windows recovery, ms removal, xp home security

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

windows recovery, ms removal, xp home security3rd May 2011, 2:51 am

These are the 3 virus that keep on popping up on my computer. There may be more. Did the downloads to the best as my computer would allow from read before you post. Also tried to dowload the malwarebytes' anti-malware but every time I clicked on download it said internet explorer cannot display. The bottom is the stuff I copied from the OTL log. Thank you in advance for any help. If I have misspelled anything or don't make any sense I'm truly sorry, this is the third night trying to fix my computer and brain is fried! Also I think I will have to do a second post for the rest of the OTL log.

OTL logfile created on: 5/2/2011 9:22:34 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 25.94 Gb Free Space | 50.18% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 0.99 Gb Free Space | 23.61% Space Free | Partition Type: FAT32

Computer Name: GRAVOTS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/05/02 19:16:21 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\conhost.exe
PRC - [2011/05/01 23:03:33 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\csrss.exe
PRC - [2011/05/01 23:03:23 | 000,181,248 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\dwm.exe
PRC - [2011/05/01 22:13:25 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\itt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/02 20:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/03/15 01:35:44 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/15 01:35:44 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/12/15 00:05:16 | 000,468,368 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Downloaded Program Files\DM.1\DMService.exe -- (DMService)
SRV - [2009/12/14 16:03:41 | 000,149,904 | -H-- | M] (Microsoft Â® Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/11/10 10:28:06 | 001,131,808 | -H-- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/12/26 14:40:51 | 000,151,552 | -H-- | M] (Skyhook Wireless) [Auto | Stopped] -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe -- (wpsscannersvc)
SRV - [2008/12/26 14:40:04 | 000,408,230 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe -- (atisvc_tmfha)
SRV - [2005/09/30 20:22:50 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/18 00:44:56 | 000,046,208 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2004/08/18 00:44:36 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/13 13:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/13 13:17:46 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/13 13:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/13 12:00:44 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/07/23 12:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 09:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/06/29 18:30:08 | 000,009,341 | -H-- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2010/05/27 07:17:17 | 000,371,248 | -H-- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 07:17:17 | 000,102,448 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/12/26 14:40:06 | 000,013,312 | -H-- | M] (Skyhook Wireless) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2006/10/04 03:00:00 | 000,831,880 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061016.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/10/04 03:00:00 | 000,079,240 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061016.020\NAVENG.SYS -- (NAVENG)
DRV - [2005/03/04 12:02:20 | 001,066,278 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/01 19:24:02 | 002,279,424 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 00:55:50 | 000,229,888 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/13 12:00:24 | 000,266,368 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/09 12:59:32 | 000,103,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/07/23 12:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- c:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 12:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 09:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2003/12/02 20:23:20 | 000,142,336 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 18:58:20 | 000,036,992 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/25 16:59:36 | 000,642,958 | RH-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Intels51.sys -- (Intels51) Intel(R)
DRV - [2002/10/21 12:37:16 | 000,515,803 | -H-- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/10/04 19:04:10 | 000,046,976 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/07/25 12:19:48 | 000,010,986 | -H-- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/01/16 13:07:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/13 22:09:37 | 000,000,000 | -H-D | M]

[2008/12/26 14:40:04 | 002,520,032 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\components\1282669.dll

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ElnkBhoGuard Class) - {00000000-0000-0000-0000-000000000002} - File not found
O2 - BHO: (ElnkScamBHO Class) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NAV CfgWiz] c:\Program Files\Norton AntiVirus\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab (Reg Error: Key error.)
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab (CouponTBInst Control)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? (MiniBugTransporterX Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://foodlion.coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} http://63.241.168.238/ecwplugins/ncs.cab (NCSView Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.brightstreet.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.219,93.188.160.190
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/02 21:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/02 20:56:41 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe
[2011/05/02 20:40:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/05/02 20:37:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/02 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/02 20:36:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/05/02 20:36:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/05/02 20:36:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/05/02 20:36:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/05/02 20:36:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/05/02 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/05/02 20:36:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/05/02 20:36:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpySubtract Spyware Manager
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\PC Help & Tools
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/05/02 20:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/05/02 19:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011/05/02 19:10:00 | 000,103,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/02 19:10:00 | 000,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/02 19:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/02 17:55:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/01 23:01:27 | 000,000,000 | -H-D | C] -- C:\Program Files\interMute
[2011/05/01 22:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mC28601DiIgM28601
[2011/05/01 22:53:51 | 000,000,000 | -H-D | C] -- C:\Microsoft
[2011/05/01 20:10:00 | 000,095,568 | RH-- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys.5bf4.deleteme
[2011/05/01 20:09:57 | 000,385,536 | RH-- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys.5e02.deleteme
[2011/05/01 20:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/05/01 19:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriveScrubber 3
[2011/05/01 19:21:35 | 002,234,552 | -H-- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2011/05/01 19:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2011/05/01 19:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Search and Recover
[2011/05/01 19:16:04 | 000,009,341 | -H-- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2011/05/01 19:15:49 | 000,000,000 | -H-D | C] -- C:\Program Files\iolo
[2011/05/01 19:14:36 | 000,000,000 | -H-D | C] -- C:\iolo
[2011/05/01 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/04/30 20:05:46 | 000,520,704 | ---- | C] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\iVxRnQyKaCplSN.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 21:16:18 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2011/05/02 21:10:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 20:56:56 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe
[2011/05/02 20:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/05/02 20:36:12 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 20:32:08 | 000,020,058 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7436f707h6re145pe55c
[2011/05/02 20:31:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 20:30:05 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/02 20:24:00 | 000,000,898 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 19:59:23 | 000,000,188 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/02 19:58:44 | 000,000,894 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 19:11:52 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/05/02 19:10:21 | 004,997,120 | -H-- | M] () -- C:\WINDOWS\outlook.pst
[2011/05/02 18:39:42 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
[2011/05/01 23:22:47 | 000,002,154 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2011/05/01 21:56:34 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/01 20:04:43 | 000,185,016 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 19:51:30 | 000,001,891 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 19:02:16 | 000,074,703 | -H-- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2011/05/01 11:18:20 | 000,001,945 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865972r
[2011/04/30 20:16:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865972
[2011/04/30 20:16:19 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865972
[2011/04/30 20:16:16 | 000,444,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865972.exe
[2011/04/30 20:05:46 | 000,520,704 | ---- | M] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\iVxRnQyKaCplSN.exe
[2011/04/26 12:07:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 21:16:13 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2011/05/02 20:36:08 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk
[2011/05/02 20:36:08 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/02 20:36:08 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/02 20:36:08 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/02 20:36:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/02 20:36:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/05/02 20:36:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/02 20:36:07 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/05/02 20:36:07 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/05/02 20:36:07 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/02 20:36:07 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/05/02 19:52:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 19:11:51 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/05/02 17:54:17 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/01 23:03:44 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\htjzka.dat
[2011/05/01 23:01:31 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2011/05/01 22:13:26 | 000,020,058 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7436f707h6re145pe55c
[2011/05/01 21:54:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/01 21:54:01 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/01 19:02:16 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/05/01 11:17:33 | 000,001,945 | -H-- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:16:26 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865972r
[2011/04/30 20:16:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865972
[2011/04/30 20:16:19 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865972
[2011/04/30 20:16:16 | 000,444,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865972.exe
[2011/01/21 11:15:07 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\GALSINT.INI
[2010/10/14 16:48:58 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/21 10:36:53 | 000,035,324 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/12 10:08:45 | 000,000,121 | -H-- | C] () -- C:\WINDOWS\GALSWIN.INI
[2010/07/10 16:32:37 | 000,013,729 | -H-- | C] () -- C:\WINDOWS\Galsmave.ini
[2009/11/29 17:57:49 | 000,000,110 | -H-- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/09 22:48:47 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/16 11:03:02 | 000,027,136 | -H-- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2009/08/08 19:10:37 | 000,016,001 | -H-- | C] () -- C:\Program Files\Common Files\edacyroho._sy
[2009/08/08 16:35:31 | 000,018,290 | -H-- | C] () -- C:\Program Files\Common Files\ebyduho.dl
[2009/08/08 16:35:31 | 000,013,855 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xoneku.ban
[2009/08/08 16:35:30 | 000,019,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ofahapa.dat
[2009/08/08 16:35:30 | 000,010,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amom.bin
[2009/08/01 08:26:13 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/08/01 08:26:13 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/08/01 08:26:13 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/08/01 08:26:13 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/08/01 08:26:13 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/08/01 08:26:13 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/08/01 08:26:13 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/08/01 08:26:13 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/08/01 08:26:13 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/08/01 08:26:13 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/08/01 08:26:13 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/08/01 08:26:13 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/08/01 08:26:13 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/08/01 08:26:13 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/08/01 08:26:13 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/15 22:16:02 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2009/02/15 12:05:47 | 000,020,480 | RH-- | C] () -- C:\WINDOWS\Imgtask.exe
[2007/08/27 10:18:16 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\System32\PPCInstall.dll
[2007/01/19 19:47:36 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/19 19:47:03 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/01/19 19:47:03 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/09/06 21:10:15 | 000,010,752 | -H-- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/02/11 13:55:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/02 20:18:19 | 000,000,165 | -H-- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2005/06/21 09:24:24 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/04/22 10:09:20 | 000,000,853 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/22 10:08:58 | 000,000,303 | -H-- | C] () -- C:\WINDOWS\Sierra.ini
[2005/03/27 12:32:32 | 000,001,888 | -H-- | C] () -- C:\WINDOWS\CA533A.INI
[2005/03/27 12:32:32 | 000,001,325 | -H-- | C] () -- C:\WINDOWS\Remove.ini
[2005/03/27 12:32:31 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\ShowBmp.exe
[2005/03/27 11:45:42 | 000,000,572 | -H-- | C] () -- C:\WINDOWS\videoimp.ini
[2005/03/27 11:45:32 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/27 11:45:21 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\VI_setup.ini
[2005/03/27 11:44:02 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\PI4_setup.ini
[2005/03/04 10:51:02 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/18 19:07:35 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2005/02/18 15:50:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\bobvila.INI
[2005/02/15 14:35:09 | 000,000,371 | -H-- | C] () -- C:\WINDOWS\Trpmaker.INI
[2005/02/15 13:32:02 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/15 13:32:02 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2005/02/15 13:31:36 | 000,038,688 | -H-- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2005/02/15 13:31:36 | 000,011,136 | -H-- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2005/02/08 22:11:28 | 001,107,192 | -H-- | C] () -- C:\WINDOWS\Xwmba500.dll
[2005/02/08 22:11:28 | 000,260,440 | -H-- | C] () -- C:\WINDOWS\Xwmhb500.dll
[2005/02/08 22:11:28 | 000,174,352 | -H-- | C] () -- C:\WINDOWS\Xwmte500.dll
[2005/02/08 22:11:28 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\PHAssist.ini
[2005/01/30 10:09:37 | 000,083,456 | -H-- | C] () -- C:\WINDOWS\System32\lxsmunin.exe
[2005/01/30 10:09:36 | 000,000,643 | -H-- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/30 10:09:35 | 000,079,872 | -H-- | C] () -- C:\WINDOWS\System32\lex_psu.exe
[2005/01/30 10:09:34 | 000,328,704 | -H-- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2005/01/26 14:18:06 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/01/17 22:57:46 | 000,000,567 | -H-- | C] () -- C:\WINDOWS\JUNO.INI
[2004/11/17 06:10:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 06:09:59 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 06:09:03 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 06:08:35 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/17 05:48:01 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 05:48:01 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 05:47:59 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 05:47:55 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 05:47:51 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 16:57:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 21:46:37 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 21:45:58 | 000,013,949 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 21:45:50 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 21:19:17 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:07:27 | 000,001,040 | -H-- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 21:02:35 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 20:33:02 | 000,299,073 | -H-- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 20:33:02 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 20:32:36 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 20:04:20 | 000,000,802 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 19:57:30 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 19:44:44 | 000,000,572 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 19:44:04 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 19:44:01 | 000,381,692 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 19:44:01 | 000,053,436 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 12:51:40 | 000,004,346 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 12:50:42 | 000,185,016 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 01:35:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/04/23 12:21:38 | 000,020,635 | -H-- | C] () -- C:\WINDOWS\Galavent.ini
[1997/07/11 00:00:00 | 000,047,104 | -H-- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | -H-- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | -H-- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========

Re: windows recovery, ms removal, xp home security3rd May 2011, 2:51 am

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/10/26 19:59:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/01/26 15:29:00 | 000,058,880 | -H-- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMPRINT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >
[2009/08/08 19:10:36 | 000,017,061 | -H-- | M] () -- C:\WINDOWS\idiri._sy
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/11/17 06:30:49 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/26 20:04:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/05/02 20:56:56 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u25-windows-i586.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/08/08 16:35:31 | 000,018,290 | -H-- | M] () -- C:\Program Files\Common Files\ebyduho.dl
[2009/08/08 19:10:37 | 000,016,001 | -H-- | M] () -- C:\Program Files\Common Files\edacyroho._sy

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 07:00:00 | 000,000,791 | -H-- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/11/17 06:30:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/17 05:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\deployJava1.dll
[2009/03/08 04:31:44 | 000,348,160 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2010/12/09 08:38:47 | 002,192,768 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntoskrnl.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/26 12:49:51 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/26 12:49:51 | 000,634,880 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/26 12:49:51 | 000,868,352 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 07:00:00 | 000,009,029 | -H-- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/10/26 21:45:58 | 000,013,949 | -H-- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/04 07:00:00 | 000,027,097 | -H-- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 07:00:00 | 000,004,768 | -H-- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 07:00:00 | 000,042,809 | -H-- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 07:00:00 | 000,042,537 | -H-- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 07:00:00 | 000,027,866 | -H-- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 07:00:00 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 07:00:00 | 000,029,370 | -H-- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 07:00:00 | 000,029,274 | -H-- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 07:00:00 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 07:00:00 | 000,033,840 | -H-- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 07:00:00 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 07:00:00 | 000,035,648 | -H-- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 07:00:00 | 000,035,424 | -H-- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 07:00:00 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 08:21:11 | 001,857,920 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | -H-- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2001/01/26 15:29:00 | 000,058,880 | -H-- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMPRINT.DLL

< %SYSTEMDRIVE%\*.* >
[2004/10/26 22:01:18 | 000,000,104 | -H-- | M] () -- C:\.lnk
[2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2005/01/17 22:44:37 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2005/01/17 23:08:38 | 000,000,283 | -HS- | M] () -- C:\boot.ini
[2004/08/04 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/10/12 20:28:13 | 000,004,906 | -H-- | M] () -- C:\ffastun.ffa
[2005/10/12 20:28:12 | 000,745,472 | -H-- | M] () -- C:\ffastun.ffl
[2005/10/12 20:28:13 | 000,884,736 | -H-- | M] () -- C:\ffastun.ffo
[2005/10/12 20:28:12 | 000,995,328 | -H-- | M] () -- C:\ffastun0.ffx
[2011/05/02 20:30:05 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2004/10/26 20:32:36 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2004/10/26 20:00:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/02 19:03:58 | 000,003,474 | ---- | M] () -- C:\ioloUpdate.log
[2007/10/17 09:33:23 | 000,091,050 | -H-- | M] () -- C:\jswx.log
[2004/10/26 20:00:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/25 08:42:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/02 20:30:54 | 301,989,888 | -HS- | M] () -- C:\pagefile.sys
[2009/10/05 11:12:52 | 000,141,067 | -H-- | M] () -- C:\web passwords.rtf
[2009/10/22 15:26:08 | 000,000,162 | -H-- | M] () -- C:\~$b passwords.rtf

< %PROGRAMFILES%\*. >
[2009/04/27 12:42:56 | 000,000,000 | -H-D | M] -- C:\Program Files\A Fairy Tale
[2010/07/23 15:04:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2009/03/14 21:39:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Adventures of Robinson Crusoe
[2010/04/20 09:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Ancient Quest Of Saqqarah
[2010/01/15 23:25:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2005/03/27 11:45:21 | 000,000,000 | -H-D | M] -- C:\Program Files\ArcSoft
[2008/06/28 15:18:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Autodesk
[2005/02/18 10:22:17 | 000,000,000 | -H-D | M] -- C:\Program Files\AWS
[2004/10/26 21:46:36 | 000,000,000 | -H-D | M] -- C:\Program Files\BackWeb
[2010/07/20 14:42:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2006/12/15 13:31:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Canon
[2011/05/02 19:10:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2004/10/26 21:46:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Compaq Connections
[2004/10/26 19:57:16 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2005/02/18 15:42:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Compton's Home Library
[2004/11/17 06:28:47 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2009/10/30 18:16:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2005/03/19 18:40:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Earth Resource Mapping
[2009/07/06 14:13:53 | 000,000,000 | -H-D | M] -- C:\Program Files\eGames
[2009/08/01 08:31:43 | 000,000,000 | -H-D | M] -- C:\Program Files\epson
[2009/08/01 08:30:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Epson Software
[2008/11/03 21:32:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Family Feud II
[2009/03/01 23:04:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Floating Kingdoms
[2010/07/12 10:08:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Galswin
[2008/12/07 13:58:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Games
[2011/03/17 09:47:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2004/10/26 21:51:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Help and Support Additions
[2008/11/03 21:32:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Hidden Wonders Of The Depths
[2006/02/02 20:18:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Infogrames Interactive
[2011/05/01 19:43:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/05/01 23:01:27 | 000,000,000 | -H-D | M] -- C:\Program Files\interMute
[2011/05/01 22:53:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2011/05/01 19:21:28 | 000,000,000 | -H-D | M] -- C:\Program Files\iolo
[2010/07/20 15:02:53 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2009/10/15 10:13:04 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod(2)
[2010/07/20 15:07:05 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2009/10/15 10:13:04 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes(2)
[2010/09/18 11:11:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/10/15 10:15:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Juice
[2010/07/20 17:51:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2009/10/27 16:39:26 | 000,000,000 | -H-D | M] -- C:\Program Files\LeapFrog
[2008/11/25 09:05:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2010/01/16 13:07:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2006/07/24 21:17:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/10/15 10:22:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/26 20:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Forefront UAG
[2004/10/26 20:00:18 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2006/07/24 21:16:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/04/22 08:51:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2005/01/18 14:00:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2009/04/27 12:45:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
[2010/08/11 22:30:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2009/12/02 18:00:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2004/10/26 19:56:08 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2004/10/26 19:56:20 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2010/01/16 13:07:56 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Toolbar
[2010/01/16 13:08:14 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Toolbar Installer
[2006/11/17 23:18:36 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2005/02/18 10:22:17 | 000,000,000 | -H-D | M] -- C:\Program Files\MySearch
[2005/03/18 11:04:21 | 000,000,000 | -H-D | M] -- C:\Program Files\MyWebSearch
[2008/11/25 08:44:58 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2011/05/02 19:16:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Norton AntiVirus
[2011/05/02 21:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/10/20 11:19:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/16 00:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/15 10:12:33 | 000,000,000 | -H-D | M] -- C:\Program Files\PHAssist
[2010/07/20 14:54:56 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2009/10/15 10:13:10 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime(2)
[2009/10/15 10:16:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Rand McNally
[2008/10/29 21:42:52 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2009/10/17 17:57:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Shared
[2008/10/29 21:40:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Shockwave.com
[2010/07/23 15:04:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Shutterfly
[2005/04/22 10:08:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Sierra On-Line
[2008/12/26 14:40:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Skyhook Wireless
[2004/10/26 21:28:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2004/10/26 21:28:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic RecordNow!
[2011/05/02 19:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/01/05 16:43:46 | 000,000,000 | -H-D | M] -- C:\Program Files\sz18110_7
[2010/03/02 15:00:11 | 000,000,000 | -H-D | M] -- C:\Program Files\sz8001
[2010/03/12 12:19:36 | 000,000,000 | -H-D | M] -- C:\Program Files\sz8034_6
[2007/12/31 10:55:48 | 000,000,000 | -H-D | M] -- C:\Program Files\sz8080_6
[2007/01/19 19:48:21 | 000,000,000 | -H-D | M] -- C:\Program Files\TaxCut06
[2006/02/11 13:59:15 | 000,000,000 | -H-D | M] -- C:\Program Files\The Learning Company
[2011/01/13 10:33:21 | 000,000,000 | -H-D | M] -- C:\Program Files\THQ
[2009/02/06 21:48:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Treasure Seekers - Visions of Gold
[2010/07/24 12:07:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Ubisoft
[2004/10/26 20:03:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/05/29 17:06:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Unity
[2010/10/23 20:06:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Veetle
[2006/02/01 11:05:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Virtools Web Player 3.0
[2010/05/26 20:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Whale Communications
[2009/10/15 10:12:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Safety Center
[2008/11/25 08:44:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2006/07/24 21:16:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Messaging
[2011/05/01 22:54:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2009/10/18 18:40:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2004/10/26 19:58:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/10/26 20:00:18 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2009/04/27 12:44:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2009/03/17 13:50:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Zodiac Tower

< %appdata%\*.* >
[2004/10/26 12:51:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini

< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 14:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/11/25 08:36:23 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 07:00:00 | 000,026,496 | -H-- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | -H-- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | -H-- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-28 04:26:14

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC95B5ED
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACFF27B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8292261
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03B5CC1F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90574144
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60C375
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12C32D25
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D277F53
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB

< End of report >

Re: windows recovery, ms removal, xp home security3rd May 2011, 6:22 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: windows recovery, ms removal, xp home security3rd May 2011, 9:09 pm

Ran ComboFix, sorry took so long to post log. Had to call my internet provider because my internet wasn't working. It doesn't look like any more virus. Should I go ahead and load my virus protection software.

ComboFix 11-05-02.04 - Administrator 05/03/2011 9:30.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.961 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Worm Protection *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\18865972.exe
c:\documents and settings\All Users\Application Data\iVxRnQyKaCplSN.exe
c:\documents and settings\All Users\Application Data\mC28601DiIgM28601
c:\documents and settings\All Users\Application Data\mC28601DiIgM28601\mC28601DiIgM28601
c:\documents and settings\All Users\Application Data\mC28601DiIgM28601\mC28601DiIgM28601.exe
c:\documents and settings\Compaq_Owner\test.exe
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
C:\Microsoft
c:\program files\Common Files\ebyduho.dl
c:\program files\MySearch
c:\program files\MySearch\bar\History\search
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\Downloaded Program Files\DM.0
c:\windows\Downloaded Program Files\DM.1
c:\windows\Downloaded Program Files\DM.1\DMService.exe
c:\windows\Downloaded Program Files\DM.1\WhlMgr.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
c:\windows\Downloaded Program Files\MiniBugTransporter.dll
c:\windows\idiri._sy
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\rnaph.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DMService
-------\Legacy_DMService
-------\Service_DMService
-------\Service_DMService
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 02:18 . 2011-05-03 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-05-03 02:18 . 2011-05-03 02:18 -------- d-----w- c:\program files\NOS
2011-05-03 01:36 . 2011-05-03 14:34 -------- d-----w- c:\documents and settings\Administrator
2011-05-03 00:10 . 2004-08-09 17:59 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-03 00:10 . 2004-08-09 17:59 103952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-03 00:09 . 2011-05-03 00:10 -------- d-----w- c:\program files\Symantec
2011-05-02 04:01 . 2011-05-02 04:01 -------- d--h--w- c:\program files\interMute
2011-05-02 03:54 . 2011-05-02 03:54 181248 ---ha-w- c:\program files\Windows NT\dwm.exe
2011-05-02 03:53 . 2011-05-02 03:53 170496 ---ha-w- c:\program files\Internet Explorer\conhost.exe
2011-05-02 00:21 . 2011-03-15 06:36 2234552 ---ha-w- c:\windows\system32\Incinerator.dll
2011-05-02 00:17 . 2011-05-02 00:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2011-05-02 00:16 . 2010-09-23 18:29 511328 ---ha-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-05-02 00:16 . 2010-06-29 23:30 9341 ---ha-w- c:\windows\system32\drivers\filedisk.sys
2011-05-02 00:15 . 2011-05-02 00:21 -------- d--h--w- c:\program files\iolo
2011-05-02 00:14 . 2011-05-02 00:14 -------- d-----w- C:\iolo
2011-05-02 00:02 . 2011-05-02 00:02 74703 ---ha-w- c:\windows\system32\mfc45.dll
2011-05-02 00:01 . 2011-05-03 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2011-04-14 08:39 . 2011-04-14 08:39 103864 ---ha-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 20:16 . 2009-07-15 14:09 398760 ---ha-r- c:\windows\system32\cpnprt2.cid
2011-03-07 05:33 . 2004-11-17 11:09 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-11-17 10:49 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-11-17 10:49 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-11-17 11:09 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-11-17 11:09 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2004-11-17 10:49 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-02-22 11:41 . 2004-11-17 11:09 385024 ---ha-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-11-17 11:10 455936 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-11-17 10:48 357888 ---ha-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 12:33 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-11-17 11:08 290432 ---ha-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-11-17 11:09 229888 ---ha-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-11-17 11:09 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2004-11-17 10:48 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2004-11-17 11:09 978944 ---ha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-11-17 11:09 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2008-12-26 19:40 . 2009-12-02 23:01 2520032 ---ha-w- c:\program files\mozilla firefox\components\1282669.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON NX100 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE" [2008-02-04 188928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-23 36864]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 58488]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2004-08-17 132248]
"conhost"="c:\documents and settings\Compaq_Owner\Application Data\Microsoft\conhost.exe" [2011-05-03 170496]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 atisvc_tmfha;atisvc_tmfha;c:\windows\system32\cadhgw\atisvc_tmfha.exe [12/26/2008 2:40 PM 408230]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/1/2011 7:16 PM 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/1/2011 7:16 PM 724152]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [5/26/2010 8:37 PM 149904]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [3/27/2005 12:32 PM 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 8:06 PM 136176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 8:12 PM 102448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 8:06 PM 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [11/17/2004 5:48 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SYMREDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a19ceb1e-fb82-11dd-93d1-0011d810b45a}]
\Shell\AutoRun\command - F:\Imageviewer.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 01:06]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 01:06]
.
2011-05-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2011-05-03 22:26]
.
2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.tds.net/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56242
Trusted Zone: hrblock.com\www
Trusted Zone: hrblock.com\www.taxes
Trusted Zone: hrblock.com\www.taxeshelp
DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} - hxxp://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
HKCU-Run-Norton Download Manager{N360S_prod_1.19_4.1.0.32} - c:\documents and settings\All Users\Documents\Norton\{N360S_prod_1.19_4.1.0.32}\N360Downloader.exe
HKCU-Run-iVxRnQyKaCplSN - c:\documents and settings\All Users\Application Data\iVxRnQyKaCplSN.exe
HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 09:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\rarliw32.exe 67072 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\WININET.dll
c:\windows\system32\cadhgw\mcie_ghcdt.dll
c:\windows\system32\cadhgw\mca_fwpux.dll
c:\windows\system32\cadhgw\mcapp_nfgbf.dll
c:\windows\system32\cadhgw\AWTKernel32_diysf.dll
c:\windows\system32\cadhgw\ATIDLL_jieok.dll
c:\windows\system32\cadhgw\mcsc_irvkl.dll
c:\windows\system32\cadhgw\mcy_fpela.dll
c:\windows\system32\cadhgw\mcmsg_nkonx.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\jscript.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
.
- - - - - - - > 'csrss.exe'(612)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\documents and settings\Compaq_Owner\Application Data\dwm.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\csrss.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\VTTimer.exe
c:\windows\AGRSMMSG.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
.
**************************************************************************
.
Completion time: 2011-05-03 09:48:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-03 14:48
.
Pre-Run: 27,662,630,912 bytes free
Post-Run: 26,495,971,328 bytes free
.
- - End Of File - - 395ACE5993C84BEB5F97892A2941B1E6

Re: windows recovery, ms removal, xp home security4th May 2011, 5:49 am

Let's make sure there isn't more infection...

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

windows recovery, ms removal, xp home security AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Re: windows recovery, ms removal, xp home security4th May 2011, 12:49 pm

Last night I still had MS Removal tool. I actually ran ComboFix again after figuring out that McAfee was somehow still on my computer and installing it using a tool from here. I then installed my antivirus software. Should I still download aswMBR? And if so do I need to uninstall my antivirus software or turn off.

Re: windows recovery, ms removal, xp home security5th May 2011, 1:23 am

Went ahead and did scan here is the log

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-04 20:21:32
-----------------------------
20:21:32.281 OS Version: Windows 5.1.2600 Service Pack 3
20:21:32.281 Number of processors: 1 586 0xA00
20:21:32.281 ComputerName: GRAVOTS UserName:
20:21:34.859 Initialize success
20:21:37.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
20:21:37.781 Disk 0 Vendor: WDC_WD600BB-22JHA0 05.01C05 Size: 57241MB BusType: 3
20:21:39.796 Disk 0 MBR read successfully
20:21:39.796 Disk 0 MBR scan
20:21:39.796 Disk 0 Windows XP default MBR code
20:21:41.796 Disk 0 scanning sectors +117225360
20:21:41.812 Disk 0 scanning C:\WINDOWS\system32\drivers
20:21:59.359 Service scanning
20:22:00.593 Disk 0 trace - called modules:
20:22:00.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x896b11ed]<<
20:22:00.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89714ab8]
20:22:00.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x897c49e8]
20:22:00.609 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8977bd98]
20:22:00.609 \Driver\atapi[0x897d39b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x896b11ed
20:22:00.609 Scan finished successfully
20:22:22.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
20:22:22.328 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"

Re: windows recovery, ms removal, xp home security6th May 2011, 9:20 am

Please upload MBR.dat, located on your Desktop, to Rapidshare, and then post the download link here.

Re: windows recovery, ms removal, xp home security6th May 2011, 5:49 pm

https://rapidshare.com/files/460955868/aswMBR.txt

Re: windows recovery, ms removal, xp home security7th May 2011, 9:12 am

There should've been MBR.dat on there. Was it not there?

Re: windows recovery, ms removal, xp home security8th May 2011, 1:10 am

https://rapidshare.com/files/461217806/MBR.dat

Re: windows recovery, ms removal, xp home security8th May 2011, 1:14 am

Sorry about that. Was it that it wouldn't download or did I put the wrong thing on there. If it was the wrong thing I found MBR dat on desktop and the link above is hopefully it. I had download aswMBR to the site.

Re: windows recovery, ms removal, xp home security10th May 2011, 2:20 am

Please download Rooter and Save it to your desktop

Double click it to start the tool.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Re: windows recovery, ms removal, xp home security10th May 2011, 6:24 pm

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:51 Go - Free:26 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:0 Go )
E:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 13:23.29
Path : C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe
User : Compaq_Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (556)
______ \??\C:\WINDOWS\system32\csrss.exe (620)
______ \??\C:\WINDOWS\system32\winlogon.exe (644)
______ C:\WINDOWS\system32\services.exe (688)
______ C:\WINDOWS\system32\lsass.exe (700)
______ C:\WINDOWS\system32\svchost.exe (860)
______ C:\WINDOWS\system32\svchost.exe (936)
______ C:\WINDOWS\System32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1100)
______ C:\WINDOWS\system32\svchost.exe (1204)
______ C:\WINDOWS\system32\LEXBCES.EXE (1580)
______ C:\WINDOWS\system32\spoolsv.exe (1616)
______ C:\WINDOWS\system32\LEXPPS.EXE (1632)
______ C:\WINDOWS\system32\svchost.exe (364)
______ C:\windows\system\hpsysdrv.exe (416)
______ C:\HP\KBD\KBD.EXE (436)
______ C:\WINDOWS\system32\VTTimer.exe (452)
______ C:\WINDOWS\AGRSMMSG.exe (460)
______ C:\WINDOWS\ALCXMNTR.EXE (472)
______ C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (912)
______ C:\Program Files\iTunes\iTunesHelper.exe (1192)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1876)
______ C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe (1904)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1936)
______ C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe (1988)
______ C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (528)
______ C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (596)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (996)
______ C:\WINDOWS\system32\svchost.exe (2108)
______ C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (2168)
______ C:\WINDOWS\system32\wdfmgr.exe (2280)
______ C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (2360)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2416)
______ C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe (2460)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (2508)
______ C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (2524)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2732)
______ C:\Program Files\iPod\bin\iPodService.exe (3460)
______ C:\WINDOWS\System32\alg.exe (4080)
______ C:\Program Files\iolo\System Mechanic PC TotalCare\System Shield\ioloSSTray.exe (2648)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (3456)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2344)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2324)
______ C:\WINDOWS\explorer.exe (1608)
______ C:\Program Files\Outlook Express\msimn.exe (4056)
______ C:\WINDOWS\system32\ctfmon.exe (3344)
______ C:\Program Files\QuickTime\qttask.exe (3240)
______ C:\Program Files\internet explorer\iexplore.exe (1968)
______ C:\Program Files\internet explorer\iexplore.exe (3584)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (2928)
______ C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe (2136)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:4497744384)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:4497776640 | Length:55521607680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Symantec NetDetect.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 13:23.50
.
C:\Rooter$\Rooter_1.txt - (10/05/2011 | 13:23.50)

Re: windows recovery, ms removal, xp home security11th May 2011, 5:41 am

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: windows recovery, ms removal, xp home security12th May 2011, 12:18 am

2011/05/11 19:16:45.0671 1432 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 19:16:46.0203 1432 ================================================================================
2011/05/11 19:16:46.0203 1432 SystemInfo:
2011/05/11 19:16:46.0203 1432
2011/05/11 19:16:46.0203 1432 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/11 19:16:46.0203 1432 Product type: Workstation
2011/05/11 19:16:46.0203 1432 ComputerName: GRAVOTS
2011/05/11 19:16:46.0203 1432 UserName: Compaq_Owner
2011/05/11 19:16:46.0203 1432 Windows directory: C:\WINDOWS
2011/05/11 19:16:46.0203 1432 System windows directory: C:\WINDOWS
2011/05/11 19:16:46.0203 1432 Processor architecture: Intel x86
2011/05/11 19:16:46.0203 1432 Number of processors: 1
2011/05/11 19:16:46.0203 1432 Page size: 0x1000
2011/05/11 19:16:46.0203 1432 Boot type: Normal boot
2011/05/11 19:16:46.0203 1432 ================================================================================
2011/05/11 19:16:46.0734 1432 Initialize success
2011/05/11 19:16:58.0734 2736 ================================================================================
2011/05/11 19:16:58.0734 2736 Scan started
2011/05/11 19:16:58.0734 2736 Mode: Manual;
2011/05/11 19:16:58.0734 2736 ================================================================================
2011/05/11 19:16:59.0703 2736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/11 19:16:59.0921 2736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/11 19:17:00.0296 2736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/11 19:17:00.0484 2736 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/11 19:17:00.0765 2736 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/11 19:17:01.0484 2736 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/11 19:17:01.0890 2736 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/11 19:17:02.0125 2736 AMP (182806937f4af5cc0f3c65b4d68b051e) C:\WINDOWS\system32\DRIVERS\amp.sys
2011/05/11 19:17:02.0515 2736 AMPSE (b95101fbceb2ae4873e3bc38460f5568) C:\WINDOWS\system32\DRIVERS\ampse.sys
2011/05/11 19:17:02.0890 2736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/11 19:17:03.0484 2736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/11 19:17:03.0718 2736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/11 19:17:04.0093 2736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/11 19:17:04.0328 2736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/11 19:17:04.0562 2736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/11 19:17:04.0843 2736 Ca533av (a8eae8e358de3a21e6eb54f4fc7f65ec) C:\WINDOWS\system32\Drivers\Ca533av.sys
2011/05/11 19:17:05.0078 2736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/11 19:17:05.0296 2736 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/11 19:17:05.0656 2736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/11 19:17:05.0875 2736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/11 19:17:06.0093 2736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/11 19:17:06.0968 2736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/11 19:17:07.0250 2736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/11 19:17:07.0484 2736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/11 19:17:07.0687 2736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/11 19:17:07.0921 2736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/11 19:17:08.0359 2736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/11 19:17:08.0546 2736 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/11 19:17:08.0593 2736 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/11 19:17:08.0843 2736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/11 19:17:09.0218 2736 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/05/11 19:17:09.0453 2736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/11 19:17:09.0671 2736 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/05/11 19:17:09.0890 2736 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/05/11 19:17:10.0390 2736 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
2011/05/11 19:17:10.0625 2736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/11 19:17:11.0062 2736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/11 19:17:11.0406 2736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/11 19:17:11.0625 2736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/11 19:17:11.0859 2736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/11 19:17:12.0421 2736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/11 19:17:12.0640 2736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/11 19:17:13.0312 2736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/11 19:17:13.0765 2736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/11 19:17:14.0031 2736 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/11 19:17:14.0250 2736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/11 19:17:14.0578 2736 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/11 19:17:14.0765 2736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/11 19:17:15.0015 2736 Intels51 (4befe7b88f963dcc4b302adf60d47e4f) C:\WINDOWS\system32\DRIVERS\Intels51.sys
2011/05/11 19:17:15.0250 2736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/11 19:17:15.0468 2736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/11 19:17:15.0687 2736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/11 19:17:15.0953 2736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/11 19:17:16.0156 2736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/11 19:17:16.0375 2736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/11 19:17:16.0656 2736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/11 19:17:16.0890 2736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/11 19:17:17.0140 2736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/11 19:17:17.0546 2736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/11 19:17:17.0734 2736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/11 19:17:17.0968 2736 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/11 19:17:18.0203 2736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/11 19:17:18.0406 2736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/11 19:17:18.0812 2736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/11 19:17:19.0062 2736 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/11 19:17:19.0312 2736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/11 19:17:19.0531 2736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/11 19:17:19.0765 2736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/11 19:17:19.0984 2736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/11 19:17:20.0203 2736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/11 19:17:20.0421 2736 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/11 19:17:20.0656 2736 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/11 19:17:20.0890 2736 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/11 19:17:21.0109 2736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/11 19:17:21.0484 2736 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/11 19:17:21.0718 2736 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/11 19:17:21.0937 2736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/11 19:17:22.0156 2736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/11 19:17:22.0609 2736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/11 19:17:22.0828 2736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/11 19:17:23.0328 2736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/11 19:17:23.0968 2736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/11 19:17:24.0203 2736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/11 19:17:24.0656 2736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/11 19:17:24.0890 2736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/11 19:17:25.0296 2736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/11 19:17:25.0531 2736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/11 19:17:25.0765 2736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/11 19:17:25.0984 2736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/11 19:17:26.0218 2736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/11 19:17:26.0421 2736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/11 19:17:26.0640 2736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/11 19:17:26.0906 2736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/11 19:17:27.0125 2736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/11 19:17:28.0359 2736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/11 19:17:28.0593 2736 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/11 19:17:28.0812 2736 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/05/11 19:17:29.0156 2736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/11 19:17:29.0359 2736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/11 19:17:29.0593 2736 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/11 19:17:30.0515 2736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/11 19:17:30.0781 2736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/11 19:17:31.0281 2736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/11 19:17:32.0015 2736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/11 19:17:32.0375 2736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/11 19:17:32.0718 2736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/11 19:17:32.0968 2736 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/11 19:17:33.0203 2736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/11 19:17:33.0421 2736 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/05/11 19:17:33.0687 2736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/11 19:17:33.0906 2736 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/11 19:17:34.0140 2736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/11 19:17:34.0359 2736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/11 19:17:34.0687 2736 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/05/11 19:17:34.0906 2736 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/05/11 19:17:35.0171 2736 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/05/11 19:17:35.0500 2736 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/11 19:17:36.0468 2736 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/11 19:17:36.0781 2736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/11 19:17:36.0968 2736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/11 19:17:37.0515 2736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/11 19:17:38.0125 2736 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/11 19:17:38.0343 2736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/11 19:17:38.0562 2736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/11 19:17:39.0406 2736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/11 19:17:39.0765 2736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/11 19:17:39.0984 2736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/11 19:17:40.0203 2736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/11 19:17:40.0421 2736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/11 19:17:40.0812 2736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/11 19:17:41.0156 2736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/11 19:17:41.0375 2736 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/11 19:17:41.0593 2736 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk533.sys
2011/05/11 19:17:41.0812 2736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/11 19:17:42.0031 2736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/11 19:17:42.0250 2736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/11 19:17:42.0578 2736 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/11 19:17:42.0796 2736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/11 19:17:43.0000 2736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/11 19:17:43.0218 2736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/11 19:17:43.0640 2736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/11 19:17:43.0859 2736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/11 19:17:44.0078 2736 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/05/11 19:17:44.0296 2736 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/05/11 19:17:44.0546 2736 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/11 19:17:44.0765 2736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/11 19:17:45.0046 2736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/11 19:17:45.0343 2736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/11 19:17:45.0718 2736 Wpsnuio (a060186c8a004967094bfb52d50cecbc) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
2011/05/11 19:17:45.0937 2736 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/11 19:17:46.0171 2736 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/11 19:17:46.0359 2736 ================================================================================
2011/05/11 19:17:46.0359 2736 Scan finished
2011/05/11 19:17:46.0359 2736 ================================================

Re: windows recovery, ms removal, xp home security12th May 2011, 6:21 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1

Link 2

Link 3

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

Re: windows recovery, ms removal, xp home security12th May 2011, 12:37 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003dc

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA059000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA048000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA0B8000 MountMgr.sys
0xBA029000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xBA011000 atapi.sys
0xB9FEE000 fasttx2k.sys
0xB9FD6000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9FB6000 fltmgr.sys
0xB9FA4000 sr.sys
0xBA338000 PxHelp20.sys
0xB9F8D000 KSecDD.sys
0xB9F00000 Ntfs.sys
0xB9ED3000 NDIS.sys
0xBA340000 viaagp1.sys
0xBA0F8000 SISAGPX.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9EB9000 Mup.sys
0xB986E000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xB9726000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xB9712000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB985E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB984E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB983E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3C0000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB96CB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB949E000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB947A000 \SystemRoot\system32\drivers\portcls.sys
0xB982E000 \SystemRoot\system32\drivers\drmk.sys
0xB981E000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xB980E000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA558000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9466000 \SystemRoot\system32\DRIVERS\parport.sys
0xB97FE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA6DF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB97EE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB944F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB97DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB943E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA400000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB93E0000 \SystemRoot\system32\DRIVERS\update.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA188000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7C1000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA418000 \SystemRoot\System32\drivers\vga.sys
0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA5A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8385000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB832C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8304000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA5A4000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB82E2000 \SystemRoot\System32\drivers\afd.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9775000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB82B7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB821F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB81F9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB9755000 \SystemRoot\System32\Drivers\FileDisk.SYS
0xB8173000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB814F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8137000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB93B8000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA450000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA772000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xB37D5000 \SystemRoot\system32\DRIVERS\amp.sys
0xB3803000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB37FF000 \SystemRoot\system32\DRIVERS\wpsnuio.sys
0xB3450000 \SystemRoot\system32\drivers\wdmaud.sys
0xB35ED000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3335000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB30F0000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2FF8000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2868000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB22DD000 \SystemRoot\system32\DRIVERS\ampse.sys
0xB1F3F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
556 C:\WINDOWS\system32\smss.exe
620 csrss.exe
644 C:\WINDOWS\system32\winlogon.exe
688 C:\WINDOWS\system32\services.exe
700 C:\WINDOWS\system32\lsass.exe
860 C:\WINDOWS\system32\svchost.exe
936 svchost.exe
1036 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1232 svchost.exe
1528 C:\WINDOWS\explorer.exe
1652 C:\WINDOWS\system32\LexBceS.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1696 C:\WINDOWS\system32\Lexpps.exe
2016 svchost.exe
120 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
144 C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
172 C:\Program Files\Bonjour\mDNSResponder.exe
188 C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
376 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
1112 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
1200 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1836 C:\WINDOWS\system32\svchost.exe
1940 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
404 wdfmgr.exe
452 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
108 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
820 C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe
984 C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
2140 C:\Program Files\Canon\CAL\CALMAIN.exe
2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3108 C:\WINDOWS\system\hpsysdrv.exe
3128 C:\hp\KBD\kbd.exe
3148 C:\WINDOWS\system32\VTTimer.exe
3168 C:\WINDOWS\AGRSMMSG.exe
3224 C:\WINDOWS\ALCXMNTR.EXE
3360 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
3460 C:\Program Files\iTunes\iTunesHelper.exe
3496 C:\WINDOWS\system32\ctfmon.exe
3568 alg.exe
3988 C:\Program Files\iPod\bin\iPodService.exe
1356 C:\Program Files\iolo\System Mechanic PC TotalCare\System Shield\ioloSSTray.exe
4076 iexplore.exe
808 C:\Program Files\Internet Explorer\iexplore.exe
1428 SCServer.exe
3936 C:\Program Files\Outlook Express\msimn.exe
1984 C:\Program Files\Internet Explorer\iexplore.exe
668 C:\Program Files\Internet Explorer\iexplore.exe
2868 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
3984 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0c16a000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD600BB-22JHA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Re: windows recovery, ms removal, xp home security12th May 2011, 6:08 pm

GMER

Note about this tool:

This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
No matter what is in the log, please post all the information/contents of the log.
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Re: windows recovery, ms removal, xp home security17th May 2011, 10:23 pm

Okay here you go sorry it took me so long to get back.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-17 14:58:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 WDC_WD600BB-22JHA0 rev.05.01C05
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fxtdqpob.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3036] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Re: windows recovery, ms removal, xp home security18th May 2011, 3:31 am

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Re: windows recovery, ms removal, xp home security18th May 2011, 10:42 pm

The only thing that is wrong with my computer now is that it is working really slow.

Re: windows recovery, ms removal, xp home security18th May 2011, 11:43 pm

Let's clean up the computer and our tools and see if it'll work faster...

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran TFC
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

Re: windows recovery, ms removal, xp home security19th May 2011, 12:40 am

Okay this is probably not good. Went to do system restore. When I go to system tools the only thing that shows up is internet explorer (no add ons). Should I skip this and do the others?

Re: windows recovery, ms removal, xp home security19th May 2011, 6:15 pm

I'd like to see a current list of your programs...Open OTL if you still have it, if not download a new copy, press Quick Scan and post the log when done.

Re: windows recovery, ms removal, xp home security19th May 2011, 9:28 pm

OTL logfile created on: 5/19/2011 3:29:19 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 26.05 Gb Free Space | 50.39% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 0.99 Gb Free Space | 23.60% Space Free | Partition Type: FAT32

Computer Name: GRAVOTS | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 15:26:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.com
PRC - [2011/03/15 15:54:36 | 000,617,640 | ---- | M] () -- C:\Program Files\iolo\System Mechanic PC TotalCare\System Shield\ioloSSTray.exe
PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/01/19 18:46:54 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/01/19 18:46:48 | 000,121,384 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/12/14 16:03:41 | 000,149,904 | ---- | M] (Microsoft Â® Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/12/26 14:40:51 | 000,151,552 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe
PRC - [2008/12/26 14:40:04 | 000,408,230 | ---- | M] () -- C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/19 15:26:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/01/19 18:46:56 | 000,158,248 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/01/19 18:46:54 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/01/19 18:46:48 | 000,121,384 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/12/14 16:03:41 | 000,149,904 | ---- | M] (Microsoft Â® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/12/26 14:40:51 | 000,151,552 | ---- | M] (Skyhook Wireless) [Auto | Running] -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe -- (wpsscannersvc)
SRV - [2008/12/26 14:40:04 | 000,408,230 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe -- (atisvc_tmfha)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2010/05/27 07:17:17 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 07:17:17 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/19 18:53:46 | 000,127,016 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amp.sys -- (AMP)
DRV - [2010/01/19 18:53:44 | 001,118,248 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ampse.sys -- (AMPSE)
DRV - [2008/12/26 14:40:06 | 000,013,312 | ---- | M] (Skyhook Wireless) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/01 19:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 00:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/25 16:59:36 | 000,642,958 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Intels51.sys -- (Intels51) Intel(R)
DRV - [2002/10/21 12:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/07/25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.tds.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/01/16 13:07:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/13 22:09:37 | 000,000,000 | ---D | M]

[2009/12/07 20:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2008/12/26 14:40:04 | 002,520,032 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\1282669.dll

O1 HOSTS File: ([2011/05/10 10:54:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000002} - No CLSID value found.
O2 - BHO: (no name) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [WhlCach3.exe] C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe (Microsoft Â® Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab (CouponTBInst Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} http://63.241.168.238/ecwplugins/ncs.cab (NCSView Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 20:00:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Compaq_Owner\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 15:26:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.com
[2011/05/19 15:22:03 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTC.exe
[2011/05/11 19:16:34 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.exe
[2011/05/10 13:23:50 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/05/10 13:23:22 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe
[2011/05/10 11:39:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/08 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2011/05/08 17:53:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/08 17:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/08 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/08 17:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/04 20:20:58 | 000,577,536 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2011/05/03 23:12:15 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll
[2011/05/03 23:12:12 | 000,087,688 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2011/05/03 23:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic PC TotalCare
[2011/05/03 23:12:03 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\offreg.dll
[2011/05/03 23:12:03 | 000,029,696 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2011/05/03 23:12:03 | 000,011,776 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2011/05/03 22:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/03 22:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2011/05/03 09:26:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/03 09:26:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/03 09:26:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/03 09:26:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/03 09:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/03 09:08:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2011/05/03 08:27:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/02 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/02 21:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/02 20:28:05 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\jre-6u25-windows-i586.exe
[2011/05/02 19:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/02 17:55:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/01 23:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\interMute
[2011/05/01 20:10:00 | 000,095,568 | R--- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys.5bf4.deleteme
[2011/05/01 20:09:57 | 000,385,536 | R--- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys.5e02.deleteme
[2011/05/01 19:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriveScrubber 3
[2011/05/01 19:21:35 | 002,234,552 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2011/05/01 19:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2011/05/01 19:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Search and Recover
[2011/05/01 19:16:04 | 000,009,341 | ---- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2011/05/01 19:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2011/05/01 19:14:36 | 000,000,000 | ---D | C] -- C:\iolo
[2011/05/01 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
[2011/05/01 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo

========== Files - Modified Within 30 Days ==========

[2011/05/19 15:26:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.com
[2011/05/19 15:24:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/19 15:21:58 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTC.exe
[2011/05/19 14:24:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 06:46:30 | 000,000,408 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2011/05/19 06:46:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 06:44:12 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/19 06:44:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 06:44:06 | 1274,597,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 19:53:08 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\unhide.exe
[2011/05/18 17:29:50 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934C330A-1743-4407-BF40-7B65DA3CE113}.job
[2011/05/17 12:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 07:41:45 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/14 07:41:39 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2011/05/12 18:49:33 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2011/05/12 07:35:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2011/05/12 07:34:20 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.exe
[2011/05/10 14:05:24 | 000,170,711 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\web passwords.rtf
[2011/05/10 13:23:22 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Compaq_Owner\Desktop\Rooter.exe
[2011/05/10 10:54:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/10 10:42:31 | 004,345,263 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/05/10 07:47:32 | 000,017,438 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\32760rk4g1p24q1l2o174hf3526j1456y7i1o1865s52h
[2011/05/10 07:47:31 | 000,017,438 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\32760rk4g1p24q1l2o174hf3526j1456y7i1o1865s52h
[2011/05/08 20:11:23 | 000,014,192 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\mptnc6q8788g1dt0rhb7ftt43p
[2011/05/08 20:11:23 | 000,014,192 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mptnc6q8788g1dt0rhb7ftt43p
[2011/05/08 17:53:35 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/06 12:44:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2011/05/04 20:20:58 | 000,577,536 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2011/05/03 23:20:37 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2011/05/03 23:12:12 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Mechanic PC TotalCare.lnk
[2011/05/03 23:12:12 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Mechanic PC TotalCare.lnk
[2011/05/03 22:40:07 | 000,974,081 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\A guide and tutorial on using ComboFix.mht
[2011/05/03 22:36:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/03 22:05:48 | 000,009,646 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\E16E.007
[2011/05/03 15:19:40 | 000,001,494 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Calculator.lnk
[2011/05/03 15:19:37 | 004,997,120 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2011/05/03 09:00:25 | 000,020,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7436f707h6re145pe55c
[2011/05/03 09:00:24 | 000,020,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\7436f707h6re145pe55c
[2011/05/02 20:30:05 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/02 20:28:05 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\jre-6u25-windows-i586.exe
[2011/05/02 19:11:52 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/05/01 23:22:47 | 000,002,154 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2011/05/01 22:49:05 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/05/01 21:56:34 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/01 20:04:43 | 000,185,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 19:21:42 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DriveScrubber.lnk
[2011/05/01 19:16:19 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Search and Recover.lnk
[2011/05/01 19:02:16 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2011/05/01 11:18:20 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:16:19 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865972

========== Files Created - No Company Name ==========

[2011/05/19 06:46:30 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2011/05/18 19:53:12 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\unhide.exe
[2011/05/14 07:41:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/14 07:41:39 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2011/05/12 18:49:33 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2011/05/12 07:35:05 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2011/05/09 22:25:36 | 000,017,438 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\32760rk4g1p24q1l2o174hf3526j1456y7i1o1865s52h
[2011/05/09 22:25:36 | 000,017,438 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\32760rk4g1p24q1l2o174hf3526j1456y7i1o1865s52h
[2011/05/08 20:04:30 | 000,014,192 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\mptnc6q8788g1dt0rhb7ftt43p
[2011/05/08 20:04:30 | 000,014,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mptnc6q8788g1dt0rhb7ftt43p
[2011/05/08 17:53:35 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 20:22:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2011/05/03 23:20:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2011/05/03 23:12:12 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Mechanic PC TotalCare.lnk
[2011/05/03 23:12:12 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Mechanic PC TotalCare.lnk
[2011/05/03 23:00:35 | 1274,597,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/03 22:43:01 | 004,345,263 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/05/03 22:40:04 | 000,974,081 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\A guide and tutorial on using ComboFix.mht
[2011/05/03 09:26:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/03 09:26:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/03 09:26:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/03 09:26:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/03 09:26:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/02 19:52:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 19:11:51 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/05/02 17:54:17 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/01 23:03:44 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\htjzka.dat
[2011/05/01 23:03:23 | 000,009,646 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\E16E.007
[2011/05/01 23:01:31 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2011/05/01 22:49:05 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/05/01 22:13:26 | 000,020,062 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\7436f707h6re145pe55c
[2011/05/01 22:13:26 | 000,020,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7436f707h6re145pe55c
[2011/05/01 21:54:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/01 21:54:01 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/01 19:21:42 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DriveScrubber.lnk
[2011/05/01 19:16:19 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Search and Recover.lnk
[2011/05/01 19:02:16 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/05/01 11:17:33 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 20:16:19 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865972
[2011/01/21 11:15:07 | 000,000,408 | ---- | C] () -- C:\WINDOWS\GALSINT.INI
[2010/10/14 16:54:14 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/14 16:48:58 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/21 10:36:53 | 000,035,324 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/12 10:08:45 | 000,000,121 | ---- | C] () -- C:\WINDOWS\GALSWIN.INI
[2010/07/10 16:32:37 | 000,013,729 | ---- | C] () -- C:\WINDOWS\Galsmave.ini
[2009/11/29 17:57:49 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/09 22:48:47 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/16 11:03:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2009/08/08 19:10:37 | 000,018,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\hypyz.dat
[2009/08/08 19:10:37 | 000,016,001 | ---- | C] () -- C:\Program Files\Common Files\edacyroho._sy
[2009/08/08 19:10:36 | 000,010,067 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\tyqogumip.ban
[2009/08/08 16:35:31 | 000,013,855 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xoneku.ban
[2009/08/08 16:35:31 | 000,011,900 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\karylyped._dl
[2009/08/08 16:35:30 | 000,019,825 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ofys.dl
[2009/08/08 16:35:30 | 000,019,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ofahapa.dat
[2009/08/08 16:35:30 | 000,011,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ysokobiviq.bin
[2009/08/08 16:35:30 | 000,010,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amom.bin
[2009/08/01 08:26:13 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/08/01 08:26:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/08/01 08:26:13 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/08/01 08:26:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/08/01 08:26:13 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/08/01 08:26:13 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/08/01 08:26:13 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/08/01 08:26:13 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/08/01 08:26:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/08/01 08:26:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/08/01 08:26:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/08/01 08:26:13 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/08/01 08:26:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/08/01 08:26:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/08/01 08:26:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/24 22:29:38 | 000,013,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\slot1.mm1
[2009/02/15 22:16:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/02/15 12:05:47 | 000,020,480 | R--- | C] () -- C:\WINDOWS\Imgtask.exe
[2007/08/27 10:18:16 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PPCInstall.dll
[2007/01/19 19:47:36 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/19 19:47:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/01/19 19:47:03 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/09/06 21:10:15 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/02/11 13:55:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/02 20:18:19 | 000,000,165 | ---- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2005/06/21 09:24:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/04/22 10:09:20 | 000,000,853 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/22 10:08:58 | 000,000,303 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/03/27 12:32:32 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2005/03/27 12:32:32 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2005/03/27 12:32:31 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2005/03/27 12:10:48 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/27 11:45:42 | 000,000,572 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/03/27 11:45:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/27 11:45:21 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2005/03/27 11:44:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2005/03/04 10:51:02 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/18 19:07:35 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/02/18 15:50:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bobvila.INI
[2005/02/15 14:35:09 | 000,000,371 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2005/02/15 13:32:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/15 13:32:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2005/02/15 13:31:36 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2005/02/15 13:31:36 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2005/02/08 22:11:28 | 001,107,192 | ---- | C] () -- C:\WINDOWS\Xwmba500.dll
[2005/02/08 22:11:28 | 000,260,440 | ---- | C] () -- C:\WINDOWS\Xwmhb500.dll
[2005/02/08 22:11:28 | 000,174,352 | ---- | C] () -- C:\WINDOWS\Xwmte500.dll
[2005/02/08 22:11:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\PHAssist.ini
[2005/01/30 10:09:37 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\lxsmunin.exe
[2005/01/30 10:09:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/30 10:09:35 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\lex_psu.exe
[2005/01/30 10:09:34 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2005/01/26 14:18:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/01/18 10:03:26 | 000,006,248 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/01/17 22:57:46 | 000,000,567 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2005/01/17 22:46:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2004/11/17 06:10:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 06:09:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 06:09:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 06:08:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/17 05:48:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 05:48:01 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 05:47:59 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 05:47:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 05:47:51 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 16:57:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 21:46:37 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 21:45:58 | 000,013,949 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 21:45:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 21:19:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:07:27 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/26 21:02:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 21:02:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 21:02:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 20:33:02 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 20:33:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 20:32:36 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 20:04:20 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 19:57:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 19:44:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 19:44:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 19:44:01 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 19:44:01 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 12:51:40 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 12:50:42 | 000,185,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/04/23 12:21:38 | 000,020,635 | ---- | C] () -- C:\WINDOWS\Galavent.ini
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Unicode (All) ==========
[2008/07/05 16:24:27 | 000,000,393 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\?????????????) -- C:\Documents and Settings\Compaq_Owner\倁䌀䐀爀䴀漀搀攀洀⸀椀渀椀

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC95B5ED
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACFF27B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8292261
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03B5CC1F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90574144
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60C375
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12C32D25
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D277F53
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB

< End of report >

Re: windows recovery, ms removal, xp home security20th May 2011, 11:17 am

Run this please and post a log: http://www.urlhadtodie.com/downloads/uninstallListGenerator.zip

Re: windows recovery, ms removal, xp home security20th May 2011, 2:37 pm

It wouldn't let me run. When I doubleclicked a compressed (zipped) Folders Error came up. Error was "The Compressed (zipped) Folder is invalid or corrupted.

Re: windows recovery, ms removal, xp home security21st May 2011, 12:29 am

Right click on it and select Extract All...

Go through the wizard. Then, it should create a new folder with the program inside of it so you can run the program.

Re: windows recovery, ms removal, xp home security21st May 2011, 3:07 am

Tried wizard still came up with The Compressed (zipped) Folder is invalid or corrupted.

Re: windows recovery, ms removal, xp home security22nd May 2011, 3:45 am

Please download: HijackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
It will also create a shortcut on your Desktop.
Accept the license agreement.
Click Do a System Scan and Save a Logfile.
Please post the log in your next reply.

Re: windows recovery, ms removal, xp home security22nd May 2011, 1:18 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:28 AM, on 5/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iolo\System Mechanic PC TotalCare\System Shield\ioloSSTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - (no file)
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhlCach3.exe] C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} (CouponTBInst Control) - http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://63.241.168.238/ecwplugins/ncs.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.165.219,93.188.160.190
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: atisvc_tmfha - Unknown owner - C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: WPS Wi-Fi Scanner Service (wpsscannersvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe

--
End of file - 10432 bytes

Re: windows recovery, ms removal, xp home security23rd May 2011, 7:30 am

Found the source of the redirects...

Please open HijackThis and click "Do a system scan only" and check the following item only:

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.165.219,93.188.160.190

Close all other windows except for HijackThis and press Fix checked.

Restart your system, and post a new HijackThis log in your next reply.

Please get an uninstall list from HijackThis by doing the following:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: windows recovery, ms removal, xp home security23rd May 2011, 11:17 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:06:50 PM, on 5/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - (no file)
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhlCach3.exe] C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} (CouponTBInst Control) - http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://63.241.168.238/ecwplugins/ncs.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: atisvc_tmfha - Unknown owner - C:\WINDOWS\system32\cadhgw\atisvc_tmfha.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: WPS Wi-Fi Scanner Service (wpsscannersvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\wpsscannersvc.exe

--
End of file - 10064 bytes

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
Alphabet Express
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
AVSDK5
Blue's Preschool
Blue's Room
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catz (remove only)
Compaq Connections
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Digital Camera
Dreamship Tales
Easy Internet Sign-up
EPSON NX100 Series Printer Uninstall
Galswin
getPlus(R)_ocx
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Additions
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Icatch(IV) Camera Driver
Image Web Server IE Plugins 2,0,0,104
iolo technologies' DriveScrubber 3
iolo technologies' Search and Recover
iolo technologies' System Mechanic PC TotalCare
iTunes
Java(TM) 6 Update 21
Juice 2.2
KBD
KODAK Gallery Upload Software
LeapFrog Connect
LeapFrog Connect
LeapFrog Leapster2 Plugin
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Default Manager
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Works
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pdf995
PdfEdit995
Pencil-Pal Preschool
Physician's Home Assistant 1.8
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
QuickTime
QuickTime 3.0
Reader Rabbit Learn To Read With Phonics
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Shutterfly Express Uploader
Shutterfly Express Uploader
SierraHome Print Artist 12.0
Sonic RecordNow!
TaxCut Basic 2006
Transition Math K-1
Unity Web Player
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Veetle TV 0.9.18
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Wonder Words

Re: windows recovery, ms removal, xp home security24th May 2011, 8:44 am

Looking at the programs listed in your previous reply, which of those do you see in the Start menu?

Re: windows recovery, ms removal, xp home security24th May 2011, 10:15 pm

Adobe Reader 9.4.4
Alphabet Express
ArcSoft PhotoImpression
ArSoft VideoImpression 1.6
Blue's Preschool
Blue's Room
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catz
Coupon Printer for Windows
Galswin
Google Chrome
Goodgle Earth Plug-in
HiJackThis
iTunes
Juice 2.2
KODAK Gallery Upload Software
LeapFrog Connect
Malwarebytes' Anti-Walware
Microsoft Silverlight
Pencil-Pal Preschool
Physician's Home Assistant 1.8
QuickTime
Reader Rabbit Learn To Read With Phonics
Shutterfly Express Uploader
Sonic RecordNow!
TaxCut Basic 2006
Transition Math K-1
Windows Media Player 10
Wonder Words

Re: windows recovery, ms removal, xp home security25th May 2011, 10:31 am

I would recommend for the programs that you do want to see in the start menu to just reinstall them.

windows recovery, ms removal, xp home security

descriptionwindows recovery, ms removal, xp home security3rd May 2011, 2:51 am

descriptionRe: windows recovery, ms removal, xp home security3rd May 2011, 2:51 am

descriptionRe: windows recovery, ms removal, xp home security3rd May 2011, 6:22 am

descriptionRe: windows recovery, ms removal, xp home security3rd May 2011, 9:09 pm

descriptionRe: windows recovery, ms removal, xp home security4th May 2011, 5:49 am

descriptionRe: windows recovery, ms removal, xp home security4th May 2011, 12:49 pm

descriptionRe: windows recovery, ms removal, xp home security5th May 2011, 1:23 am

descriptionRe: windows recovery, ms removal, xp home security6th May 2011, 9:20 am

descriptionRe: windows recovery, ms removal, xp home security6th May 2011, 5:49 pm

descriptionRe: windows recovery, ms removal, xp home security7th May 2011, 9:12 am

descriptionRe: windows recovery, ms removal, xp home security8th May 2011, 1:10 am

descriptionRe: windows recovery, ms removal, xp home security8th May 2011, 1:14 am

descriptionRe: windows recovery, ms removal, xp home security10th May 2011, 2:20 am

descriptionRe: windows recovery, ms removal, xp home security10th May 2011, 6:24 pm

descriptionRe: windows recovery, ms removal, xp home security11th May 2011, 5:41 am

descriptionRe: windows recovery, ms removal, xp home security12th May 2011, 12:18 am

descriptionRe: windows recovery, ms removal, xp home security12th May 2011, 6:21 am

descriptionRe: windows recovery, ms removal, xp home security12th May 2011, 12:37 pm

descriptionRe: windows recovery, ms removal, xp home security12th May 2011, 6:08 pm

descriptionRe: windows recovery, ms removal, xp home security17th May 2011, 10:23 pm

descriptionRe: windows recovery, ms removal, xp home security18th May 2011, 3:31 am

descriptionRe: windows recovery, ms removal, xp home security18th May 2011, 10:42 pm

descriptionRe: windows recovery, ms removal, xp home security18th May 2011, 11:43 pm

descriptionRe: windows recovery, ms removal, xp home security19th May 2011, 12:40 am

descriptionRe: windows recovery, ms removal, xp home security19th May 2011, 6:15 pm

descriptionRe: windows recovery, ms removal, xp home security19th May 2011, 9:28 pm

descriptionRe: windows recovery, ms removal, xp home security20th May 2011, 11:17 am

descriptionRe: windows recovery, ms removal, xp home security20th May 2011, 2:37 pm

descriptionRe: windows recovery, ms removal, xp home security21st May 2011, 12:29 am

descriptionRe: windows recovery, ms removal, xp home security21st May 2011, 3:07 am

descriptionRe: windows recovery, ms removal, xp home security22nd May 2011, 3:45 am

descriptionRe: windows recovery, ms removal, xp home security22nd May 2011, 1:18 pm

descriptionRe: windows recovery, ms removal, xp home security23rd May 2011, 7:30 am

descriptionRe: windows recovery, ms removal, xp home security23rd May 2011, 11:17 pm

descriptionRe: windows recovery, ms removal, xp home security24th May 2011, 8:44 am

descriptionRe: windows recovery, ms removal, xp home security24th May 2011, 10:15 pm

descriptionRe: windows recovery, ms removal, xp home security25th May 2011, 10:31 am

descriptionRe: windows recovery, ms removal, xp home security