[Inactive] serious virus

was on work computer today and then mircrosoft essentials started giveing a virus warning and I cleaned and they kept popping up then it went bad started getting lots of windows -delayed write failed msgs and also a bogus program "system check" keeps running. Click on programs and says there are none there. Usually I can fix this but this seems to be beyound me. I tryed to run malwarebytes but says access denied ,tryed to run combofix but when it starts it reboots. all icons missing too.not good

Do NOT run Combofix unless asked to.

Restart computer in Safe Mode and let me know if it works better there.

also when booting first background is red,,also now i have file indextation fail error..sure another virus notice

been in safe mode but going there again..I knew I would see you tonight broni..This one looks pretty bad.. hope get the info back//should I go to admin or compaq owner

I did run combofix right after this happened

what is the worry about comfix?

You never answered my question.

as in works better yes no popups and warnings and also when running the combofix all it did was reboot when starting process,still no programs.

all that is there is a recycle bin and internet explorer on desktop

by the way did answer question but for some reason never posted

I told you NOT to run Combofix unless asked to.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

doing what you asked now .Sorry broni i ran combo before posting on vd

made disk but mine is dvd and the infected on has cd on it and wont boot off it..changed in bios and goes straight to windows

Well, you have to create CD then instead of DVD.

will get back tommarrow , ready to burn but no cd's ..go figure..

OK...

Running scan now...very sweet program Boni

OTL logfile created on: 2/16/2012 6:20:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 750.00 Mb Available Physical Memory | 78.00% Memory free
859.00 Mb Paging File | 773.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 34.04 Gb Free Space | 65.82% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 3.41 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Drive I: | 4.18 Gb Total Space | 0.99 Gb Free Space | 23.57% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (itlperf)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/08/11 16:05:24 | 000,085,096 | -H-- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/06/24 11:30:44 | 000,034,856 | -H-- | M] (Retrogamer) [Auto] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/12/27 09:59:30 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe -- (LCS)
SRV - [1999/12/31 19:00:00 | 000,014,336 | -H-- | M] (LSI Corporation) [Auto] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (vulfntrs)
DRV - File not found [Kernel | On_Demand] -- -- (vulfnths)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/19 07:43:59 | 000,015,890 | -H-- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/05/10 13:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 13:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2005/10/20 14:00:04 | 000,243,328 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/09/30 00:55:50 | 000,229,888 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 12:38:40 | 000,012,928 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/04 07:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/12/02 20:23:20 | 000,142,336 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 18:58:20 | 000,036,992 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [1999/12/31 19:00:00 | 003,644,032 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [1999/12/31 19:00:00 | 001,161,696 | -H-- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [1999/12/31 19:00:00 | 000,023,192 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [1999/12/31 19:00:00 | 000,013,976 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Compaq_Owner_ON_C\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2z\bar\1.bin\NP2zStub.dll (Retrogamer)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/04/21 07:14:47 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/22 02:01:49 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2011/06/24 11:30:50 | 000,000,000 | -H-D | M]


Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\WebBrowser: (Retrogamer) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UhUknMwmQEyg.exe] C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WlanUI] C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \WlanUI.exe ()
O4 - HKU\.DEFAULT..\Run: [R8388QA8U8] File not found
O4 - HKU\Compaq_Owner_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 20:00:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 21:07:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/02/15 19:55:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/15 19:55:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\TestApp
[2012/02/15 19:55:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/02/15 19:28:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/02/15 12:50:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/15 12:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/02/15 12:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/02/15 12:04:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/02/15 12:04:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/02/15 12:04:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/02/15 12:04:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/02/15 12:04:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/02/15 12:04:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/02/15 12:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpySubtract Spyware Manager
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\PC Help & Tools
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/02/15 12:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/02/15 12:01:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\System Check
[2012/02/14 11:43:31 | 000,000,000 | -H-D | C] -- C:\Program Files\av
[2012/02/14 11:41:14 | 000,763,824 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.TaskPanel.v12.0.1.ocx
[2012/02/14 11:41:13 | 001,648,560 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Controls.v12.0.1.ocx
[2012/02/14 11:41:13 | 000,518,064 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.v12.0.1.ocx
[2012/02/14 11:41:12 | 002,111,408 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.v12.0.1.ocx
[2012/02/14 11:41:11 | 002,410,416 | -H-- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Calendar.v12.0.1.ocx
[2012/02/14 11:17:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Business Objects
[2012/02/14 11:10:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/02/14 11:10:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\E2 Shop System 7.2
[2012/02/14 11:10:19 | 000,000,000 | -H-D | C] -- C:\Program Files\E2
[2012/02/14 11:10:18 | 000,557,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dao360.dll
[2012/02/14 11:10:11 | 000,089,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vb5db.dll
[2012/02/14 11:09:54 | 000,901,120 | -H-- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\System32\sscsdk32.dll
[2012/02/14 11:09:54 | 000,079,872 | -H-- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\S2SQLPRS.dll
[2012/02/14 11:09:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CRYSTAL
[2012/02/14 11:09:53 | 000,270,336 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2SODBC.DLL
[2012/02/14 11:09:53 | 000,171,008 | -H-- | C] (Seagate Software, Inc) -- C:\WINDOWS\System32\P2SOLEDB.DLL
[2012/02/14 11:09:53 | 000,140,288 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2SSQL.DLL
[2012/02/14 11:09:53 | 000,061,440 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2IRDAO.DLL
[2012/02/14 11:09:52 | 000,847,324 | -H-- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\CRYSTL32.OCX
[2012/02/14 11:09:52 | 000,274,489 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NTWDBLIB.DLL
[2012/02/14 11:09:52 | 000,094,208 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2BDAO.DLL
[2012/02/14 11:09:52 | 000,053,248 | -H-- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2CTDAO.DLL
[2012/02/14 11:09:51 | 000,229,888 | -H-- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\CRPAIG32.DLL
[2012/02/14 11:09:51 | 000,129,024 | -H-- | C] (Seagate Software, Inc) -- C:\WINDOWS\System32\P2SMON.DLL
[2012/02/14 11:09:48 | 005,797,888 | -H-- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\CRPE32.DLL
[2012/02/14 11:09:47 | 000,323,584 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSTEXT32.OCX
[2012/02/14 11:09:47 | 000,081,920 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSMETE32.OCX
[2012/02/14 11:09:46 | 000,380,928 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSCMD32.OCX
[2012/02/14 11:09:46 | 000,131,072 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\QPRO32.dll
[2012/02/14 11:09:46 | 000,131,072 | -H-- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSCOMB32.OCX
[2012/02/14 11:09:45 | 000,345,544 | -H-- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSA3D30.OCX
[2012/02/14 11:09:45 | 000,200,704 | -H-- | C] (Micro Estimating Systems, Inc.) -- C:\WINDOWS\System32\TOOLS4MFG.DLL
[2012/02/14 11:09:45 | 000,176,128 | -H-- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\DZIP32.DLL
[2012/02/14 11:09:45 | 000,143,360 | -H-- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\DUNZIP32.DLL
[2012/02/14 11:09:45 | 000,073,728 | -H-- | C] (Inner Media, Inc) -- C:\WINDOWS\System32\DZOCX32.OCX
[2012/02/14 11:09:45 | 000,071,680 | -H-- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\DUZOCX32.OCX
[2012/02/14 11:09:44 | 000,640,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OC30.dll
[2012/02/14 11:09:42 | 000,316,344 | -H-- | C] (Apex Software Corporation) -- C:\WINDOWS\System32\TDBGPP.DLL
[2012/02/14 11:09:40 | 000,832,448 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\TDBG6.OCX
[2012/02/14 11:09:35 | 001,044,480 | -H-- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2012/02/14 11:09:35 | 000,124,688 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx
[2012/02/14 11:09:34 | 000,137,000 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2012/02/14 11:09:34 | 000,103,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2012/02/14 11:09:33 | 001,392,640 | -H-- | C] (Synergration, Inc.) -- C:\WINDOWS\System32\QUICKIIFX.DLL
[2012/02/14 11:09:32 | 000,417,792 | -H-- | C] (ADDSoft, Inc.) -- C:\WINDOWS\System32\GanttOCX.ocx
[2012/02/14 11:09:28 | 000,102,469 | -H-- | C] (Microsoft) -- C:\WINDOWS\System32\VBPRNDLG.DLL
[2012/02/14 11:09:27 | 000,045,056 | -H-- | C] (Microsoft) -- C:\WINDOWS\System32\NTSVC.OCX
[2012/02/14 11:09:26 | 000,614,344 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\Resizer.dll
[2012/02/14 11:09:26 | 000,136,648 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\ResizableControl.dll
[2012/02/14 11:09:25 | 000,252,928 | -H-- | C] (VideoSoft) -- C:\WINDOWS\System32\VSOCX6.OCX
[2012/02/14 11:09:23 | 000,662,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2012/02/14 11:09:23 | 000,212,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2012/02/14 10:54:27 | 000,014,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 18:12:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/16 18:06:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 21:07:18 | 000,000,184 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/02/15 20:55:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Jxaw.job
[2012/02/15 20:00:43 | 000,000,413 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\spyware-doctor.exe.lnk
[2012/02/15 12:33:00 | 000,000,861 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/15 12:11:05 | 000,000,429 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/02/15 12:01:19 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f
[2012/02/15 12:01:18 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr
[2012/02/15 12:01:16 | 000,000,843 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk
[2012/02/15 12:01:11 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f
[2012/02/15 12:01:05 | 000,353,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe
[2012/02/15 11:59:09 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 11:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\YoWindow
[2012/02/15 11:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/02/15 11:58:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Realtek Sound Manager
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Help & Tools
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
[2012/02/15 11:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2012/02/15 11:58:08 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/02/15 11:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/15 11:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/15 11:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/02/15 11:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/02/15 11:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2012/02/15 11:52:55 | 000,446,976 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
[2012/02/14 11:18:30 | 000,007,139 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2012/02/14 11:11:28 | 000,000,401 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Touchscr.lnk
[2012/02/14 11:11:01 | 000,000,060 | -H-- | M] () -- C:\WINDOWS\BLSDATA.INI
[2012/02/14 11:10:49 | 000,000,383 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E2 Shop System 7.2.lnk
[2012/02/14 10:58:06 | 000,442,948 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/14 10:58:06 | 000,072,214 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/31 07:44:05 | 000,237,072 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/26 03:00:50 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 19:55:34 | 000,000,413 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\spyware-doctor.exe.lnk
[2012/02/15 12:33:00 | 000,000,861 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/15 12:04:22 | 000,001,632 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/02/15 12:04:22 | 000,000,779 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 12:04:22 | 000,000,742 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/02/15 12:04:22 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/15 12:04:21 | 000,002,235 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk
[2012/02/15 12:04:21 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/02/15 12:04:20 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/02/15 12:04:20 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/02/15 12:04:20 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/02/15 12:04:20 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/02/15 12:01:18 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f
[2012/02/15 12:01:18 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr
[2012/02/15 12:01:16 | 000,000,843 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk
[2012/02/15 12:01:11 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f
[2012/02/15 12:01:05 | 000,353,280 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe
[2012/02/15 11:56:00 | 000,446,976 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
[2012/02/14 11:11:28 | 000,000,401 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Touchscr.lnk
[2012/02/14 11:10:49 | 000,000,383 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E2 Shop System 7.2.lnk
[2012/02/14 11:09:54 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\RULE1.LLR
[2012/02/14 11:09:54 | 000,006,664 | -H-- | C] () -- C:\WINDOWS\System32\RULE1.DFA
[2012/02/14 11:09:51 | 000,017,920 | -H-- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012/02/14 11:09:31 | 000,342,910 | -H-- | C] () -- C:\WINDOWS\System32\VSTH_AE.THE
[2012/02/14 11:09:31 | 000,083,368 | -H-- | C] () -- C:\WINDOWS\System32\VSTHES6.OCX
[2012/02/14 11:09:30 | 000,173,472 | -H-- | C] () -- C:\WINDOWS\System32\VSSPELL6.OCX
[2012/02/14 11:09:29 | 001,344,475 | -H-- | C] () -- C:\WINDOWS\System32\VSSP_AE.DCT
[2012/02/14 11:09:28 | 000,001,768 | -H-- | C] () -- C:\WINDOWS\System32\VBPRNDLG.LIB
[2012/02/14 11:09:28 | 000,001,033 | -H-- | C] () -- C:\WINDOWS\System32\VBPRNDLG.EXP
[2012/02/14 11:09:28 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\VBPRNDLG.DEP
[2012/02/14 11:09:25 | 000,000,329 | -H-- | C] () -- C:\WINDOWS\System32\Resizer.dep
[2012/02/14 11:09:09 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\BLSDATA.INI
[2011/06/22 00:09:01 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/19 11:04:44 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/19 11:04:43 | 000,256,000 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/19 11:04:43 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2011/05/19 11:04:43 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2011/05/19 11:04:43 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 16:55:44 | 000,000,223 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\sett.dat
[2011/05/13 13:08:30 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/11 16:43:14 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/21 07:11:51 | 000,186,693 | -H-- | C] () -- C:\WINDOWS\hpwins24.dat
[2011/04/21 07:11:51 | 000,001,758 | -H-- | C] () -- C:\WINDOWS\hpwmdl24.dat
[2011/04/19 07:57:13 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2011/04/19 07:44:06 | 000,142,768 | -H-- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2011/04/19 07:40:42 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\avrack.ini
[2011/04/19 07:40:36 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/04/19 07:40:36 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/19 07:25:28 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/12/21 17:57:36 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/11/17 06:10:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/17 06:09:59 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/17 06:09:03 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/17 06:08:35 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/17 05:48:01 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/17 05:48:01 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/17 05:47:59 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/17 05:47:55 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/17 05:47:51 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/27 16:57:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 21:46:37 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 21:45:58 | 000,013,949 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 21:45:50 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 21:19:17 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:07:27 | 000,001,040 | -H-- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 21:02:35 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 21:02:35 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 20:33:02 | 000,299,073 | -H-- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 20:33:02 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 20:32:36 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 20:04:20 | 000,000,802 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 19:57:30 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 19:44:44 | 000,000,572 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 19:44:04 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 19:44:01 | 000,442,948 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 19:44:01 | 000,072,214 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 12:51:40 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 12:50:42 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 16:37:42 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/20 05:14:46 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== LOP Check ==========

[2004/10/26 22:12:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/02/15 19:55:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\TestApp
[2011/08/11 15:55:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Autodesk
[2004/10/26 22:12:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2011/06/16 10:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\whitesmoketoolbar
[2011/10/02 11:25:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\YoWindow
[2011/05/16 11:24:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/08/11 16:06:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/06/24 11:31:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2012/02/15 20:00:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/16 10:56:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YoWindow
[2012/02/15 20:55:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\Jxaw.job
[2012/02/16 18:12:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

duplicate

sorry posted twice

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

---

:OTL
SRV - File not found [Auto] -- -- (itlperf)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
SRV - [2011/06/24 11:30:44 | 000,034,856 | -H-- | M] (Retrogamer) [Auto] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Compaq_Owner_ON_C\..\Toolbar\WebBrowser: (Retrogamer) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)
O4 - HKLM..\Run: [UhUknMwmQEyg.exe] C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe ()
O4 - HKU\.DEFAULT..\Run: [R8388QA8U8] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/02/15 12:01:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\System Check
[2012/02/15 20:55:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Jxaw.job
[2012/02/15 12:33:00 | 000,000,861 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/15 12:01:19 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f
[2012/02/15 12:01:18 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr
[2012/02/15 12:01:16 | 000,000,843 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk
[2012/02/15 12:01:11 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f
[2012/02/15 12:01:05 | 000,353,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe
[2012/02/15 11:52:55 | 000,446,976 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]

---

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

• Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
  
  
  • (The content of Fix.txt should appear in the box)
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log produced (you'll need to transfer it with USB stick)
• Remove the CD and shut down computer manually.
• Attempt to reboot normally into Windows.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itlperf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Retrogamer_2zService deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ffed9d8-942f-4384-aa29-d3bd083a346a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffed9d8-942f-4384-aa29-d3bd083a346a}\ deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc1e426b-fa76-428f-b680-86ef1edb13c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc1e426b-fa76-428f-b680-86ef1edb13c1}\ deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{54ba686e-738f-42fe-badd-d8cb7cfbc07e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}\ deleted successfully.
File C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
File C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Retrogamer_2z Browser Plugin Loader deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UhUknMwmQEyg.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\R8388QA8U8 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\System Check folder moved successfully.
C:\WINDOWS\tasks\Jxaw.job moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4f moved successfully.
C:\Documents and Settings\All Users\Application Data\~o0zUqp8XXlef4fr moved successfully.
C:\Documents and Settings\Compaq_Owner\Desktop\System Check.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f moved successfully.
C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 02162012_195132

okay booted into windows normally and not much happening,,Red desktop ,no icons but superantispyware symbol is there,that and saying wireless network detected.click on start and nothing is there

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

combo fix wont run boots everytime got to restore point. Tryed in safe mode and ran rkill also then ran combofix and still boots. here is the rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/15/2012 at 12:08:14.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 02/15/2012 at 12:08:19.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/15/2012 at 12:49:26.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\UhUknMwmQEyg.exe
C:\Documents and Settings\All Users\Application Data\o0zUqp8XXlef4f.exe


Rkill completed on 02/15/2012 at 12:49:33.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/17/2012 at 5:23:45.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 02/17/2012 at 5:23:50.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

swMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 17:48:46
-----------------------------
17:48:46.812 OS Version: Windows 5.1.2600 Service Pack 3
17:48:46.812 Number of processors: 1 586 0xA00
17:48:46.812 ComputerName: SHOP UserName:
17:48:47.218 Initialize success
17:49:13.125 AVAST engine download error: 0
17:49:27.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
17:49:27.500 Disk 0 Vendor: WDC_WD600BB-22JHA0 05.01C05 Size: 57241MB BusType: 3
17:49:27.515 Disk 0 MBR read successfully
17:49:27.515 Disk 0 MBR scan
17:49:27.515 Disk 0 unknown MBR code
17:49:27.515 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4289 MB offset 63
17:49:27.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52949 MB offset 8784720
17:49:27.531 Disk 0 scanning sectors +117225360
17:49:27.593 Disk 0 scanning C:\WINDOWS\system32\drivers
17:49:34.593 Service scanning
17:49:35.734 Modules scanning
17:49:43.812 Disk 0 trace - called modules:
17:49:43.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
17:49:44.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8638aab8]
17:49:44.328 3 CLASSPNP.SYS[f77affd7] -> nt!IofCallDriver -> \Device\00000065[0x863663b8]
17:49:44.328 5 ACPI.sys[f7726620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8633c940]
17:49:44.328 Scan finished successfully
17:50:06.156 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
17:50:06.156 The log file has been saved successfully to "J:\aswMBR.txt"

btkr not coraperating

keeps saying press any key to continue

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

copy btr runbox does not work...dont have any programs not even notepad

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fd

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7C6F000 \WINDOWS\system32\KDCOM.DLL
0xF7B7F000 \WINDOWS\system32\BOOTVID.dll
0xF7720000 ACPI.sys
0xF7C71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF770F000 pci.sys
0xF776F000 isapnp.sys
0xF7D37000 pciide.sys
0xF79EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7C73000 viaide.sys
0xF777F000 MountMgr.sys
0xF76F0000 ftdisk.sys
0xF79F7000 PartMgr.sys
0xF79FF000 videX32.sys
0xF778F000 VolSnap.sys
0xF76D8000 atapi.sys
0xF76B5000 fasttx2k.sys
0xF769D000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF779F000 disk.sys
0xF77AF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF767D000 fltmgr.sys
0xF766B000 sr.sys
0xF77BF000 xfilt.sys
0xF7A07000 PxHelp20.sys
0xF7654000 KSecDD.sys
0xF75C7000 Ntfs.sys
0xF759A000 NDIS.sys
0xF7A0F000 viaagp1.sys
0xF77CF000 SISAGPX.sys
0xF77DF000 ohci1394.sys
0xF77EF000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7580000 Mup.sys
0xF784F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF797F000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF6C94000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xF6C80000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C44000 \SystemRoot\system32\DRIVERS\RT2500.sys
0xF6B28000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7C83000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7ABF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF798F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF799F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6B05000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6AA7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7ACF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF672D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6709000 \SystemRoot\system32\drivers\portcls.sys
0xF79BF000 \SystemRoot\system32\drivers\drmk.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7AD7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7C33000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF66F5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF781F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7ADF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AE7000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7E81000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF782F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7C37000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF783F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6D4F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AF7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF66CD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B07000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B0F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6D2F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C85000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF666F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7C47000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6D1F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6CFF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B1F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF5620000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7C91000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DCB000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C93000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B37000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7B3F000 \SystemRoot\System32\drivers\vga.sys
0xF7C95000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C97000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7B47000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7B4F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73AA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF55ED000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5594000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF556C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7BFB000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5522000 \SystemRoot\System32\drivers\afd.sys
0xF6CEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7BFF000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xF5500000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7B57000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF54D5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5465000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6CCF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF543F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6CBF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF785F000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF5353000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF666B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF787F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7B5F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6667000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF533B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C9D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6653000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B6F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E37000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBF35C000 \SystemRoot\System32\ATMFD.DLL
0xF0A2B000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xF0995000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF53CF000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xF0A27000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF0750000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0AB3000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0635000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF04ED000 \SystemRoot\system32\DRIVERS\srv.sys
0xF0710000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF0365000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEFE6C000 \SystemRoot\System32\Drivers\HTTP.sys
0xF01FD000 \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswMBR.sys
0xEFAAC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
668 C:\WINDOWS\system32\smss.exe
740 csrss.exe
764 C:\WINDOWS\system32\winlogon.exe
808 C:\WINDOWS\system32\services.exe
828 C:\WINDOWS\system32\lsass.exe
980 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1092 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1132 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1368 C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe
1476 svchost.exe
1716 C:\WINDOWS\system32\spoolsv.exe
476 svchost.exe
508 C:\Program Files\LSI SoftModem\agrsmsvc.exe
544 C:\WINDOWS\system32\svchost.exe
584 C:\Program Files\Java\jre6\bin\jqs.exe
636 C:\WINDOWS\system32\svchost.exe
720 C:\WINDOWS\explorer.exe
1004 C:\WINDOWS\system32\svchost.exe
1196 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1260 C:\WINDOWS\system\hpsysdrv.exe
1340 C:\hp\KBD\kbd.exe
1444 C:\WINDOWS\system32\VTTimer.exe
1500 wdfmgr.exe
1592 C:\WINDOWS\SOUNDMAN.EXE
1604 C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \WlanUI.exe
1624 C:\Program Files\Microsoft Security Client\msseces.exe
1772 C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
1864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1932 C:\Program Files\QuickTime\qttask.exe
2000 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2044 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
328 C:\WINDOWS\system32\ctfmon.exe
2308 C:\WINDOWS\system32\wscntfy.exe
2364 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2400 alg.exe
2596 C:\WINDOWS\system32\svchost.exe
3032 C:\WINDOWS\system32\wuauclt.exe
1928 J:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0c16a000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD600BB-22JHA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

so far everything seems pretty normal except no programs listed

Go on with TDSSKiller.

no threats found .u still need log

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

I am starting to think this is now clean but what ever hit this wiped out all programs..

running unhide now