Virus locked out of admin

Hi, I am locked out of administrative by this virus, I cant read websites correctly please help.

Im sorry the websites are not posting correctly so I dont know if Im posting in the correct location please help.

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL logfile created on: 1/15/2011 1:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Moms\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 94.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 0.96 Gb Free Space | 11.94% Space Free | Partition Type: FAT32

Computer Name: YOUR-09DEDAFE33 | User Name: Moms | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 13:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moms\Desktop\OTL.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/08/05 04:51:16 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/23 20:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/09/24 08:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [1997/08/18 23:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/15 13:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moms\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/05/21 14:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/11/08 10:45:25 | 000,000,000 | ---D | M]

[2010/06/21 12:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moms\Application Data\Mozilla\Extensions
[2010/07/07 21:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moms\Application Data\Mozilla\Firefox\Profiles\npar0hin.default\extensions
[2010/07/07 18:49:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/07 18:49:06 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/06 11:20:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\RSDUpdater.exe.lnk = C:\WINDOWS\explorer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Moms\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Moms\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 13:33:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moms\Desktop\OTL.exe
[2011/01/15 13:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/11 14:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moms\Application Data\Avira
[2008/04/18 20:16:37 | 023,700,784 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2008/04/18 19:55:16 | 006,039,048 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.14.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/15 13:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moms\Desktop\OTL.exe
[2011/01/15 13:26:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/15 13:26:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/15 13:26:07 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/23 12:42:57 | 000,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/23 12:42:57 | 000,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 20:41:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Moms\Application Data\$_hpcst$.hpc
[2010/07/06 16:48:43 | 001,401,344 | ---- | C] () -- C:\Program Files\HijackThis.msi
[2010/06/21 12:15:58 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Moms\Local Settings\Application Data\fusioncache.dat
[2010/06/21 12:15:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Moms\Local Settings\Application Data\DSwitch.txt
[2010/06/21 12:15:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Moms\Local Settings\Application Data\AtStart.txt
[2010/06/21 12:15:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Moms\Local Settings\Application Data\QSwitch.txt
[2010/04/23 11:37:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wa4rGu0l.dat
[2010/04/19 14:03:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nM50jekMl
[2010/03/28 07:32:24 | 000,017,930 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\OgDBc43wel
[2009/01/09 08:42:08 | 000,001,043 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2009/01/09 07:53:04 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/07/11 21:59:55 | 000,000,492 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/02 12:14:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2007/01/24 21:30:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/09 05:19:58 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/09 05:16:56 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/09 04:57:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/09 04:54:12 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/27 09:00:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 08:24:48 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/27 08:20:24 | 000,000,945 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 08:17:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 07:59:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/02 10:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1997/08/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/18 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 1/15/2011 1:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Moms\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 94.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 0.96 Gb Free Space | 11.94% Space Free | Partition Type: FAT32

Computer Name: YOUR-09DEDAFE33 | User Name: Moms | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Excel" = Microsoft Excel 97
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LimeWire" = LimeWire 5.5.14
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Money2006b" = Microsoft Money 2006
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Word8.0" = Microsoft Word 97

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5528

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/15/2011 10:22:19 PM
mbam-log-2011-01-15 (22-22-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 201580
Time elapsed: 42 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The first log had the virus, it removed it.
and then I ran again this is the second log.

Running much better, thank you Belahzur.

Belahzur,

Im into "Dads" account, and it will not let me use any antivirus program,
I can see websites log on etc, but it wont let me update or download a fresh copy of OTL or Malwarebytes, I also have a shield with red and a X,
: Your current security settings put your computer at risk. Click here to change your security settings". I do that click fix and nothing happens, I reset settings or default, but I keep getting that lil toolbar.

Any ideas?
Thanks
MW2

Hello.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hi Belahzur,

I can download threw "admisnistrator", and "moms account", those are fine, but "Dads account" is not letting me download anything, in safemode nothing, I can only view web pages???

my I.E. browser wont update, it has a bar that says "Your current security settings put your computer at risk. Click here to change your security settings. I do click fix now, but it does nothing. stays there.

????
MW2

Hi,

I took from a good laptop the two programs onto disc and tried to upload the programs into "dads account" and it will error on install but proceed to install if ignored.

MW2

Okay.

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 100):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B43000 \WINDOWS\system32\KDCOM.DLL
0xF8A53000 \WINDOWS\system32\BOOTVID.dll
0xF85F4000 ACPI.sys
0xF8B45000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF85E3000 pci.sys
0xF8643000 isapnp.sys
0xF8653000 ohci1394.sys
0xF8663000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8A57000 compbatt.sys
0xF8A5B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8C0B000 pciide.sys
0xF88C3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8B47000 intelide.sys
0xF8B49000 viaide.sys
0xF8B4B000 aliide.sys
0xF85C5000 pcmcia.sys
0xF8673000 MountMgr.sys
0xF85A6000 ftdisk.sys
0xF8A5F000 ACPIEC.sys
0xF8C0C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF88CB000 PartMgr.sys
0xF8683000 VolSnap.sys
0xF858E000 atapi.sys
0xF84B8000 iaStor.sys
0xF8693000 disk.sys
0xF86A3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8498000 fltmgr.sys
0xF88D3000 PxHelp20.sys
0xF8481000 KSecDD.sys
0xF83F4000 Ntfs.sys
0xF83C7000 NDIS.sys
0xF86B3000 Serial.sys
0xF83AD000 Mup.sys
0xF8AE3000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF86D3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF89AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8AEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA780000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF89F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA75C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A23000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA735000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF86E3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8903000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA705000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8B51000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8943000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF86F3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8703000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8713000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8723000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B13000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8733000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8743000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF89DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA692000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8753000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A0B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A1B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8763000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B57000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA634000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8B33000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF8773000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8783000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA7D8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D5C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B63000 \SystemRoot\System32\Drivers\Beep.SYS
0xF898B000 \SystemRoot\System32\drivers\vga.sys
0xBA558000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8B67000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8AEF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA525000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA4CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA4A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA47E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA45C000 \SystemRoot\System32\drivers\afd.sys
0xF8793000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA431000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA3C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA375000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA364000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBA28E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8AE7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF890B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C24000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBA066000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E66000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 17):
0 System Idle Process
4 System
508 C:\WINDOWS\system32\smss.exe
564 csrss.exe
588 C:\WINDOWS\system32\winlogon.exe
632 C:\WINDOWS\system32\services.exe
644 C:\WINDOWS\system32\lsass.exe
796 C:\WINDOWS\system32\svchost.exe
880 svchost.exe
1000 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1180 svchost.exe
1408 C:\WINDOWS\explorer.exe
1988 C:\WINDOWS\system32\ctfmon.exe
1292 C:\Program Files\Internet Explorer\iexplore.exe
400 C:\Program Files\Internet Explorer\iexplore.exe
1364 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`f7aa5200 (FAT32)

PhysicalDrive0 Model Number: ST96812AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 100):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B43000 \WINDOWS\system32\KDCOM.DLL
0xF8A53000 \WINDOWS\system32\BOOTVID.dll
0xF85F4000 ACPI.sys
0xF8B45000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF85E3000 pci.sys
0xF8643000 isapnp.sys
0xF8653000 ohci1394.sys
0xF8663000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8A57000 compbatt.sys
0xF8A5B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8C0B000 pciide.sys
0xF88C3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8B47000 intelide.sys
0xF8B49000 viaide.sys
0xF8B4B000 aliide.sys
0xF85C5000 pcmcia.sys
0xF8673000 MountMgr.sys
0xF85A6000 ftdisk.sys
0xF8A5F000 ACPIEC.sys
0xF8C0C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF88CB000 PartMgr.sys
0xF8683000 VolSnap.sys
0xF858E000 atapi.sys
0xF84B8000 iaStor.sys
0xF8693000 disk.sys
0xF86A3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8498000 fltmgr.sys
0xF88D3000 PxHelp20.sys
0xF8481000 KSecDD.sys
0xF83F4000 Ntfs.sys
0xF83C7000 NDIS.sys
0xF86B3000 Serial.sys
0xF83AD000 Mup.sys
0xF8AE3000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF86D3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF89AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8AEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA780000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF89F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA75C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A23000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA735000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF86E3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8903000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA705000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8B51000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8943000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF86F3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8703000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8713000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8723000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B13000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8733000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8743000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF89DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA692000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8753000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A0B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A1B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8763000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B57000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA634000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8B33000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF8773000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8783000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA7D8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D5C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B63000 \SystemRoot\System32\Drivers\Beep.SYS
0xF898B000 \SystemRoot\System32\drivers\vga.sys
0xBA558000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8B67000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8AEF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA525000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA4CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA4A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA47E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA45C000 \SystemRoot\System32\drivers\afd.sys
0xF8793000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA431000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA3C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA375000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA364000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBA28E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8AE7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF890B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C24000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBA066000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E66000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 17):
0 System Idle Process
4 System
508 C:\WINDOWS\system32\smss.exe
564 csrss.exe
588 C:\WINDOWS\system32\winlogon.exe
632 C:\WINDOWS\system32\services.exe
644 C:\WINDOWS\system32\lsass.exe
796 C:\WINDOWS\system32\svchost.exe
880 svchost.exe
1000 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1180 svchost.exe
1408 C:\WINDOWS\explorer.exe
1988 C:\WINDOWS\system32\ctfmon.exe
496 C:\Program Files\Internet Explorer\iexplore.exe
568 C:\Program Files\Internet Explorer\iexplore.exe
1012 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`f7aa5200 (FAT32)

PhysicalDrive0 Model Number: ST96812AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Hello.
Did you get a dump.dat file from doing that? if so, zip it and attach it please.

Hi,

It did not produce one, shall I try the steps again?

Thank you

Yes please.

Hi,

Well it put a file on the desktop called dump, but I cant copy it here or attach the file..??

You have to zip it and then attach it.

Hi Belahzur,

Yes I can zip it, but where is the button to attach and send it or attach it here, I don't see it?

MW2

See here:
http://www.GeekPolice.net/t21024-how-to-upload-an-attatchment

Follow the guide and attach the zip.