Jump to content

Help Pls! "System Message - Write Fault Error"


Recommended Posts

So earlier this evening, I had a million pop ups appear on my screen saying "System Message - Write Fault Error". Everything - folders, etc disappeared. Since I could access the internet, I researched this problem and came across this site - I saw that another member had a similar problem, so I began following some of the steps to try to restore my computer.

I was able to download and run "rkill", then I ran mbam.exe. I ran Malwarebytes 3 times because everytime there was something else wrong with the computer.

Right now, the current stage of my computer is - I was able to unhide all my folders however, I cannot run dds.com or dds.scr or ComboFix because it will download the programs for me, and they will startup and run for a few minutes but then the entire computer freezes. I have even tried renaming ComboFix, uninstalling and reinstalling, working in safe mode with both dds and ComboFix, but nothing helps. With ComboFix, my computer will run until the part where it is scanning for infected files and then it freezes. I also uninstalled mbam, and reinstalled ComboFix to see if that would work, but it didn't.

Below are the 3 reports from mbam.

Report 1

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.10.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Compaq_Administrator :: FAMILY [administrator]

10/11/2012 1:41:41 PM

mbam-log-2012-11-10 (13-41-41).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 339817

Time elapsed: 37 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 97

HKLM\SYSTEM\CurrentControlSet\Services\FilmFanaticService (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilmFanaticbar Uninstall (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{796B75F6-6187-47E2-8F1F-C16E059E6E19} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{07d09e63-294f-4aa3-ab44-e61331aec6a3} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{e9594c59-aa17-4e5b-b9a5-3b4b023b9a2e} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{12659bab-1b90-4fbb-97cf-db2d3475dc38} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.ScriptButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.ScriptButton (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{1da22a28-324d-4dd4-b2dc-66a3cebf447f} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{3e5b610b-f82d-42fd-aa36-10b0c103bdd5} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{2f38d624-ac5d-4096-88cc-a58d2ac806e1} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{95c0d70c-e5ed-4618-aecc-e11066f86960} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F38D624-AC5D-4096-88CC-A58D2AC806E1} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.HTMLMenu (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{3e9be71d-a3fa-4224-ab29-2602acd577ff} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{83afb8a1-dfd5-4103-b5f7-52f2f114d188} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.HTMLPanel (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{4c2743f0-a2e2-41a0-9e65-798943109f42} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{80154db4-dc3d-41d7-a5da-3b63549377a4} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.SettingsPlugin (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{5ce76f81-af51-4aad-8d83-5a28e163530e} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{9f5fedb2-90bb-43e9-becd-69758c60b00a} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{9AC684A9-83A0-4A6D-AB4C-2B00AF57E93B} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.RadioSettings.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.RadioSettings (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{7f4a94dc-2191-4ee3-9f0b-c8a12199d22c} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{93fc722b-ab04-4ce2-b1a5-5b6889a72830} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{335fdf69-47e2-4099-8b85-f743014942c5} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{9549f17f-105d-4802-96cb-6113acc2cb53} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{864d5a22-9c34-48f6-9385-2e1eaf5f8c33} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.FeedManager.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.FeedManager (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{99b340f7-76e0-44ab-9948-b95a1b475d39} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99B340F7-76E0-44AB-9948-B95A1B475D39} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{a876a1c1-d9f6-4562-8dbc-d98b61b3f281} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{bf893c5b-8433-4209-8beb-6584510fe686} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{329CCEB3-D542-4D26-A948-649ABA3D4071} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{af51acfa-1320-4087-a9f8-0ace3f2bd0c8} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.Radio.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.Radio (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{bde564f7-15c9-4c39-a5ba-6ad66a289997} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.MultipleButton (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{dbb38792-eda6-4557-999b-1974290253a9} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.DynamicBarButton (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{edec5cdc-b714-4b45-9b66-c370451a74f9} (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FilmFanatic.UrlAlertButton (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{efbf47aa-3c29-4c00-9225-6001e6a0b1ac} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{1eacd8b0-9bba-4197-9e72-7d26347d5c7c} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{E083908B-BD7D-414D-A96B-5D3345593181} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\MozillaPlugins\@FilmFanatic.com/Plugin (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 10

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FilmFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FilmFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\FILMFA~2\bar\1.bin\pabrmon.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: ´´„ øŠO‘þJfod% -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{796B75F6-6187-47E2-8F1F-C16E059E6E19} (PUP.MyWebSearch) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (PUP.MyWebSearch) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (PUP.MyWebSearch) -> Data: -> No action taken.

HKLM\SOFTWARE\Mozilla\Firefox\Extensions|paffxtbr@FilmFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\FilmFanatic\bar\1.bin -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sLikgmxVxLSYT.exe (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\sLikgmxVxLSYT.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 2

C:\Program Files\FilmFanatic\bar\1.bin (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> No action taken.

Files Detected: 40

C:\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\padatact.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pascript.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\patpinst.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paskin.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pahtml.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paradio.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pamsg.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\padyn.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\padlghk.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\NPpaStub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pahighin.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paidle.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paieovr.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pamedint.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paPlugin.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paregfft.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\pareghk.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paregiet.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\paskplay.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> No action taken.

C:\Program Files\FilmFanatic\bar\1.bin\chrome\paffxtbr.jar (PUP.MyWebSearch) -> No action taken.

C:\Documents and Settings\All Users\Application Data\sLikgmxVxLSYT.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

Report 2

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.10.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Compaq_Administrator :: FAMILY [administrator]

10/11/2012 4:46:16 PM

mbam-log-2012-11-10 (16-46-16).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 341496

Time elapsed: 38 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 97

HKLM\SYSTEM\CurrentControlSet\Services\FilmFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilmFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{796B75F6-6187-47E2-8F1F-C16E059E6E19} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{07d09e63-294f-4aa3-ab44-e61331aec6a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{e9594c59-aa17-4e5b-b9a5-3b4b023b9a2e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{12659bab-1b90-4fbb-97cf-db2d3475dc38} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{1da22a28-324d-4dd4-b2dc-66a3cebf447f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{3e5b610b-f82d-42fd-aa36-10b0c103bdd5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{2f38d624-ac5d-4096-88cc-a58d2ac806e1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{95c0d70c-e5ed-4618-aecc-e11066f86960} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F38D624-AC5D-4096-88CC-A58D2AC806E1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37A2255C-D173-4B54-A455-13DE1DDA9F44} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{3e9be71d-a3fa-4224-ab29-2602acd577ff} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{83afb8a1-dfd5-4103-b5f7-52f2f114d188} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{4c2743f0-a2e2-41a0-9e65-798943109f42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{80154db4-dc3d-41d7-a5da-3b63549377a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C2743F0-A2E2-41A0-9E65-798943109F42} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{5ce76f81-af51-4aad-8d83-5a28e163530e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{9f5fedb2-90bb-43e9-becd-69758c60b00a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{9AC684A9-83A0-4A6D-AB4C-2B00AF57E93B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{7f4a94dc-2191-4ee3-9f0b-c8a12199d22c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{93fc722b-ab04-4ce2-b1a5-5b6889a72830} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{335fdf69-47e2-4099-8b85-f743014942c5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{9549f17f-105d-4802-96cb-6113acc2cb53} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{864d5a22-9c34-48f6-9385-2e1eaf5f8c33} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{99b340f7-76e0-44ab-9948-b95a1b475d39} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99B340F7-76E0-44AB-9948-B95A1B475D39} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{a876a1c1-d9f6-4562-8dbc-d98b61b3f281} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{bf893c5b-8433-4209-8beb-6584510fe686} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{329CCEB3-D542-4D26-A948-649ABA3D4071} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{af51acfa-1320-4087-a9f8-0ace3f2bd0c8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{bde564f7-15c9-4c39-a5ba-6ad66a289997} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{dbb38792-eda6-4557-999b-1974290253a9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{edec5cdc-b714-4b45-9b66-c370451a74f9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FilmFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{efbf47aa-3c29-4c00-9225-6001e6a0b1ac} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{1eacd8b0-9bba-4197-9e72-7d26347d5c7c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{E083908B-BD7D-414D-A96B-5D3345593181} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MozillaPlugins\@FilmFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 9

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FilmFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FilmFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\FILMFA~2\bar\1.bin\pabrmon.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: ´´„ øŠO‘þJfod% -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{796B75F6-6187-47E2-8F1F-C16E059E6E19} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{796b75f6-6187-47e2-8f1f-c16e059e6e19} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Mozilla\Firefox\Extensions|paffxtbr@FilmFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\FilmFanatic\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 2

C:\Program Files\FilmFanatic\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 40

C:\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\padatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pascript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\patpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pahtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pamsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\padyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\padlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\NPpaStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pahighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pamedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\pareghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\paskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0115836.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FilmFanatic\bar\1.bin\chrome\paffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

Report 3

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.10.10

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Compaq_Administrator :: FAMILY [administrator]

10/11/2012 7:22:45 PM

mbam-log-2012-11-10 (19-22-45).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 326196

Time elapsed: 40 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 33

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119857.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119858.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119859.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119860.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119861.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119862.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119863.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119864.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119865.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119866.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119867.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119868.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119869.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119870.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119871.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119872.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119873.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119874.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119875.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119876.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119877.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119878.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119879.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119880.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119881.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119882.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119883.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119884.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119885.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119886.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119887.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119888.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0119889.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

Forgot to mention above, that I do not have a recovery CD. Thanks in advance for your help and pls be a bit patient if i do not respond immediately as I have two babies at home to run after (thank goodness they're sleeping now so that mom has time to get this computer fixed :) )

Link to post
Share on other sites

You shouldn't be running ComboFix or following advice given to others, every situation is different!

http://www.bleepingc...opic273628.html

~~~~~~~~~~~~~~~~~~~~~~~~~~

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

Good morning Mr.Charlie - thank you for taking your time to help me out.

Below is the report from RogueKiller

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Compaq_Administrator [Admin rights]

Mode : Scan -- Date : 11/11/2012 10:27:11

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 15 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\53826831 (C:\WINDOWS\system32\DRIVERS\53826831.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\53826831 (C:\WINDOWS\system32\DRIVERS\53826831.sys) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200827AS +++++

--- User ---

[MBR] 35795afe21d1ec594ce5538c0f115d30

[bSP] 05e3161cf4ce79602881f99911e8893d : Toshiba tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 182370 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 373511250 | Size: 8401 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 390716865 | Size: 2 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11112012_02d1027.txt >>

RKreport[1]_S_11112012_02d1027.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\53826831 (C:\WINDOWS\system32\DRIVERS\53826831.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\53826831 (C:\WINDOWS\system32\DRIVERS\53826831.sys) -> FOUND

Now click Delete on the right hand column under Options

Delete this file if found:

C:\WINDOWS\system32\DRIVERS\53826831.sys

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then............

Please create a new system restore point before running Malwarebytes Anti-Malware.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

MrC

Link to post
Share on other sites

Unhide worked.

There were two mbar logs and one system log:

Mbar log 1:

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.11.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Compaq_Administrator :: FAMILY [administrator]

11/11/2012 1:55:23 PM

mbar-log-2012-11-11 (13-55-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27609

Time elapsed: 15 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_2_390716865_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. [c8e4e0e785cb2b3c3f77ca4fee92a844]

(end)

Mbar Log 2:

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.11.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Compaq_Administrator :: FAMILY [administrator]

11/11/2012 2:17:23 PM

mbar-log-2012-11-11 (14-17-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27604

Time elapsed: 15 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

System Log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.204000 GHz

Memory total: 1005043712, free: 315424768

------------ Kernel report ------------

11/11/2012 13:38:44

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

viaide.sys

intelide.sys

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

iaStor.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

mfehidk.sys

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\AmdK8.sys

\SystemRoot\system32\DRIVERS\aracpi.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\NVNRM.SYS

\SystemRoot\system32\DRIVERS\NVSNPU.SYS

\SystemRoot\system32\DRIVERS\arpolicy.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\mfendisk.sys

\SystemRoot\system32\DRIVERS\HssDrv.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\tapvpn.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\NVENETFD.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\MOBK.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\drivers\mfetdi2k.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\arhidfltr.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\armoucfltr.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\arkbcfltr.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\mfebopk.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR7

Upper Device Object: 0xffffffff84f4eab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xffffffff855e96f0

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR6

Upper Device Object: 0xffffffff84f48ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008c\

Lower Device Object: 0xffffffff85656888

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR5

Upper Device Object: 0xffffffff84f51ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008b\

Lower Device Object: 0xffffffff853d6d08

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR4

Upper Device Object: 0xffffffff84f49ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008a\

Lower Device Object: 0xffffffff8555b888

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff86310ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\

Lower Device Object: 0xffffffff8636f940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.11.04

Downloaded database version: v2012.11.09.02

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff86310ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86271900, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff86310ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86301f18, DeviceName: \Device\0000007a\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8636f940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe3eee420, 0xffffffff86310ab8, 0xffffffff847eaab8

Lower DeviceData: 0xffffffffe3b7c528, 0xffffffff8636f940, 0xffffffff84d88530

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CAB10BEE

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 373495122

Partition file system is NTFS

Partition is bootable

Partition 1 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 373511250 Numsec = 17205615

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 390716865 Numsec = 5087

Partition is not bootable

Infected: VBR on Hidden (not active) partition --> [Rootkit.Alureon.F.VBR]

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff84f49ab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff853771c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff84f49ab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8555b888, DeviceName: \Device\0000008a\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff84f51ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff84f579d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff84f51ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff853d6d08, DeviceName: \Device\0000008b\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff84f48ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85227750, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff84f48ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85656888, DeviceName: \Device\0000008c\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff84f4eab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85212750, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff84f4eab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff855e96f0, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\

------------ End ----------

Done!

Performing system, memory and registry scan...

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occured

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.204000 GHz

Memory total: 1005043712, free: 757428224

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.204000 GHz

Memory total: 1005043712, free: 466677760

------------ Kernel report ------------

11/11/2012 14:00:47

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

viaide.sys

intelide.sys

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

iaStor.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

mfehidk.sys

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\AmdK8.sys

\SystemRoot\system32\DRIVERS\aracpi.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\NVNRM.SYS

\SystemRoot\system32\DRIVERS\NVSNPU.SYS

\SystemRoot\system32\DRIVERS\arpolicy.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\mfendisk.sys

\SystemRoot\system32\DRIVERS\HssDrv.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\tapvpn.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\NVENETFD.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\MOBK.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\drivers\mfetdi2k.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\arhidfltr.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\armoucfltr.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\arkbcfltr.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\mfebopk.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR7

Upper Device Object: 0xffffffff859f9030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xffffffff8536ed08

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR6

Upper Device Object: 0xffffffff84f2fab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008c\

Lower Device Object: 0xffffffff8538fd08

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR5

Upper Device Object: 0xffffffff85a13030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008b\

Lower Device Object: 0xffffffff85582888

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR4

Upper Device Object: 0xffffffff85a35ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008a\

Lower Device Object: 0xffffffff853a3c10

Lower Device Driver Name: \Driver\usbstor\

Driver name found: usbstor

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff86310ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\

Lower Device Object: 0xffffffff8636f940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.11.05

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff86310ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86271900, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff86310ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86301f18, DeviceName: \Device\0000007a\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8636f940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe3d2bb20, 0xffffffff86310ab8, 0xffffffff84a62ab8

Lower DeviceData: 0xffffffffe2fffe78, 0xffffffff8636f940, 0xffffffff84d189f0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CAB10BEE

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 373495122

Partition file system is NTFS

Partition is bootable

Partition 1 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 373511250 Numsec = 17205615

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 390716865 Numsec = 5087

Partition is not bootable

Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff85a35ab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff853a4020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff85a35ab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff853a3c10, DeviceName: \Device\0000008a\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff85a13030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff850c75c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff85a13030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85582888, DeviceName: \Device\0000008b\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff84f2fab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff84eb1be0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff84f2fab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8538fd08, DeviceName: \Device\0000008c\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff859f9030, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff84eb1568, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff859f9030, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8536ed08, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\

------------ End ----------

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

OK, we're not done yet......

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 15:24:48

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Compaq_Administrator - FAMILY

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Compaq_Administrator\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\searchplugins\my-web-search.xml

Folder Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3158970

Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Found : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\CT3158970

Folder Found : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}

Folder Found : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\Smartbar

Folder Found : C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong

Folder Found : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Conduit

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\incredibar

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Found : HKCU\Software\PriceGong

Key Found : HKCU\Software\SmartBar

Key Found : HKCU\Software\Web Assistant

Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3158970

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Found : HKLM\Software\Web Assistant

Key Found : HKU\S-1-5-21-2508204079-2058281606-279398985-1008\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\prefs.js

Found : user_pref("CT3158970.1000082.isPlayDisplay", "true");

Found : user_pref("CT3158970.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Found : user_pref("CT3158970.1000234.TWC_TMP_city", "BRAMPTON");

Found : user_pref("CT3158970.1000234.TWC_TMP_country", "CA");

Found : user_pref("CT3158970.1000234.TWC_locId", "CAXX0043");

Found : user_pref("CT3158970.1000234.TWC_location", "Brampton, Canada");

Found : user_pref("CT3158970.1000234.TWC_region", "OT");

Found : user_pref("CT3158970.1000234.TWC_temp_dis", "c");

Found : user_pref("CT3158970.1000234.TWC_wind_dis", "kmh");

Found : user_pref("CT3158970.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"23°C\",\"temperat[...]

Found : user_pref("CT3158970.129706602315201160.pid2", "2e0ea017329d4993");

Found : user_pref("CT3158970.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3158970.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3158970.FirstTime", "true");

Found : user_pref("CT3158970.FirstTimeFF3", "true");

Found : user_pref("CT3158970.UserID", "UN57640220572586321");

Found : user_pref("CT3158970.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3158970.autoDisableScopes", -1);

Found : user_pref("CT3158970.cb_experience_000", "35");

Found : user_pref("CT3158970.cb_firstuse0100", "1");

Found : user_pref("CT3158970.cbcountry_001", "CA");

Found : user_pref("CT3158970.cbfirsttime", "Tue Jul 31 2012 13:24:01 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT3158970.defaultSearch", "false");

Found : user_pref("CT3158970.embeddedsData", "[{\"appId\":\"129675591388832722\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3158970.enableAlerts", "always");

Found : user_pref("CT3158970.enableSearchFromAddressBar", "false");

Found : user_pref("CT3158970.firstTimeDialogOpened", "true");

Found : user_pref("CT3158970.fixPageNotFoundError", "false");

Found : user_pref("CT3158970.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3158970.fixUrls", true);

Found : user_pref("CT3158970.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]

Found : user_pref("CT3158970.installId", "ConduitNSISIntegration");

Found : user_pref("CT3158970.installType", "ConduitNSISIntegration");

Found : user_pref("CT3158970.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3158970.isNewTabEnabled", true);

Found : user_pref("CT3158970.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3158970.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3158970.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Found : user_pref("CT3158970.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3158970.openThankYouPage", "false");

Found : user_pref("CT3158970.openUninstallPage", "true");

Found : user_pref("CT3158970.search.searchAppId", "129675591388832722");

Found : user_pref("CT3158970.search.searchCount", "2");

Found : user_pref("CT3158970.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3158970.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3158970.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3158970.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3158970.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Found : user_pref("CT3158970.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345483316765");

Found : user_pref("CT3158970.serviceLayer_services_appTracking_lastUpdate", "1345483199068");

Found : user_pref("CT3158970.serviceLayer_services_appsMetadata_lastUpdate", "1345483197299");

Found : user_pref("CT3158970.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345483316644");

Found : user_pref("CT3158970.serviceLayer_services_login_10.10.20.14_lastUpdate", "1352494701428");

Found : user_pref("CT3158970.serviceLayer_services_optimizer_lastUpdate", "1343755434617");

Found : user_pref("CT3158970.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345483316711");

Found : user_pref("CT3158970.serviceLayer_services_searchAPI_lastUpdate", "1345483197380");

Found : user_pref("CT3158970.serviceLayer_services_serviceMap_lastUpdate", "1352494700401");

Found : user_pref("CT3158970.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345483316581");

Found : user_pref("CT3158970.serviceLayer_services_toolbarSettings_lastUpdate", "1352494701064");

Found : user_pref("CT3158970.serviceLayer_services_translation_lastUpdate", "1352494700528");

Found : user_pref("CT3158970.settingsINI", true);

Found : user_pref("CT3158970.shouldFirstTimeDialog", "false");

Found : user_pref("CT3158970.smartbar.CTID", "CT3158970");

Found : user_pref("CT3158970.smartbar.Uninstall", "0");

Found : user_pref("CT3158970.smartbar.isHidden", true);

Found : user_pref("CT3158970.smartbar.toolbarName", "Incredibar-Games EN ");

Found : user_pref("CT3158970.startPage", "userChanged");

Found : user_pref("CT3158970.toolbarBornServerTime", "31-7-2012");

Found : user_pref("CT3158970.toolbarCurrentServerTime", "9-11-2012");

Found : user_pref("CT3158970.url_history0001", "hxxp://www.disneyjunior.ca/en/games:::clickhandler:::1352325[...]

Found : user_pref("browser.search.defaultenginename", "My Web Search");

Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://ca.search.yahoo.com/search?fr=mcafee&p=");

Found : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Found : user_pref("extensions.toolbar.mindspark._paMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F10CF0F9[...]

Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10891 octets] - [11/11/2012 15:24:48]

########## EOF - C:\AdwCleaner[R1].txt - [10952 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 15:49:28

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Compaq_Administrator - FAMILY

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Compaq_Administrator\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\searchplugins\my-web-search.xml

Folder Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3158970

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\CT3158970

Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}

Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\Smartbar

Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Web Assistant

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\incredibar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Web Assistant

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3158970

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\Software\Web Assistant

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\prefs.js

C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\user.js ... Deleted !

Deleted : user_pref("CT3158970.1000082.isPlayDisplay", "true");

Deleted : user_pref("CT3158970.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT3158970.1000234.TWC_TMP_city", "BRAMPTON");

Deleted : user_pref("CT3158970.1000234.TWC_TMP_country", "CA");

Deleted : user_pref("CT3158970.1000234.TWC_locId", "CAXX0043");

Deleted : user_pref("CT3158970.1000234.TWC_location", "Brampton, Canada");

Deleted : user_pref("CT3158970.1000234.TWC_region", "OT");

Deleted : user_pref("CT3158970.1000234.TWC_temp_dis", "c");

Deleted : user_pref("CT3158970.1000234.TWC_wind_dis", "kmh");

Deleted : user_pref("CT3158970.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"23°C\",\"temperat[...]

Deleted : user_pref("CT3158970.129706602315201160.pid2", "2e0ea017329d4993");

Deleted : user_pref("CT3158970.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3158970.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3158970.FirstTime", "true");

Deleted : user_pref("CT3158970.FirstTimeFF3", "true");

Deleted : user_pref("CT3158970.UserID", "UN57640220572586321");

Deleted : user_pref("CT3158970.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3158970.autoDisableScopes", -1);

Deleted : user_pref("CT3158970.cb_experience_000", "35");

Deleted : user_pref("CT3158970.cb_firstuse0100", "1");

Deleted : user_pref("CT3158970.cbcountry_001", "CA");

Deleted : user_pref("CT3158970.cbfirsttime", "Tue Jul 31 2012 13:24:01 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT3158970.defaultSearch", "false");

Deleted : user_pref("CT3158970.embeddedsData", "[{\"appId\":\"129675591388832722\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3158970.enableAlerts", "always");

Deleted : user_pref("CT3158970.enableSearchFromAddressBar", "false");

Deleted : user_pref("CT3158970.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3158970.fixPageNotFoundError", "false");

Deleted : user_pref("CT3158970.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3158970.fixUrls", true);

Deleted : user_pref("CT3158970.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]

Deleted : user_pref("CT3158970.installId", "ConduitNSISIntegration");

Deleted : user_pref("CT3158970.installType", "ConduitNSISIntegration");

Deleted : user_pref("CT3158970.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3158970.isNewTabEnabled", true);

Deleted : user_pref("CT3158970.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3158970.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3158970.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Deleted : user_pref("CT3158970.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3158970.openThankYouPage", "false");

Deleted : user_pref("CT3158970.openUninstallPage", "true");

Deleted : user_pref("CT3158970.search.searchAppId", "129675591388832722");

Deleted : user_pref("CT3158970.search.searchCount", "2");

Deleted : user_pref("CT3158970.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3158970.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3158970.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3158970.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3158970.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3158970.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT3158970.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345483316765");

Deleted : user_pref("CT3158970.serviceLayer_services_appTracking_lastUpdate", "1345483199068");

Deleted : user_pref("CT3158970.serviceLayer_services_appsMetadata_lastUpdate", "1345483197299");

Deleted : user_pref("CT3158970.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345483316644");

Deleted : user_pref("CT3158970.serviceLayer_services_login_10.10.20.14_lastUpdate", "1352494701428");

Deleted : user_pref("CT3158970.serviceLayer_services_optimizer_lastUpdate", "1343755434617");

Deleted : user_pref("CT3158970.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345483316711");

Deleted : user_pref("CT3158970.serviceLayer_services_searchAPI_lastUpdate", "1345483197380");

Deleted : user_pref("CT3158970.serviceLayer_services_serviceMap_lastUpdate", "1352494700401");

Deleted : user_pref("CT3158970.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345483316581");

Deleted : user_pref("CT3158970.serviceLayer_services_toolbarSettings_lastUpdate", "1352494701064");

Deleted : user_pref("CT3158970.serviceLayer_services_translation_lastUpdate", "1352494700528");

Deleted : user_pref("CT3158970.settingsINI", true);

Deleted : user_pref("CT3158970.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3158970.smartbar.CTID", "CT3158970");

Deleted : user_pref("CT3158970.smartbar.Uninstall", "0");

Deleted : user_pref("CT3158970.smartbar.isHidden", true);

Deleted : user_pref("CT3158970.smartbar.toolbarName", "Incredibar-Games EN ");

Deleted : user_pref("CT3158970.startPage", "userChanged");

Deleted : user_pref("CT3158970.toolbarBornServerTime", "31-7-2012");

Deleted : user_pref("CT3158970.toolbarCurrentServerTime", "9-11-2012");

Deleted : user_pref("CT3158970.url_history0001", "hxxp://www.disneyjunior.ca/en/games:::clickhandler:::1352325[...]

Deleted : user_pref("browser.search.defaultenginename", "My Web Search");

Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://ca.search.yahoo.com/search?fr=mcafee&p=");

Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F10CF0F9[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11022 octets] - [11/11/2012 15:24:48]

AdwCleaner[s1].txt - [11181 octets] - [11/11/2012 15:49:28]

########## EOF - C:\AdwCleaner[s1].txt - [11242 octets] ##########

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 30

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox (16.0.2)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 22.0.1229.96

Google Chrome 23.0.1271.64

````````Process Check: objlist.exe by Laurent````````

McAfee Online Backup MOBKbackup.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 4%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 30 <--uninstalll from add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Adobe Reader 8 Adobe Reader out of Date! <---please check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Nothing else - when I went to uninstall Java, it told me that my virtual memory was low - it cancelled the procedure and i rebooted my computer and tried to uninstall Java again and it worked. Then I updated adobe. After that, I opened IE to log onto this forum, and thats when I saw how slowly it was loading.

Honestly, this is a hand-me down comp i got from my younger brother - it has quite a lot of progs on it which I don't use - would u suggest I uninstall these progs and defrag the comp?

Link to post
Share on other sites

Lets take a look.............

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 11/11/2012 6:09:11 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 431.45 Mb Available Physical Memory | 45.01% Memory free

2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.35% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 178.10 Gb Total Space | 123.00 Gb Free Space | 69.07% Space Free | Partition Type: NTFS

Drive D: | 8.19 Gb Total Space | 0.55 Gb Free Space | 6.67% Space Free | Partition Type: FAT32

Computer Name: FAMILY | User Name: Compaq_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/11 18:08:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

PRC - [2012/11/11 17:17:05 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/10/11 10:22:37 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe

PRC - [2011/03/13 10:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2011/03/13 10:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

PRC - [2011/03/13 10:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe

PRC - [2009/01/27 17:48:54 | 000,088,024 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe

PRC - [2009/01/27 14:15:00 | 000,093,656 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/04/13 02:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2007/04/03 11:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2006/05/25 14:35:02 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

PRC - [2006/03/16 04:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe

PRC - [2006/03/16 04:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe

PRC - [2006/03/16 04:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe

PRC - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 02:06:36 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c770b7c6\system.drawing.dll

MOD - [2012/06/14 02:06:24 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b74e4c40\system.windows.forms.dll

MOD - [2012/06/14 02:05:59 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

MOD - [2012/01/04 03:03:34 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3dedb53f\mscorlib.dll

MOD - [2012/01/04 03:03:22 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_dc11017c\system.xml.dll

MOD - [2012/01/04 03:03:04 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b1436aac\system.dll

MOD - [2012/01/04 03:02:45 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

MOD - [2012/01/04 03:02:44 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll

MOD - [2012/01/04 03:02:41 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/04/13 20:11:16 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll

MOD - [2009/01/27 17:48:54 | 000,088,024 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe

MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/01/22 18:45:18 | 000,310,616 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libssl32.dll

MOD - [2008/01/22 18:45:16 | 001,527,751 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libeay32.dll

MOD - [2007/04/13 02:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2006/05/25 14:35:00 | 000,151,589 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\bwfiles.dll

MOD - [2006/05/25 14:35:00 | 000,098,339 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\FrExt.dll

MOD - [2006/05/25 14:35:00 | 000,061,496 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\clntutil.dll

MOD - [2006/05/25 13:51:38 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

MOD - [2006/05/25 13:51:36 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll

MOD - [2006/05/25 13:51:36 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll

MOD - [2006/05/25 13:51:36 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll

MOD - [2006/01/24 21:15:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

MOD - [2005/12/15 15:33:48 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\Program\HPClientExt.dll

MOD - [2005/08/03 01:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\pev.3XE EXEC /i C:\ComboFix\HIDEC.3XE C:\ComboFix\SWREG.3XE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q -- (PEVSystemStart)

SRV - [2012/11/11 17:17:05 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/11/09 15:55:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/10/11 10:23:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/03/13 10:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2011/03/13 10:41:50 | 000,159,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011/03/13 10:41:36 | 000,165,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2009/01/27 17:48:54 | 000,088,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)

SRV - [2009/01/27 14:15:00 | 000,093,656 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)

SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2007/04/13 02:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2011/03/13 10:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/03/13 10:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/03/13 10:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/03/13 10:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/03/13 10:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011/03/13 10:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/03/13 10:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011/03/13 10:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011/03/13 10:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011/03/13 10:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)

DRV - [2009/01/27 14:14:20 | 000,031,192 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)

DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)

DRV - [2006/03/08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/01/25 18:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm039YYca&ptnrS=Z1xdm039YYca&si=CJq1zKD9ma4CFQUUKgods1ZmMQ&ptb=39AEFD3D-28F4-40A3-9E30-1124D51FE0A0&psa=&ind=2012021222&st=sb&n=77ed01e6&searchfor={searchTerms}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\SearchScopes,DefaultScope = {DCB14DC7-9D56-4088-A5FD-33CC8408FA49}

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm039YYca&ptnrS=Z1xdm039YYca&si=CJq1zKD9ma4CFQUUKgods1ZmMQ&ptb=39AEFD3D-28F4-40A3-9E30-1124D51FE0A0&psa=&ind=2012021222&st=sb&n=77ed01e6&searchfor={searchTerms}

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\SearchScopes\{8B607505-22CF-4F5F-A0AF-71EE3EDFB48F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPIC_en

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\SearchScopes\{DCB14DC7-9D56-4088-A5FD-33CC8408FA49}: "URL" = http://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.yahoo.ca"

FF - prefs.js..extensions.enabledAddons: ctrl-tab@design-noir.de:0.21.1

FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071101000055

FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.459

FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15

FF - prefs.js..extensions.enabledAddons: 64ffxtbr@TelevisionFanatic.com:2.50.0.59583

FF - prefs.js..extensions.enabledAddons: paffxtbr@FilmFanatic.com:2.50.0.59177

FF - prefs.js..extensions.enabledAddons: {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}:10.10.20.14

FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.99

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: paffxtbr@FilmFanatic.com:1.9.0.23233

FF - prefs.js..extensions.enabledItems: 64ffxtbr@TelevisionFanatic.com:1.9.0.23371

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/11 10:23:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/09 15:55:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/11 17:22:09 | 000,000,000 | ---D | M]

[2009/07/03 17:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions

[2009/07/03 17:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2012/11/11 15:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions

[2012/01/31 11:51:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/10/16 16:10:08 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}

[2012/11/09 15:55:59 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\64ffxtbr@TelevisionFanatic.com

[2012/01/31 11:51:30 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\ctrl-tab@design-noir.de

[2008/12/01 22:44:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\moveplayer@movenetworks.com

[2012/11/09 15:56:01 | 000,000,000 | ---D | M] (FilmFanatic) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\paffxtbr@FilmFanatic.com

[2012/10/23 09:05:09 | 000,377,191 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

[2008/10/16 16:10:05 | 001,304,961 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5j40cc66.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\tmp.xpi

[2012/05/23 08:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5J40CC66.DEFAULT\EXTENSIONS\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}

File not found (No name found) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

[2012/11/09 15:55:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2012/10/11 10:22:54 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2012/10/21 12:58:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/04/03 18:19:45 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/11/09 15:55:28 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2010/09/22 16:21:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110615213747.dll File not found

O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)

O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008..\Run: [update Manager] C:\Program Files\Rogers\Update Manager\UpdateManager.exe (Rogers Cable Communications Inc. )

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2508204079-2058281606-279398985-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29796308-78B6-4EEF-BA32-910CFFDA0CFE}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 18:08:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

[2012/11/11 17:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Sun

[2012/11/11 17:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/11/10 23:51:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/11/10 19:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/10 19:20:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/11/10 19:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/10 15:36:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Administrative Tools

[2012/11/10 13:38:37 | 010,063,024 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam2.exe

[2012/11/10 13:34:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012/11/10 13:26:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent

[2012/10/31 12:31:22 | 000,137,568 | ---- | C] (Sony Corporation) -- C:\Program Files\PMBP_WIN.EXE

[2012/10/31 12:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\WINMODULE

[2012/10/31 12:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\PMBP_Mac.app

[2012/10/31 12:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\MACMODULE

[2011/07/28 15:25:04 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.WinSecurity.Run.exe

[2011/07/28 15:24:47 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.IEPerformance.Run.exe

[2011/07/28 15:24:38 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.IEAddon.Run.exe

[2011/07/28 15:23:01 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.wu.Run.exe

[2011/07/28 15:22:48 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.search.Run.exe

[2011/07/28 15:22:36 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.performance.Run.exe

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/11 18:08:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

[2012/11/11 17:40:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/11 17:36:13 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2012/11/11 17:31:49 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012/11/11 17:31:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/11 17:31:45 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2508204079-2058281606-279398985-1008.job

[2012/11/11 17:31:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/11 17:31:40 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/11 17:31:40 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/11/11 17:23:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/11 17:22:10 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2012/11/11 16:06:40 | 000,881,833 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe

[2012/11/11 15:24:07 | 000,541,569 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\adwcleaner.exe

[2012/11/11 13:36:53 | 012,961,620 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbar-1.01.0.1009.zip

[2012/11/11 11:24:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2508204079-2058281606-279398985-1008.job

[2012/11/10 19:22:09 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/10 13:38:37 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam2.exe

[2012/11/10 12:48:26 | 000,443,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/11/10 12:48:26 | 000,072,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/10/31 12:44:20 | 000,164,416 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\ZbThumbnail.info

[2012/10/29 13:49:11 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/22 13:01:26 | 000,083,951 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Huggies Promo date.jpg

[2012/10/22 12:37:14 | 000,162,651 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SC-SDMhuggies.jpg

[2012/10/16 21:11:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 17:22:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2012/11/11 17:22:09 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2012/11/11 16:06:38 | 000,881,833 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe

[2012/11/11 15:24:06 | 000,541,569 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\adwcleaner.exe

[2012/11/11 13:36:46 | 012,961,620 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbar-1.01.0.1009.zip

[2012/11/11 13:33:01 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

[2012/11/11 13:33:01 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk

[2012/11/11 13:33:01 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk

[2012/11/11 13:33:01 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk

[2012/11/11 13:33:01 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk

[2012/11/11 13:33:01 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk

[2012/11/11 13:33:01 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk

[2012/11/11 13:33:01 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2012/11/11 13:33:01 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install WeatherBug.lnk

[2012/11/11 13:33:01 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk

[2012/11/11 13:33:01 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk

[2012/11/11 13:33:01 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk

[2012/11/11 13:33:01 | 000,001,012 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk

[2012/11/11 13:33:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/11/11 13:33:01 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2012/11/11 13:33:01 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\HP Music.url

[2012/11/11 13:33:00 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2012/11/11 13:33:00 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Play.lnk

[2012/11/11 10:19:32 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys

[2012/11/10 19:20:57 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/31 12:31:22 | 000,000,236 | R--- | C] () -- C:\Program Files\REGISTER.URL

[2012/10/31 12:31:22 | 000,000,103 | ---- | C] () -- C:\Program Files\AUTORUN.INF

[2012/10/31 12:31:22 | 000,000,074 | R--- | C] () -- C:\Program Files\PMBP.INI

[2012/10/22 13:02:24 | 000,083,951 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Huggies Promo date.jpg

[2012/10/22 12:37:39 | 000,162,651 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SC-SDMhuggies.jpg

[2012/05/12 12:10:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{433CB70B-10C2-4A89-BB88-61E6C2D9888C}

[2012/05/12 11:47:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{18900666-ECF0-4D81-A071-51747115AA57}

[2012/02/14 15:31:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/26 16:10:08 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\ZBWallpaper.bmp

[2011/11/25 20:12:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WebpageIcons.db

[2011/11/25 12:42:40 | 000,340,776 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\census.cache

[2011/11/25 12:42:17 | 000,212,570 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ars.cache

[2011/07/28 16:58:23 | 000,651,776 | ---- | C] () -- C:\Program Files\MicrosoftFixit50285.msi

[2010/09/23 00:01:09 | 000,007,266 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini

[2010/09/22 14:18:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\housecall.guid.cache

[2008/06/23 19:05:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc

[2008/01/06 18:34:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\$_hpcst$.hpc

[2007/11/21 22:36:47 | 000,003,998 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat

[2007/11/19 19:55:06 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/11/19 17:26:40 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/11/19 12:01:37 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/20 00:30:51 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2009/03/02 16:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2012/10/23 18:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2012/06/20 16:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation

[2009/06/21 10:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2012/04/23 13:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch

[2008/01/16 16:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2008/09/15 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos

[2012/07/31 12:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2008/12/09 19:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2011/11/01 13:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Canon

[2011/07/28 16:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ElevatedDiagnostics

[2012/08/08 12:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FilmFanatic

[2009/06/21 10:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GARMIN

[2009/03/05 15:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech

[2012/11/11 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire

[2007/11/19 19:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape

[2008/01/16 16:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst

[2012/08/08 12:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TelevisionFanatic

[2007/11/21 22:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template

[2012/10/29 19:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent

[2012/07/31 12:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WildTangent

[2007/12/05 22:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch

[2011/09/03 00:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WorksImaging

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/11/2012 6:09:11 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 431.45 Mb Available Physical Memory | 45.01% Memory free

2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.35% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 178.10 Gb Total Space | 123.00 Gb Free Space | 69.07% Space Free | Partition Type: NTFS

Drive D: | 8.19 Gb Total Space | 0.55 Gb Free Space | 6.67% Space Free | Partition Type: FAT32

Computer Name: FAMILY | User Name: Compaq_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1126:UDP" = 1126:UDP:*:Enabled:Windows Media Format SDK (IEXPLORE.EXE)

"1127:UDP" = 1127:UDP:*:Enabled:Windows Media Format SDK (IEXPLORE.EXE)

"1128:UDP" = 1128:UDP:*:Enabled:Windows Media Format SDK (IEXPLORE.EXE)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)

"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\5VCNQWZP\incredibar_install[1].exe" = C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\5VCNQWZP\incredibar_install[1].exe:*:Enabled:Incredibar Installer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series

"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig

"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3

"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config

"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}" = Black's Digital Solution Studio

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview

"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem

"AwayMode160" = Microsoft Away Mode

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANONIJPLM100" = PIXMA Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CSCLIB" = Canon Camera Support Core Library

"DISCover" = DISCover

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"EHome Devices" = Media Center Extender

"EOS Utility" = Canon Utilities EOS Utility

"EphPod" = EphPod

"HotspotShield" = Hotspot Shield 1.11

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Rhapsody" = HP Rhapsody

"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)

"ie8" = Windows Internet Explorer 8

"Install WeatherBug" = Remove WeatherBug Installer

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"LimeWire" = LimeWire 5.1.4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Money2006b" = Microsoft Money 2006

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MSC" = McAfee Internet Security

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NVIDIA Drivers" = NVIDIA Drivers

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 15.0" = RealPlayer

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Rhapsody" = Rhapsody

"Update Manager" = Update Manager (remove only)

"VLC media player" = VideoLAN VLC media player 0.8.6c

"WildTangent CDA" = WildTangent Web Driver

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows Mobile Device Handbook" = HTC Touch P3050 User Manual

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"YInstHelper" = Yahoo! Install Manager

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2508204079-2058281606-279398985-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 25/10/2012 7:49:30 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 25/10/2012 7:49:30 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 29/10/2012 8:14:15 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x12367e30.

Error - 08/11/2012 1:11:08 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000

Description = Faulting application winword.exe, version 9.0.0.2717, faulting module

winword.exe, version 9.0.0.2717, fault address 0x00530364.

Error - 10/11/2012 2:05:27 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0

Description =

Error - 10/11/2012 3:41:15 PM | Computer Name = FAMILY | Source = HotspotShieldService | ID = 0

Description =

Error - 10/11/2012 3:43:33 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0

Description =

Error - 10/11/2012 3:43:33 PM | Computer Name = FAMILY | Source = HotspotShieldService | ID = 0

Description =

Error - 10/11/2012 5:05:37 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 11/11/2012 6:06:57 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]

Error - 25/10/2012 7:49:30 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 25/10/2012 7:49:30 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 29/10/2012 8:14:15 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x12367e30.

Error - 08/11/2012 1:11:08 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000

Description = Faulting application winword.exe, version 9.0.0.2717, faulting module

winword.exe, version 9.0.0.2717, fault address 0x00530364.

Error - 10/11/2012 2:05:27 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0

Description =

Error - 10/11/2012 3:41:15 PM | Computer Name = FAMILY | Source = HotspotShieldService | ID = 0

Description =

Error - 10/11/2012 3:43:33 PM | Computer Name = FAMILY | Source = Media Center Scheduler | ID = 0

Description =

Error - 10/11/2012 3:43:33 PM | Computer Name = FAMILY | Source = HotspotShieldService | ID = 0

Description =

Error - 10/11/2012 5:05:37 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 11/11/2012 6:06:57 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 11/11/2012 5:24:23 PM | Computer Name = FAMILY | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll.

Reference

error message: The operation completed successfully. .

Error - 11/11/2012 6:25:45 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:25:48 PM | Computer Name = FAMILY | Source = Print | ID = 19

Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer

share name Printer2.

Error - 11/11/2012 6:25:51 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:32:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:32:04 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

[ System Events ]

Error - 11/11/2012 5:24:23 PM | Computer Name = FAMILY | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll.

Reference

error message: The operation completed successfully. .

Error - 11/11/2012 6:25:45 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:25:48 PM | Computer Name = FAMILY | Source = Print | ID = 19

Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer

share name Printer2.

Error - 11/11/2012 6:25:51 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:29:19 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {DDC6C82A-BCD6-480F-BAE7-9F406F687A53}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:32:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}.

The

error: "%193" Happened while starting this command: c:\PROGRA~1\mcafee\msc\mcmscsub.dll

-Embedding

Error - 11/11/2012 6:32:04 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

< End of report >

Link to post
Share on other sites

The system looks OK:

958.48 Mb Total Physical Memory | 431.45 Mb Available Physical Memory | 45.01% Memory free

2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.35% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

Drive C: | 178.10 Gb Total Space | 123.00 Gb Free Space | 69.07% Space Free | Partition Type: NTFS

~~~~~~~~~~~~~~~~~~~~~

Run Disk Clean-up as outlined in the link below:

http://www.theelderg...nup_utility.htm

~~~~~~~~~~~~~~~~~~~~~~~~~

Please do this:

Download HiJackThis to a folder:

http://www.trendmicr.../HijackThis.exe

Run HJT.exe

Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.

Copy and paste it into your post.

MrC

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:37:07 PM, on 11/11/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\HP\KBD\KBD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\ehome\RMSysTry.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110615213747.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate1ca2efaa19f53fb) (gupdate1ca2efaa19f53fb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 13107 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.