Solved No Desktop or taskbar on startup

B

brettbelwood

Posts: 30   +0
Hello,
I have a Compaq desktop, running Windows XP SP3 (Media center edition), and about a week ago, I attempted to start it up, and while it was able to log on, no desktop appears, i can't get explorer to run, and i have about six instances of IE 8 that continue to run and can't be ended by the task manager. However, I was able to run malwarebytes, and it told me i had multiple trojan agents and PUPs, which were designated as livingplay. I told it to quarantine them and restart, but to no avail. Is there a way to fix this?
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Same issues in safe mode?
How did you manage to run MBAM?
 
i cannot startup in safe mode, every time i attempt that, it just restarts. I got mbam open by opening task manager, clicking new task, browsing for mbam, then running it by clicking "run as" then selecting current user
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
i will post as well the log for mbam, however it is only partial as my little sister came in here and shut it down so she could try to get on the internet.
 
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: YOUR-4DACD0EA75 [administrator]

1/11/2012 9:44:32 PM
mbam-log-2012-01-11 (21-44-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 46466
Time elapsed: 7 minute(s), 2 second(s) [aborted]

Memory Processes Detected: 4
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe (Spyware.Agent) -> 1592 -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe (Spyware.Agent) -> 3496 -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe (Spyware.Agent) -> 5180 -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe (Spyware.Agent) -> 216 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe (Spyware.Agent) -> Delete on reboot.

(end)
 
here is the OTL log, as per your request; it is in two separate posts. as well, using a DVD does work, in case the issue arises again.


OTL logfile created on: 1/12/2012 1:38:14 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 653.00 Mb Available Physical Memory | 68.00% Memory free
858.00 Mb Paging File | 713.00 Mb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 142.09 Gb Free Space | 63.35% Space Free | Partition Type: NTFS
Drive H: | 8.56 Gb Total Space | 0.61 Gb Free Space | 7.14% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (NSCService)
SRV - File not found [Disabled] -- -- (Ndivlalrap)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [Disabled] -- -- (ccSetMgr)
SRV - File not found [Disabled] -- -- (ccEvtMgr)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
DRV - File not found [Kernel | On_Demand] -- -- (rkhdrv40)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (MpKslfd41a1de)
DRV - File not found [Kernel | System] -- -- (MpKslf44bdeca)
DRV - File not found [Kernel | System] -- -- (MpKslf17702ef)
DRV - File not found [Kernel | System] -- -- (MpKslf06a5a36)
DRV - File not found [Kernel | System] -- -- (MpKsled48b2cf)
DRV - File not found [Kernel | System] -- -- (MpKslec7bcfd1)
DRV - File not found [Kernel | System] -- -- (MpKsleaa03da0)
DRV - File not found [Kernel | System] -- -- (MpKsld8e9c183)
DRV - File not found [Kernel | System] -- -- (MpKsld26b5491)
DRV - File not found [Kernel | System] -- -- (MpKsld064a60a)
DRV - File not found [Kernel | System] -- -- (MpKslbb5eee62)
DRV - File not found [Kernel | System] -- -- (MpKslb328e011)
DRV - File not found [Kernel | System] -- -- (MpKslb2a8f3f3)
DRV - File not found [Kernel | System] -- -- (MpKslb28a2cd0)
DRV - File not found [Kernel | System] -- -- (MpKslafaf278f)
DRV - File not found [Kernel | System] -- -- (MpKsla01872c0)
DRV - File not found [Kernel | System] -- -- (MpKsl9604c01b)
DRV - File not found [Kernel | System] -- -- (MpKsl95c71598)
DRV - File not found [Kernel | System] -- -- (MpKsl751c4189)
DRV - File not found [Kernel | System] -- -- (MpKsl749becf3)
DRV - File not found [Kernel | System] -- -- (MpKsl72aa0583)
DRV - File not found [Kernel | System] -- -- (MpKsl6e352968)
DRV - File not found [Kernel | System] -- -- (MpKsl674f1bc2)
DRV - File not found [Kernel | System] -- -- (MpKsl56e781d5)
DRV - File not found [Kernel | System] -- -- (MpKsl5669459f)
DRV - File not found [Kernel | System] -- -- (MpKsl532d3ef8)
DRV - File not found [Kernel | System] -- -- (MpKsl4aa3d98a)
DRV - File not found [Kernel | System] -- -- (MpKsl3e7448ea)
DRV - File not found [Kernel | System] -- -- (MpKsl38db8e0c)
DRV - File not found [Kernel | System] -- -- (MpKsl34c65712)
DRV - File not found [Kernel | System] -- -- (MpKsl2f79ec46)
DRV - File not found [Kernel | System] -- -- (MpKsl268d2eb5)
DRV - File not found [Kernel | System] -- -- (MpKsl214cb8db)
DRV - File not found [Kernel | System] -- -- (MpKsl1b09874e)
DRV - File not found [Kernel | System] -- -- (MpKsl19460703)
DRV - File not found [Kernel | System] -- -- (MpKsl180334c8)
DRV - File not found [Kernel | System] -- -- (MpKsl0b39a801)
DRV - File not found [Kernel | System] -- -- (MpKsl08b17d62)
DRV - File not found [Kernel | System] -- -- (MpKsl080d91c3)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/01/11 21:56:09 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9157CFE9-F125-4DDF-A7A8-CAA5C09A95C2}\MpKslf8912e4f.sys -- (MpKslf8912e4f)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2006/06/14 13:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/17 02:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/29 15:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/09 23:00:00 | 000,074,752 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E5 6E F5 00 AE 54 0E 45 A4 F0 24 1A D9 EB EA F9 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7A 1B 0C 51 E0 CB 01 [binary data]
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E5 6E F5 00 AE 54 0E 45 A4 F0 24 1A D9 EB EA F9 [binary data]
IE - HKU\Compaq_Administrator_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Compaq_Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E5 6E F5 00 AE 54 0E 45 A4 F0 24 1A D9 EB EA F9 [binary data]

IE - HKU\MCX1_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX1_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX1_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX1_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\MCX1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\MCX2_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX2_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX2_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\MCX2_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\MCX2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E5 6E F5 00 AE 54 0E 45 A4 F0 24 1A D9 EB EA F9 [binary data]


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 15:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 16:15:10 | 000,000,000 | ---D | M]

[2010/12/11 21:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/18 10:28:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/18 10:27:55 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/11 14:51:37 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] File not found
O4 - HKLM..\Run: [dplaysvr] File not found
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] File not found
O4 - HKU\.DEFAULT..\Run: [Smad] C:\Documents and Settings\LocalService\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe (SanctionedMedia)
O4 - HKU\Compaq_Administrator_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX2\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX2\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\MCX1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\MCX2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://ger.geronline.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno(1)\bin\jmsgpph.dll (Juno Online Services, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\4524b46f665: DllName - C:\WINDOWS\System32\iassam32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = 2ND] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 00:44:36 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTLPENet.exe
[2012/01/11 22:30:20 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/01/11 20:17:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2012/01/11 18:33:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2012/01/11 18:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Google
[2012/01/11 18:33:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2012/01/11 18:18:48 | 000,577,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Documents\kbd32.dll
[2012/01/10 22:49:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\system32\config\systemprofile\Recent
[2012/01/09 15:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SanctionedMedia
[2012/01/09 15:25:28 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ygn.exe
[2012/01/06 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
[2012/01/06 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/06 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/06 20:35:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/06 20:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/06 20:31:39 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/02 22:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/01/02 22:49:52 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012/01/02 22:49:52 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/12/24 19:53:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\PrivacIE
[2011/12/24 19:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2011/12/24 19:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/17 21:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
[2006/02/19 12:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 01:17:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/12 01:08:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 00:44:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/12 00:39:49 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 00:39:45 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 00:31:16 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTLPENet.exe
[2012/01/11 23:33:22 | 000,000,543 | ---- | M] () -- C:\WINDOWS\System32\qwavecache.dat
[2012/01/11 23:33:22 | 000,000,543 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2012/01/11 23:17:12 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/01/11 22:53:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/11 21:53:54 | 000,016,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\3283598863
[2012/01/11 21:53:54 | 000,016,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3283598863
[2012/01/11 21:42:23 | 000,016,054 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\2520970206
[2012/01/11 21:42:23 | 000,016,054 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2520970206
[2012/01/11 21:40:12 | 000,016,050 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\job0c0r2vnmw
[2012/01/11 21:39:25 | 000,016,066 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\job0c0r2vnmw
[2012/01/11 21:39:25 | 000,016,066 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
[2012/01/11 18:18:45 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\19792079
[2012/01/11 18:16:59 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/01/11 18:13:54 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/09 15:25:28 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ygn.exe
[2012/01/07 15:06:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/07 09:24:35 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/06 20:35:41 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/06 20:32:16 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/04 05:10:20 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Kit Defrag.job
[2012/01/04 05:10:20 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/01/02 18:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/02 18:00:00 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/01/02 11:44:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/24 20:11:38 | 000,086,332 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/24 19:42:45 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/24 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/24 19:37:02 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/19 05:58:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Kit.job
[2011/12/19 02:38:30 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2011/12/14 19:55:55 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
part two:


========== Files Created - No Company Name ==========

[2012/01/11 18:18:45 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\19792079
[2012/01/10 18:51:36 | 000,016,062 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\3283598863
[2012/01/10 18:51:36 | 000,016,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3283598863
[2012/01/10 18:10:35 | 000,016,054 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\2520970206
[2012/01/10 18:08:03 | 000,016,054 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2520970206
[2012/01/10 18:08:03 | 000,016,050 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\job0c0r2vnmw
[2012/01/09 18:12:37 | 000,016,066 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\job0c0r2vnmw
[2012/01/09 15:25:30 | 000,016,066 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
[2012/01/06 20:35:41 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/24 19:42:45 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/24 19:21:32 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/04 21:21:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 14:47:09 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2011/01/11 19:14:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\jagex_runescape_preferences.dat
[2010/08/27 12:30:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/07/18 01:30:49 | 000,000,543 | ---- | C] () -- C:\WINDOWS\System32\qwavecache.dat
[2010/07/18 01:28:47 | 000,000,543 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/03/04 00:57:02 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/04 00:57:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/11 18:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/12/10 19:03:01 | 000,086,332 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/21 00:53:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MCX2\Local Settings\Application Data\fusioncache.dat
[2009/08/20 19:37:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MCX1\Local Settings\Application Data\fusioncache.dat
[2009/05/25 09:08:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\mail.ini
[2008/11/22 08:34:57 | 000,122,664 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2008/11/22 08:34:57 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2008/11/13 18:48:17 | 000,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2008/11/13 18:28:22 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/12 18:36:43 | 000,122,717 | ---- | C] () -- C:\WINDOWS\HPHins11.dat.temp
[2008/11/12 18:36:43 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat.temp
[2008/11/11 01:29:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/11/05 15:20:09 | 000,000,020 | ---- | C] () -- C:\WINDOWS\UndUUUg.dat
[2008/10/19 11:35:54 | 000,026,897 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2008/10/19 11:18:35 | 000,000,077 | ---- | C] () -- C:\WINDOWS\worbots.ini
[2008/10/19 11:16:46 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/10/17 23:37:48 | 000,000,052 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/10/17 23:10:45 | 000,000,572 | ---- | C] () -- C:\WINDOWS\CraGra.ini
[2008/10/17 21:52:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\aha_ereg.ini
[2008/09/20 22:12:44 | 000,000,018 | ---- | C] () -- C:\WINDOWS\cnc.ini
[2008/09/20 21:56:36 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2008/09/20 15:25:14 | 000,000,036 | ---- | C] () -- C:\WINDOWS\1000GAME.INI
[2008/08/18 19:46:40 | 000,000,800 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/05/30 18:33:03 | 000,000,566 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/13 16:29:22 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\usb001
[2008/02/29 16:57:04 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini
[2008/02/29 16:56:41 | 000,051,712 | ---- | C] () -- C:\WINDOWS\RUNEPSON.EXE
[2008/02/08 00:06:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/03 15:55:17 | 000,001,282 | ---- | C] () -- C:\WINDOWS\TLMBASIC.INI
[2007/05/25 19:56:50 | 000,000,397 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2007/04/16 19:22:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2007/02/01 16:06:57 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/04 15:11:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/12/23 13:16:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/23 12:37:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/08 17:07:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/12/04 17:11:12 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/19 15:05:25 | 000,000,218 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/11/19 14:26:18 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/11/10 08:46:48 | 000,006,906 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/08 19:07:28 | 000,001,090 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2006/11/08 15:31:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/30 17:22:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/30 17:03:04 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/30 16:59:00 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/08/30 16:58:22 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/08/30 16:58:22 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/08/30 16:58:11 | 000,012,987 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/30 16:58:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/30 16:55:19 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/30 16:46:15 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/30 16:45:00 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/30 16:45:00 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/30 16:40:45 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/30 16:39:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/30 16:36:52 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/30 16:36:52 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/30 16:36:52 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/30 16:36:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/30 16:36:51 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/30 16:36:51 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/30 16:36:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/30 16:36:51 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/30 16:36:51 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/30 16:36:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/30 16:36:51 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/30 16:35:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/30 16:17:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/30 16:14:39 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/30 16:14:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/30 16:14:23 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/05 04:17:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2005/08/30 23:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 23:07:46 | 000,442,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 23:07:46 | 000,071,936 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 23:05:30 | 000,366,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 23:01:42 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 22:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 23:00:00 | 001,032,192 | ---- | C] () -- C:\WINDOWS\expl.dat
[2004/08/09 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 23:00:00 | 000,502,272 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2004/08/09 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 23:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2004/08/09 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 23:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2004/08/09 23:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllc.dat
[2004/08/09 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 09:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 10:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 10:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/03/09 23:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/04/26 23:23:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
[1998/01/13 11:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1998/01/12 09:12:56 | 000,002,831 | ---- | C] () -- C:\WINDOWS\wavemix.ini
[1997/11/13 23:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/02/01 23:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997/02/01 23:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996/07/08 23:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1994/04/06 23:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2008/05/26 10:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\acccore
[2008/12/07 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Aim
[2011/03/13 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\com.w3i.intune
[2008/11/05 15:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Diskeeper Corporation
[2011/12/05 20:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DriverCure
[2006/12/08 17:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
[2010/03/02 19:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
[2006/12/04 17:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2007/03/07 05:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
[2008/11/12 15:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape
[2011/10/06 22:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenCandy
[2006/12/01 05:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Otto
[2007/10/03 19:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Palettes
[2011/12/05 20:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PC Health Labs
[2006/12/02 11:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst
[2008/02/03 15:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Progeny
[2008/11/13 18:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ScanSoft
[2007/03/18 08:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Simple Star
[2011/12/06 20:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SpeedyPC Software
[2008/10/31 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2011/03/13 16:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2011/03/09 20:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Unity
[2008/05/30 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/22 17:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2007/06/19 09:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator
[2010/03/27 09:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/10/15 19:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2011/10/10 16:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juno
[2008/04/27 13:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2006/12/01 05:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/12/05 20:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Health Labs
[2006/12/04 15:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/01/19 20:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/12/06 20:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2008/11/13 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/11/13 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/10/10 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/10 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2010/01/27 20:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/10/28 19:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/06 04:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/13 05:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/01 01:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2012/01/12 00:44:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/04 05:10:20 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Kit Defrag.job
[2011/12/19 05:58:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Kit.job
[2011/12/05 20:22:30 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Labs 3.job
[2012/01/04 05:10:20 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Pro.job
[2012/01/02 18:00:00 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Registration3.job
[2011/12/19 02:38:30 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========


< End of report >
 
using a DVD does work, in case the issue arises again.
Click to expand...
Thank you for testing :)

Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
SRV - File not found [Disabled] -- -- (Ndivlalrap)
DRV - File not found [Kernel | System] -- -- (MpKslfd41a1de)
DRV - File not found [Kernel | System] -- -- (MpKslf44bdeca)
DRV - File not found [Kernel | System] -- -- (MpKslf17702ef)
DRV - File not found [Kernel | System] -- -- (MpKslf06a5a36)
DRV - File not found [Kernel | System] -- -- (MpKsled48b2cf)
DRV - File not found [Kernel | System] -- -- (MpKslec7bcfd1)
DRV - File not found [Kernel | System] -- -- (MpKsleaa03da0)
DRV - File not found [Kernel | System] -- -- (MpKsld8e9c183)
DRV - File not found [Kernel | System] -- -- (MpKsld26b5491)
DRV - File not found [Kernel | System] -- -- (MpKsld064a60a)
DRV - File not found [Kernel | System] -- -- (MpKslbb5eee62)
DRV - File not found [Kernel | System] -- -- (MpKslb328e011)
DRV - File not found [Kernel | System] -- -- (MpKslb2a8f3f3)
DRV - File not found [Kernel | System] -- -- (MpKslb28a2cd0)
DRV - File not found [Kernel | System] -- -- (MpKslafaf278f)
DRV - File not found [Kernel | System] -- -- (MpKsla01872c0)
DRV - File not found [Kernel | System] -- -- (MpKsl9604c01b)
DRV - File not found [Kernel | System] -- -- (MpKsl95c71598)
DRV - File not found [Kernel | System] -- -- (MpKsl751c4189)
DRV - File not found [Kernel | System] -- -- (MpKsl749becf3)
DRV - File not found [Kernel | System] -- -- (MpKsl72aa0583)
DRV - File not found [Kernel | System] -- -- (MpKsl6e352968)
DRV - File not found [Kernel | System] -- -- (MpKsl674f1bc2)
DRV - File not found [Kernel | System] -- -- (MpKsl56e781d5)
DRV - File not found [Kernel | System] -- -- (MpKsl5669459f)
DRV - File not found [Kernel | System] -- -- (MpKsl532d3ef8)
DRV - File not found [Kernel | System] -- -- (MpKsl4aa3d98a)
DRV - File not found [Kernel | System] -- -- (MpKsl3e7448ea)
DRV - File not found [Kernel | System] -- -- (MpKsl38db8e0c)
DRV - File not found [Kernel | System] -- -- (MpKsl34c65712)
DRV - File not found [Kernel | System] -- -- (MpKsl2f79ec46)
DRV - File not found [Kernel | System] -- -- (MpKsl268d2eb5)
DRV - File not found [Kernel | System] -- -- (MpKsl214cb8db)
DRV - File not found [Kernel | System] -- -- (MpKsl1b09874e)
DRV - File not found [Kernel | System] -- -- (MpKsl19460703)
DRV - File not found [Kernel | System] -- -- (MpKsl180334c8)
DRV - File not found [Kernel | System] -- -- (MpKsl0b39a801)
DRV - File not found [Kernel | System] -- -- (MpKsl08b17d62)
DRV - File not found [Kernel | System] -- -- (MpKsl080d91c3)
IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Compaq_Administrator_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Compaq_Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\MCX1_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\MCX2_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] File not found
O4 - HKLM..\Run: [dplaysvr] File not found
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O20 - Winlogon\Notify\4524b46f665: DllName - C:\WINDOWS\System32\iassam32.dll - File not found
O37 - HKU\.DEFAULT\...exe [@ = 2ND] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\lrm.exe" -a "%1" %*
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[2012/01/11 21:53:54 | 000,016,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\3283598863
[2012/01/11 21:53:54 | 000,016,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3283598863
[2012/01/11 21:42:23 | 000,016,054 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\2520970206
[2012/01/11 21:42:23 | 000,016,054 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2520970206
[2012/01/11 21:40:12 | 000,016,050 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\job0c0r2vnmw
[2012/01/11 21:39:25 | 000,016,066 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\job0c0r2vnmw
[2012/01/11 21:39:25 | 000,016,066 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
[2012/01/11 18:18:45 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\19792079
[2012/01/09 15:25:28 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ygn.exe


:Services

:Reg

:Files
C:\WINDOWS\System32\iassam32.dll

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Attempt to reboot normally into Windows.
 
No problem :) ; The OTLPE log after running fix, per request:


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Ndivlalrap deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslfd41a1de deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslf44bdeca deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslf17702ef deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslf06a5a36 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsled48b2cf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslec7bcfd1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsleaa03da0 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsld8e9c183 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsld26b5491 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsld064a60a deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslbb5eee62 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslb328e011 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslb2a8f3f3 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslb28a2cd0 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKslafaf278f deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsla01872c0 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl9604c01b deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl95c71598 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl751c4189 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl749becf3 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl72aa0583 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl6e352968 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl674f1bc2 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl56e781d5 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl5669459f deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl532d3ef8 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl4aa3d98a deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl3e7448ea deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl38db8e0c deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl34c65712 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl2f79ec46 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl268d2eb5 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl214cb8db deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl1b09874e deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl19460703 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl180334c8 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl0b39a801 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl08b17d62 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpKsl080d91c3 deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\MCX1_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\MCX2_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ccApp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\4524b46f665\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\2ND\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\aekoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\cekoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\dekoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\eekoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\gdhoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\hdhoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\kdhoaaa.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\mceoaaa.tmp deleted successfully.
C:\WINDOWS\System32\151.tmp deleted successfully.
C:\WINDOWS\System32\1958.tmp deleted successfully.
C:\WINDOWS\System32\1B7E.tmp deleted successfully.
C:\WINDOWS\System32\1E0.tmp deleted successfully.
C:\WINDOWS\System32\231A.tmp deleted successfully.
C:\WINDOWS\System32\338.tmp deleted successfully.
C:\WINDOWS\System32\4317.tmp deleted successfully.
C:\WINDOWS\System32\B80.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\D63.tmp deleted successfully.
C:\WINDOWS\System32\FF6.tmp deleted successfully.
C:\WINDOWS\System32\SET55.tmp deleted successfully.
C:\WINDOWS\System32\SET61.tmp deleted successfully.
C:\WINDOWS\System32\SET6A.tmp deleted successfully.
C:\WINDOWS\System32\SET6B.tmp deleted successfully.
C:\WINDOWS\System32\SET6C.tmp deleted successfully.
C:\WINDOWS\System32\SET6D.tmp deleted successfully.
C:\WINDOWS\System32\SET6F.tmp deleted successfully.
C:\WINDOWS\winA8.tmp deleted successfully.
C:\Documents and Settings\Compaq_Administrator\My Documents\~WRL2395.tmp deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\grzyepecbt.tmp deleted successfully.
C:\Documents and Settings\Compaq_Administrator\grzyepecbt.tmp deleted successfully.
C:\Documents and Settings\All Users\Documents\winA9.tmp deleted successfully.
C:\kleaner.tmp folder deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\3283598863 moved successfully.
C:\Documents and Settings\All Users\Application Data\3283598863 moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\2520970206 moved successfully.
C:\Documents and Settings\All Users\Application Data\2520970206 moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\job0c0r2vnmw moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\job0c0r2vnmw moved successfully.
C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw moved successfully.
C:\Documents and Settings\All Users\Documents\19792079 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\ygn.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\System32\iassam32.dll not found.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01122012_125824



Upon reboot: no desktop or taskbar, also still receiving Explorer crash dialog box.
 
Safe Mode works! Lol. However, the same crash error appeared for windows explorer. Cannot open new instance from task manager.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
After running ComboFix, i get a message stating I am infected with Rootkit.ZeroAccess, and that it has inserted itself into the tcp/ip stack. After a few minutes more, I get the error stating that it has detected a rootkit and must restart. ComboFix then restarts the computer. I run ComboFix again, and i get the same message about ZeroAccess, along with the same reboot message.
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller log, as per request.


13:53:37.0656 1512 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
13:53:37.0656 1512 ============================================================
13:53:37.0656 1512 Current date / time: 2012/01/12 13:53:37.0656
13:53:37.0656 1512 SystemInfo:
13:53:37.0656 1512
13:53:37.0656 1512 OS Version: 5.1.2600 ServicePack: 2.0
13:53:37.0656 1512 Product type: Workstation
13:53:37.0656 1512 ComputerName: YOUR-4DACD0EA75
13:53:37.0656 1512 UserName: Compaq_Administrator
13:53:37.0656 1512 Windows directory: C:\WINDOWS
13:53:37.0656 1512 System windows directory: C:\WINDOWS
13:53:37.0656 1512 Processor architecture: Intel x86
13:53:37.0656 1512 Number of processors: 2
13:53:37.0656 1512 Page size: 0x1000
13:53:37.0656 1512 Boot type: Safe boot
13:53:37.0656 1512 ============================================================
13:53:40.0671 1512 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000054
13:53:40.0703 1512 Drive \Device\Harddisk1\DR13 - Size: 0x7A3FFC00, SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:53:40.0906 1512 Initialize success
13:53:54.0937 1528 ============================================================
13:53:54.0937 1528 Scan started
13:53:54.0937 1528 Mode: Manual;
13:53:54.0937 1528 ============================================================
13:53:56.0156 1528 Abiosdsk - ok
13:53:56.0343 1528 abp480n5 - ok
13:53:56.0609 1528 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:53:56.0656 1528 ACPI - ok
13:53:56.0859 1528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:53:56.0859 1528 ACPIEC - ok
13:53:57.0031 1528 adpu160m - ok
13:53:57.0281 1528 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
13:53:57.0312 1528 aec - ok
13:53:57.0578 1528 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:53:57.0609 1528 AFD - ok
13:53:57.0781 1528 Aha154x - ok
13:53:57.0968 1528 aic78u2 - ok
13:53:58.0156 1528 aic78xx - ok
13:53:58.0359 1528 AliIde - ok
13:53:58.0687 1528 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:53:58.0703 1528 AmdK8 - ok
13:53:58.0875 1528 amsint - ok
13:53:59.0078 1528 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
13:53:59.0093 1528 aracpi - ok
13:53:59.0265 1528 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
13:53:59.0281 1528 arhidfltr - ok
13:53:59.0484 1528 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
13:53:59.0500 1528 arkbcfltr - ok
13:53:59.0687 1528 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
13:53:59.0687 1528 armoucfltr - ok
13:53:59.0921 1528 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:53:59.0921 1528 Arp1394 - ok
13:54:00.0125 1528 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
13:54:00.0125 1528 ARPolicy - ok
13:54:00.0312 1528 asc - ok
13:54:00.0500 1528 asc3350p - ok
13:54:00.0687 1528 asc3550 - ok
13:54:00.0937 1528 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:54:00.0953 1528 AsyncMac - ok
13:54:01.0140 1528 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:54:01.0140 1528 atapi - ok
13:54:01.0312 1528 Atdisk - ok
13:54:01.0531 1528 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:54:01.0546 1528 Atmarpc - ok
13:54:01.0734 1528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:54:01.0734 1528 audstub - ok
13:54:01.0953 1528 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
13:54:01.0953 1528 bb-run - ok
13:54:02.0156 1528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:54:02.0171 1528 Beep - ok
13:54:02.0562 1528 catchme - ok
13:54:02.0953 1528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:54:02.0953 1528 cbidf2k - ok
13:54:03.0187 1528 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:54:03.0187 1528 CCDECODE - ok
13:54:03.0359 1528 cd20xrnt - ok
13:54:03.0578 1528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:54:03.0578 1528 Cdaudio - ok
13:54:03.0796 1528 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:54:03.0812 1528 Cdfs - ok
13:54:04.0015 1528 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:54:04.0015 1528 Cdrom - ok
13:54:04.0187 1528 Changer - ok
13:54:04.0421 1528 CmdIde - ok
13:54:04.0640 1528 Cpqarray - ok
13:54:04.0828 1528 dac2w2k - ok
13:54:05.0015 1528 dac960nt - ok
13:54:05.0234 1528 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:54:05.0250 1528 Disk - ok
13:54:05.0656 1528 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:54:05.0859 1528 dmboot - ok
13:54:06.0093 1528 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:54:06.0125 1528 dmio - ok
13:54:06.0312 1528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:54:06.0312 1528 dmload - ok
13:54:06.0515 1528 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:54:06.0531 1528 DMusic - ok
13:54:06.0718 1528 dpti2o - ok
13:54:06.0937 1528 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:54:06.0937 1528 drmkaud - ok
13:54:07.0218 1528 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:54:07.0250 1528 Fastfat - ok
13:54:07.0484 1528 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
13:54:07.0500 1528 Fdc - ok
13:54:07.0703 1528 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:54:07.0718 1528 Fips - ok
13:54:07.0890 1528 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:54:07.0906 1528 Flpydisk - ok
13:54:08.0125 1528 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:54:08.0156 1528 FltMgr - ok
13:54:08.0343 1528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:54:08.0343 1528 Fs_Rec - ok
13:54:08.0578 1528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:54:08.0609 1528 Ftdisk - ok
13:54:08.0859 1528 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
13:54:08.0890 1528 ftsata2 - ok
13:54:09.0218 1528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:54:09.0218 1528 GEARAspiWDM - ok
13:54:09.0453 1528 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:54:09.0468 1528 Gpc - ok
13:54:09.0734 1528 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:54:09.0734 1528 HDAudBus - ok
13:54:10.0015 1528 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:54:10.0015 1528 HidUsb - ok
13:54:10.0187 1528 hpn - ok
13:54:10.0468 1528 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
13:54:10.0515 1528 HSXHWBS2 - ok
13:54:10.0937 1528 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
13:54:11.0156 1528 HSX_DP - ok
13:54:11.0406 1528 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
13:54:11.0468 1528 HTTP - ok
13:54:11.0640 1528 i2omgmt - ok
13:54:11.0828 1528 i2omp - ok
13:54:12.0062 1528 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:54:12.0078 1528 i8042prt - ok
13:54:12.0359 1528 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:54:12.0359 1528 Imapi - ok
13:54:12.0671 1528 ini910u - ok
13:54:13.0937 1528 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:54:15.0015 1528 IntcAzAudAddService - ok
13:54:15.0250 1528 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:54:15.0250 1528 IntelIde - ok
13:54:15.0421 1528 intelppm - ok
13:54:15.0625 1528 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:54:15.0640 1528 Ip6Fw - ok
13:54:15.0828 1528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:54:15.0843 1528 IpFilterDriver - ok
13:54:16.0031 1528 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:54:16.0031 1528 IpInIp - ok
13:54:16.0312 1528 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:54:16.0343 1528 IpNat - ok
13:54:16.0671 1528 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:54:16.0703 1528 IPSec - ok
13:54:16.0937 1528 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:54:16.0937 1528 IRENUM - ok
13:54:17.0156 1528 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:54:17.0171 1528 isapnp - ok
13:54:17.0406 1528 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:54:17.0421 1528 Kbdclass - ok
13:54:17.0671 1528 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
13:54:17.0718 1528 kmixer - ok
13:54:17.0921 1528 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
13:54:17.0953 1528 KSecDD - ok
13:54:18.0140 1528 lbrtfdc - ok
13:54:18.0406 1528 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:54:18.0406 1528 mdmxsdk - ok
13:54:18.0609 1528 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:54:18.0625 1528 MHNDRV - ok
13:54:18.0828 1528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:54:18.0828 1528 mnmdd - ok
13:54:19.0031 1528 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:54:19.0046 1528 Modem - ok
13:54:19.0234 1528 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:54:19.0234 1528 Mouclass - ok
13:54:19.0437 1528 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:54:19.0453 1528 MountMgr - ok
13:54:19.0703 1528 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:54:19.0734 1528 MpFilter - ok
13:54:19.0953 1528 MpKslf8912e4f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9157CFE9-F125-4DDF-A7A8-CAA5C09A95C2}\MpKslf8912e4f.sys
13:54:19.0968 1528 MpKslf8912e4f - ok
13:54:20.0281 1528 mraid35x - ok
13:54:20.0546 1528 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:54:20.0593 1528 MRxDAV - ok
13:54:20.0953 1528 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:54:21.0078 1528 MRxSmb - ok
13:54:21.0281 1528 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:54:21.0281 1528 Msfs - ok
13:54:21.0500 1528 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:54:21.0500 1528 MSKSSRV - ok
13:54:21.0718 1528 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:54:21.0734 1528 MSPCLOCK - ok
13:54:21.0937 1528 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:54:21.0937 1528 MSPQM - ok
13:54:22.0156 1528 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:54:22.0156 1528 mssmbios - ok
13:54:22.0359 1528 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:54:22.0375 1528 MSTEE - ok
13:54:22.0578 1528 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:54:22.0593 1528 Mup - ok
13:54:22.0843 1528 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:54:22.0859 1528 NABTSFEC - ok
13:54:23.0109 1528 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:54:23.0140 1528 NDIS - ok
13:54:23.0359 1528 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
13:54:23.0375 1528 ndiscm - ok
13:54:23.0578 1528 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:54:23.0593 1528 NdisIP - ok
13:54:23.0796 1528 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:54:23.0796 1528 NdisTapi - ok
13:54:24.0015 1528 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:54:24.0015 1528 Ndisuio - ok
13:54:24.0218 1528 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:54:24.0234 1528 NdisWan - ok
13:54:24.0437 1528 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:54:24.0437 1528 NDProxy - ok
13:54:24.0625 1528 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:54:24.0640 1528 NetBIOS - ok
13:54:24.0906 1528 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:54:24.0953 1528 NetBT - ok
13:54:25.0218 1528 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:54:25.0234 1528 NIC1394 - ok
13:54:25.0546 1528 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:54:25.0562 1528 Npfs - ok
13:54:25.0906 1528 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
13:54:26.0031 1528 Ntfs - ok
13:54:26.0265 1528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:54:26.0265 1528 Null - ok
13:54:27.0312 1528 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:54:28.0156 1528 nv - ok
13:54:28.0390 1528 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:54:28.0390 1528 NVENETFD - ok
13:54:28.0578 1528 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:54:28.0578 1528 nvnetbus - ok
13:54:28.0796 1528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:54:28.0812 1528 NwlnkFlt - ok
13:54:29.0000 1528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:54:29.0015 1528 NwlnkFwd - ok
13:54:29.0234 1528 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:54:29.0250 1528 ohci1394 - ok
13:54:29.0593 1528 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:54:29.0609 1528 Parport - ok
13:54:29.0843 1528 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:54:29.0843 1528 PartMgr - ok
13:54:30.0062 1528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:54:30.0078 1528 ParVdm - ok
13:54:30.0250 1528 PCASp50 - ok
13:54:30.0453 1528 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:54:30.0468 1528 PCI - ok
13:54:30.0640 1528 PCIDump - ok
13:54:30.0828 1528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:54:30.0828 1528 PCIIde - ok
13:54:31.0062 1528 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:54:31.0093 1528 Pcmcia - ok
13:54:31.0265 1528 PDCOMP - ok
13:54:31.0453 1528 PDFRAME - ok
13:54:31.0640 1528 PDRELI - ok
13:54:31.0812 1528 PDRFRAME - ok
13:54:32.0031 1528 perc2 - ok
13:54:32.0203 1528 perc2hib - ok
13:54:32.0468 1528 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\pmemnt.sys
13:54:32.0468 1528 PMEM - ok
13:54:32.0718 1528 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
13:54:32.0718 1528 pnarp - ok
13:54:32.0937 1528 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:54:32.0953 1528 PptpMiniport - ok
13:54:33.0140 1528 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
13:54:33.0156 1528 Processor - ok
13:54:33.0406 1528 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
13:54:33.0406 1528 Ps2 - ok
13:54:33.0609 1528 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:54:33.0625 1528 PSched - ok
13:54:33.0812 1528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:54:33.0828 1528 Ptilink - ok
13:54:34.0046 1528 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
13:54:34.0062 1528 purendis - ok
13:54:34.0265 1528 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:54:34.0281 1528 PxHelp20 - ok
13:54:34.0484 1528 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
13:54:34.0500 1528 QCDonner - ok
13:54:34.0671 1528 ql1080 - ok
13:54:34.0859 1528 Ql10wnt - ok
13:54:35.0031 1528 ql12160 - ok
13:54:35.0218 1528 ql1240 - ok
13:54:35.0406 1528 ql1280 - ok
13:54:35.0625 1528 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
13:54:35.0625 1528 QWAVEDRV - ok
13:54:35.0843 1528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:54:35.0843 1528 RasAcd - ok
13:54:36.0046 1528 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:54:36.0062 1528 Rasl2tp - ok
13:54:36.0265 1528 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:54:36.0281 1528 RasPppoe - ok
13:54:36.0453 1528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:54:36.0468 1528 Raspti - ok
13:54:36.0687 1528 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:54:36.0734 1528 Rdbss - ok
13:54:36.0937 1528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:54:36.0937 1528 RDPCDD - ok
13:54:37.0171 1528 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:54:37.0218 1528 rdpdr - ok
13:54:37.0453 1528 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
13:54:37.0500 1528 RDPWD - ok
13:54:37.0718 1528 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:54:37.0718 1528 redbook - ok
13:54:38.0046 1528 rkhdrv40 - ok
13:54:38.0296 1528 rt2870 - ok
13:54:38.0515 1528 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:54:38.0531 1528 rtl8139 - ok
13:54:38.0781 1528 Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:54:38.0781 1528 Secdrv - ok
13:54:39.0015 1528 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
13:54:39.0031 1528 Serial - ok
13:54:39.0250 1528 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:54:39.0265 1528 Sfloppy - ok
13:54:39.0468 1528 Simbad - ok
13:54:39.0687 1528 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:54:39.0687 1528 SLIP - ok
13:54:39.0906 1528 Sparrow - ok
13:54:40.0140 1528 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
13:54:40.0140 1528 splitter - ok
13:54:40.0375 1528 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:54:40.0390 1528 sr - ok
13:54:40.0718 1528 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
13:54:40.0828 1528 Srv - ok
13:54:41.0093 1528 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:54:41.0093 1528 streamip - ok
13:54:41.0296 1528 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:54:41.0312 1528 swenum - ok
13:54:41.0515 1528 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:54:41.0515 1528 swmidi - ok
13:54:41.0703 1528 symc810 - ok
13:54:41.0890 1528 symc8xx - ok
13:54:42.0062 1528 sym_hi - ok
13:54:42.0250 1528 sym_u3 - ok
13:54:42.0484 1528 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:54:42.0500 1528 sysaudio - ok
13:54:42.0875 1528 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:54:43.0015 1528 Tcpip - ok
13:54:43.0218 1528 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:54:43.0218 1528 TDPIPE - ok
13:54:43.0421 1528 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:54:43.0421 1528 TDTCP - ok
13:54:43.0734 1528 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:54:43.0750 1528 TermDD - ok
13:54:43.0953 1528 TosIde - ok
13:54:44.0203 1528 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:54:44.0218 1528 Udfs - ok
13:54:44.0390 1528 ultra - ok
13:54:44.0656 1528 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:54:44.0703 1528 Update - ok
13:54:44.0984 1528 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:54:45.0000 1528 USBAAPL - ok
13:54:45.0218 1528 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:54:45.0250 1528 usbccgp - ok
13:54:45.0468 1528 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:54:45.0484 1528 usbehci - ok
13:54:45.0671 1528 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:54:45.0687 1528 usbhub - ok
13:54:45.0890 1528 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:54:45.0890 1528 usbohci - ok
13:54:46.0125 1528 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:54:46.0140 1528 usbprint - ok
13:54:46.0375 1528 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:54:46.0390 1528 usbscan - ok
13:54:46.0578 1528 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:54:46.0593 1528 usbstor - ok
13:54:46.0781 1528 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:54:46.0781 1528 usbuhci - ok
13:54:47.0000 1528 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:54:47.0015 1528 VgaSave - ok
13:54:47.0203 1528 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:54:47.0203 1528 ViaIde - ok
13:54:47.0406 1528 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:54:47.0421 1528 VolSnap - ok
13:54:47.0640 1528 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:54:47.0640 1528 Wanarp - ok
13:54:47.0828 1528 WDICA - ok
13:54:48.0062 1528 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
13:54:48.0078 1528 wdmaud - ok
13:54:48.0484 1528 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:54:48.0640 1528 winachsx - ok
13:54:49.0093 1528 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:54:49.0109 1528 WpdUsb - ok
13:54:49.0312 1528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:54:49.0328 1528 WS2IFSL - ok
13:54:49.0546 1528 WsAudio_DeviceS(1) (a75dc063c9f0b787cce296c8ccad9c30) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
13:54:49.0562 1528 WsAudio_DeviceS(1) - ok
13:54:49.0843 1528 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:54:49.0843 1528 WSTCODEC - ok
13:54:50.0062 1528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:54:50.0078 1528 WudfPf - ok
13:54:50.0218 1528 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
13:54:50.0265 1528 \Device\Harddisk0\DR0 - ok
13:54:50.0281 1528 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR13
13:54:50.0281 1528 \Device\Harddisk1\DR13 - ok
13:54:50.0296 1528 Boot (0x1200) (298253ebc2550fa93b636108b22deb50) \Device\Harddisk0\DR0\Partition0
13:54:50.0296 1528 \Device\Harddisk0\DR0\Partition0 - ok
13:54:50.0312 1528 Boot (0x1200) (17d3f804b586f0c8c9c155eb51a8e814) \Device\Harddisk0\DR0\Partition1
13:54:50.0312 1528 \Device\Harddisk0\DR0\Partition1 - ok
13:54:50.0343 1528 Boot (0x1200) (315caf9e76d0ffab4d4f750cc51caf81) \Device\Harddisk1\DR13\Partition0
13:54:50.0343 1528 \Device\Harddisk1\DR13\Partition0 - ok
13:54:50.0343 1528 ============================================================
13:54:50.0343 1528 Scan finished
13:54:50.0343 1528 ============================================================
13:54:50.0375 1520 Detected object count: 0
13:54:50.0375 1520 Actual detected object count: 0
 
Let's try to uninstall/reinstall TCP/IP stack.

1. Download winsock.zip
Unzip it.
Right click on Winsock.reg, click "Merge".
Allow registry merge.

2. Restart computer.

3. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and try Combofix again.
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

==========================================================

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.
 
the aswMBR log:


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-12 14:18:33
-----------------------------
14:18:33.125 OS Version: Windows 5.1.2600 Service Pack 2
14:18:33.125 Number of processors: 2 586 0x4B02
14:18:33.125 ComputerName: YOUR-4DACD0EA75 UserName:
14:18:35.281 Initialize success
14:19:01.734 AVAST engine defs: 12011101
14:19:13.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:19:13.468 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
14:19:13.515 Disk 0 MBR read successfully
14:19:13.531 Disk 0 MBR scan
14:19:13.593 Disk 0 unknown MBR code
14:19:13.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229686 MB offset 63
14:19:13.656 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8778 MB offset 470413440
14:19:13.671 Disk 0 scanning sectors +488391120
14:19:13.750 Disk 0 scanning C:\WINDOWS\system32\drivers
14:19:31.765 Service scanning
14:19:39.218 Modules scanning
14:19:49.562 Disk 0 trace - called modules:
14:19:49.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
14:19:49.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86741958]
14:19:49.703 3 CLASSPNP.SYS[f780405b] -> nt!IofCallDriver -> \Device\00000077[0x86747968]
14:19:49.796 5 ACPI.sys[f775a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86746d98]
14:19:51.875 AVAST engine scan C:\WINDOWS
14:20:13.015 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:20:20.968 AVAST engine scan C:\WINDOWS\system32
14:24:52.000 AVAST engine scan C:\WINDOWS\system32\drivers
14:25:14.312 AVAST engine scan C:\Documents and Settings\Compaq_Administrator
15:11:46.468 AVAST engine scan C:\Documents and Settings\All Users
15:18:36.640 Scan finished successfully
15:20:55.296 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:20:55.343 The log file has been saved successfully to "F:\aswMBR.txt"


the bootkit remover log:


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 53b87386f68c4cb2306da5ba771dbe8b

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...



the listparts log:


ListParts by Farbar
Ran by Compaq_Administrator on 12-01-2012 at 15:25:09
Windows XP (X86)
Running From: F:\
************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%
Total physical RAM: 958.48 MB
Available physical RAM: 632.82 MB
Total Pagefile: 2314.66 MB
Available Pagefile: 2098.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.1 MB

======================= Partitions =========================

1 Drive c: (PRESARIO) (Fixed) (Total:224.3 GB) (Free:142.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.56 GB) (Free:0.61 GB) FAT32 ==>[Drive with boot components (Windows XP)]
4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.77 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 224 GB 32 KB
Partition 2 Primary 9 GB 224 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C PRESARIO NTFS Partition 224 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D PRESARIO_RP FAT32 Partition 9 GB Healthy


****** End Of Log ******
 
Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

fixboot

exit

Reboot computer.

Let me know if commands executed successfully.
 
You must log in or register to reply here.

Similar threads

D
Microsoft is adding a Copilot icon to Windows 11 taskbar, here's how to hide it
Replies
9
Views
293
erickmendes
erickmendes
midian182
Two of the world's first desktop PCs discovered during routine home cleaning
Replies
8
Views
1K
amghwk
amghwk
Shawn Knight
Microsoft Edge achieves record high desktop browser market share
2
Replies
25
Views
818
bitwarden
B

Latest posts

Back