportService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KodakCCS"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WLSVC"=2 (0x2)
"MsMpSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"BBUpdate"=2 (0x2)
"BBSvc"=3 (0x3)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/9/2011 9:51 PM 64512]
R1 MpKsl344666f2;MpKsl344666f2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDEA53D1-C2F1-4235-B5DE-E75E53FAFCAF}\MpKsl344666f2.sys [2/29/2012 11:04 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2/23/2012 5:46 PM 67584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2010 9:48 PM 652360]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [3/13/2011 2:21 PM 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2010 9:48 PM 20464]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [3/13/2011 2:21 PM 588032]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2010 5:10 PM 135664]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2010 5:10 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 3:25 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/23/2012 3:21 PM 40776]
S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\system32\drivers\MN710-51.sys [1/7/2004 4:04 PM 339520]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2.sys --> c:\windows\system32\DRIVERS\WUSB54GSCV2.sys [?]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
S4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S4 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/18/2008 5:47 AM 24652]
S4 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [3/13/2011 2:21 PM 167936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL344666F2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Packet
lcs
SfCtlCom
sermouse
atkdisplf
uiusys
w200bus
datasvr2
mxssvr
msfwsvc
etoksrv
suservice
WmaCVideo32
hclinetd
pcctlcom
ds1
mgabgexe
tmesrv3
nvport
CTAudSvcService
AppnApi
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\Ad-Aware Scan (reg).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 03:01]
.
2012-02-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 03:01]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 22:09]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 22:09]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1270002908-2450586696-2491714033-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:25]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1270002908-2450586696-2491714033-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:25]
.
2012-02-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-02-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AIM Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\h9i0f9b2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=CplX2lKl&q=
FF - user.js: keyword.URL - hxxp://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=CplX2lKl&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 11:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,4a,67,2d,18,55,5e,48,8d,bd,28,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,4a,67,2d,18,55,5e,48,8d,bd,28,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\System32\MSVCP71.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-02-29 11:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 16:16
.
Pre-Run: 30,842,179,584 bytes free
Post-Run: 31,250,710,528 bytes free
.
- - End Of File - - 8238A1999623BAEDC78BE06FEAA18459

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 29 February 2012 - 05:36 PM

Hi,

that is looking promising. How is the PC doing? Do you remember how you get infected with this?

There are some leftovesr we need to remove, but you should be noticing an improvement.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 29 February 2012 - 07:41 PM

Yes Im definitely noticing difference in speed. I still have the MBR when I turn the pc on.
I don't know how I got infected, I am wondering if its from a game my son plays or possibly a file my husband downloaded for work. It was an EPub convertor to create ebooks. Not really sure though

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 01 March 2012 - 03:21 AM

Hi,

what do you mean you still got MBR when you turn the PC on? DO you get a warning about the MBR?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 01 March 2012 - 07:14 AM

Yes, every time I turn on my computer I get "Master Boot Record error, press any key" after pressing a key it goes on fine but I don't know why I get that error

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 01 March 2012 - 06:21 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • You will see a list of folders: sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB, please open that and confirm it's your flash drive.
  • If it is your flash drive press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 01 March 2012 - 08:05 PM

It didn't copy that file to the usb yet i saw it on the screen before I took the usb drive out. Should I do it again?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 02 March 2012 - 06:20 AM

Hi,

how many hard drives do you have in your machine? (If there's more than one, the file wsa saved to your second hard drive and not the flash drive. You can copy it over (or upload it from the second hard drive instead of doing so from the flash drive).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 02 March 2012 - 07:29 AM

YEs you are correct!

Attached Files



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 03 March 2012 - 07:34 AM

Hi,

are you familiar with BIOS? Could you check if you're booting of your internal hard drive by default or if there's a different medium listed as primary booting option?

regareds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Pattir118

Pattir118
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 03 March 2012 - 09:47 AM

Yes I did check that & it was trying to boot up first to usb drive within the hdd boot group. I changed that back to my hdd & that took care of the mbr error!! Thank you!
You had mentioned there were some other items that needs to be removed?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users