Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible.Startup.Values.Need.HelpON.SPYBOT.Some Highlighted, Said thin

Started by GirlNeedsHelpWithSpyBotLog , Nov 30 2012 02:55 AM

  • This topic is locked This topic is locked

#1
GirlNeedsHelpWithSpyBotLog
Posted 30 November 2012 - 02:55 AM

GirlNeedsHelpWithSpyBotLog

    New Member

  • Member
  • Pip
  • 5 posts
Hello-
Thank you ahead of time!!! I appreciate the time spent, to help people who need your help :) You do a very noble thing.

SYSTEM: Microsoft Windows XP
Home Edidtion
Version 2002
Service Pack 3
Registered to:
____
_ _ _ _ _-_ _ _-_ _ _ _ _ _ _-_ _ _ _ _ <--- Didn't know if needed to put this info

Computer:
AMD Athlon™ 64 Processor
3200+
797 MHz, 512 MB of RAM
Physical Address Extension



This computer used to belong to a friend of mine, who let her brother use it for awhile, howEver it was returned not working properly, and she asked me to see what I could do for it. I said I'd take a look,at and she said she Just Wants it to be able to go ONLINE-- safely... And KNOW that the computer IS clean. After having these STARTUP issue's, in Spybot.. I plan to Uninstall It, and then Install Microsoft Security Essentials.

Today was the first day I was able to hook it up to my internet. Also The First Time to be able run SpyBot... it woudn't run at all, until it was able to download updates from the internet. When the internet finally LET ME ON (I found a problem with IE8, and don't know how to fix it. I tinkered, but nothing helped. It is running, but has large light brown(?) bar that tells me "INTERNET EXPLORER IS CURRENTLY RUNNING WITH ADD-ONS DISABLED. Click here to manage, disable, or remove your add-ons." -- I disabled, and then UNinstalled "Toolbar.exe",or InboxToolbar. GONE from Manage Add-on's.) It's a problem, but not the first on the list!



Here is my real problem:
When I installed SpyBot, I was shown a page, with possibly 10 items highlighted in green, and most in yellow. It was showing me STARTUP entries. I didn't know exactly what to do with them, so I thought I'd SCAN the computer first, and maybe compare the two. These items, that say they start on startup, have confusing and conflicting INFORMATION listed for them. I need to know if they are innocent, needed, malicious, or can just be easily deleted.

Also, just because on the second SCAN, it showed that 0 problems were found, I somehow feel that I am missing something. 'Especially the "0" Values saying "if the number really isn't 0, then the CHECKSUM! may be incorrect.' (EXAMPLE BELOW) I have no idea what that means, or how it ties into the WHOLE problem.


I ran SpyBot, it scanned for 56 minutes, and showed 1 thing that I could DELETE with their FIX SELECTED button. I decided to look on the internet (on my phone)and typed in the main point, which was _LOCAL_MACHINE_LOCKDOWN. After reading, I went in and changed the value to "1", from "0".
I ran the check again, and was shown there was NO threats, after scan finished.
However, while I was SKIMMING the Report, I saw there was Quite A BIT of - HERE is just ONE Example:

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!


So, this makes me wonder if these have a connection between themselves, AND the STARTUP items on the STARTUP Report, Clearly Saying it had found something abnormal.





I'll Attach ANY or ALL of the SpyBot Reports-- 2 Scan For Issues, 1 Startup.
Whichever you might want.
I don't know if you'd rather I added ALL of the ones I have, or wait for your opinion.

It is late where I am, and I'm tired. I think I'll post this without any files for the time being, but if it's POSSIBLE to tell me, within about 5 minutes from the time this is submitted to you-- if you'd need them all, or only one-- I will TRY my Sleepiest Best!
If I do not see an answer regarding Which REPORTS you would like, I'll check in the morning.

Thank you SOOOO much!!!
GirlNeedsHelpWithSpyBotLog
  • 0

Advertisements

#2
Essexboy
Posted 30 November 2012 - 08:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, spybot wil not give the full picture, so I will need to look a tad deeper. Could you let me know what the problems are that you are experiencing

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
GirlNeedsHelpWithSpyBotLog
Posted 30 November 2012 - 03:25 PM

GirlNeedsHelpWithSpyBotLog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi, Thanks so much for helping!!!

Ok- As far as what IS Wrong with this computer... IE8 isn't acting normal, and when I looked (maybe a week ago) it only had 3 restore points, when I chose to restore it to the furthest back, it would only load to the blue WELCOME screen, but there was NO user icons to click on to get it to go any further than that. Through some trial and error, I was able to get it UN-restored, back to the way it was that day.

It might be easier to say what I'd like the computer to be doing (rather than what I want it NOT to be doing.)
I WANT the computer to be "new" again. It came to me, already messed around with, and friend wanted it restored. There were no personal files, or photos. I intended on just re-installing the operating system. But, this computer has XP installed, and no Setup disk for it, it came installed onto it already. I just saw that it has a Bunch of "user" accounts, as well as a Bunch of "automatic" wireless connections, and just seems too "messy".... all I'd like is a CLEAN, and FULLY Working computer, with ONE browser that works correctly.

Ok- As far as my experience today with OTL: I saved to desktop, and it scanned fine, saved 2 files. I saw though, that I had accidentally overlooked that for the "EXTRA REGISTRY" option, it had scanned with "USE SAFELIST" instead of "NONE". -- I changed the option to "NONE", and tried to run it again, Task Manager was running at 100%, and it looked like it was NOT scanning, I tried to close it, and then tried to END TASK from Task Manager. All of a sudden, ONE file appeared, OTL.Txt. I thought I should just start all over... I put the files in recycle, went to C:Documents/"Garth"/Desktop, and right-click Deleted OTL. I went back to your post, and re-saved it to the desktop. I opened it, pasted the script in, checked that I had the options set correctly, and tried to scan it again. The computer ran at 100% again, and again, seemingly from nowhere, popped out a file, OTL.txt. There is not a second file. (This is the reason behind why it says RUN 3 on it, and why I am only uploading 1 of the 2 files you needed.)

P.S. I don't know if it matters, but there isn't an option to "INCLUDE 64-bit scans", but this (I believe) is a 32-bit computer anyway.

Please advise me on how to proceed.
Thanks!
-GirlNeedsHelp




OTL.Txt

OTL logfile created on: 11/30/2012 12:46:05 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\garth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 256.53 Mb Available Physical Memory | 50.20% Memory free
1.22 Gb Paging File | 0.96 Gb Available in Paging File | 79.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 144.22 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.53 Gb Free Space | 81.04% Space Free | Partition Type: FAT32

Computer Name: MINE | User Name: garth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/30 12:42:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\garth\Desktop\OTL.exe
PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/05/04 10:35:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/14 00:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2005/05/11 18:47:56 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/03/19 13:40:54 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/29 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-602162358-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-746137067-602162358-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-746137067-602162358-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 45 61 DE B1 CE CD 01 [binary data]
IE - HKU\S-1-5-21-746137067-602162358-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-746137067-602162358-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-746137067-602162358-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/11/28 08:53:16 | 000,249,881 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-602162358-725345543-1005\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-746137067-602162358-725345543-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-602162358-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0785C3C0-E6D7-425A-BC31-1AA98E184574}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/24 19:23:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 12:42:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\garth\Desktop\OTL.exe
[2012/11/30 11:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/11/30 11:56:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/11/29 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/11/29 20:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/11/29 19:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Application Data\Macromedia
[2012/11/29 19:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Application Data\Adobe
[2012/11/29 19:00:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\garth\IECompatCache
[2012/11/29 15:29:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/11/28 08:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/28 08:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/11/28 08:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/11/28 03:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/11/28 03:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Local Settings\Application Data\Google
[2012/11/28 03:57:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\garth\My Documents\My Videos
[2012/11/28 03:57:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\garth\My Documents\My Pictures
[2012/11/28 03:57:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\garth\Start Menu\Programs\Administrative Tools
[2012/11/24 12:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Application Data\SUPERAntiSpyware.com
[2012/11/24 12:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/11/24 12:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/11/24 12:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/24 12:41:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\garth\Recent
[2012/11/24 12:41:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\garth\NetHood
[2012/11/24 12:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/24 12:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/11/24 12:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Application Data\Malwarebytes
[2012/11/24 12:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/24 12:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/24 12:21:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/24 12:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/23 21:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Application Data\Identities
[2012/11/23 21:12:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\garth\SendTo
[2012/11/23 21:12:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\garth\Start Menu\Programs\Startup
[2012/11/23 21:12:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\garth\Start Menu\Programs\Accessories
[2012/11/23 21:12:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\garth\PrintHood
[2012/11/23 21:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\garth\Desktop
[2012/11/23 21:12:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\garth\Start Menu
[2012/11/23 21:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/11/21 17:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/11/19 20:00:31 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012/11/19 20:00:26 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/30 12:45:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3EDB48E-51C1-4839-9E52-92473ABAF578}.job
[2012/11/30 12:42:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\garth\Desktop\OTL.exe
[2012/11/30 12:35:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/30 12:07:06 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/11/30 12:03:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 11:56:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/29 21:47:26 | 000,311,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/29 21:47:26 | 000,040,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/29 21:10:16 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\garth\Desktop\SpyBotListedThreatLocation.UserDecisionToChangeValueFrom0to1SaveSpot2.SavedToDesktop.DIDnotHaveSpyBotFIXissue.reg
[2012/11/29 20:42:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/29 17:07:28 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/11/29 17:07:20 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 17:07:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/29 14:34:12 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/11/28 08:53:16 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/24 12:53:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/24 12:46:38 | 000,028,136 | ---- | M] () -- C:\Documents and Settings\garth\My Documents\Backup of Registry before CCleaner fix issues.reg
[2012/11/24 12:39:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/24 12:22:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 21:13:58 | 000,092,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/23 17:26:55 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\garth\Local Settings\Application Data\FASTWiz.html
[2012/11/21 18:44:07 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\garth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/21 18:42:53 | 000,000,432 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/30 12:07:06 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/11/29 21:10:16 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\garth\Desktop\SpyBotListedThreatLocation.UserDecisionToChangeValueFrom0to1SaveSpot2.SavedToDesktop.DIDnotHaveSpyBotFIXissue.reg
[2012/11/29 19:56:04 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/11/28 03:58:35 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/28 03:58:35 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/24 12:53:46 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/24 12:44:15 | 000,028,136 | ---- | C] () -- C:\Documents and Settings\garth\My Documents\Backup of Registry before CCleaner fix issues.reg
[2012/11/24 12:39:43 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/24 12:22:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 16:55:05 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\garth\Local Settings\Application Data\FASTWiz.html
[2012/11/21 18:41:47 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\garth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 00:09:06 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/30 03:53:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/26 15:34:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2012/03/24 19:26:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/24 19:20:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/24 11:12:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/24 11:10:42 | 000,092,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 05:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 05:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 05:42:08 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 05:42:10 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 04:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2002/08/29 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe
[2009/02/06 09:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009/02/06 02:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2002/08/29 04:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2012/11/23 20:43:56 | 000,001,602 | ---- | M] () MD5=71BADA051DEF077D8A09D39BC5F1411B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2002/08/29 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2002/08/29 04:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2002/08/29 04:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2002/08/29 04:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2002/08/29 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2002/08/29 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >
  • 0

#4
Essexboy
Posted 30 November 2012 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the make and model of the computer as it may have a restore partition, if so that could be used to restore it to factory (i.e. new) settings
  • 0

#5
GirlNeedsHelpWithSpyBotLog
Posted 30 November 2012 - 03:51 PM

GirlNeedsHelpWithSpyBotLog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It's a laptop.

hp pavillion zv5000
AMD Athlon TM 64 processor
3200+
797 MHz, 512 MB of RAM


Is this the information that tells you the make and model, or did you need serial number type information that is on the bottom of the computer?

Thanks!
-GirlNeedsHelp
  • 0

#6
Essexboy
Posted 30 November 2012 - 04:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is how to restore that computer to factory settings.. The hard drive will be wiped and all data lost

Connect PC to the AC power adapter.
Close all programs.
Click Start , click All Programs , select System Recovery and click PC Recovery .
NOTE:You may also access HP Recovery Manager at any time by restarting the computer and pressing F11 repeatedly before the Windows load screen appears.
When the recovery options are presented, select the option to perform a PC Recovery and click Next .
The PC will restart and display a Welcome to PC Recovery message. Click OK to continue.
On the System Recovery panel, click Advanced Options to select the desired type of action.
WARNING:If Advanced Options is selected, the system will perform a complete reformat and will destroy all user data.
On Advanced Options, select the Windows System Restore option and click Next to begin the process.
Follow any additional instructions.
Restart the PC when prompted.
  • 0

#7
GirlNeedsHelpWithSpyBotLog
Posted 30 November 2012 - 04:14 PM

GirlNeedsHelpWithSpyBotLog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok- Originally, I was going to try that... but I was worried that Without the Windows XP Setup disk, it was going to leave the computer "new", but with no operating system, and I would have no way to put it back on. So, that WILL NOT happen, correct?

Other questions/concerns:

Will ALL of the settings to get onto the internet/"network settings" be GONE? (I don't want to bring computer back to friend, and not be able to get it online at her house)

How will I get onto the internet from that "brand new" state?

What about a backup? -- There really isn't anything much to backup... except the internet link/connection settings... But, am I going to need to DO some kind of backup?

THANKS!!!
-GirlNeedsHelp
  • 0

#8
Essexboy
Posted 30 November 2012 - 04:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This procedure will return the computer back to the same state as when it was first unpacked. It will need a lot of updates as it will probably be at SP2

So when you return it the internet will need to set up on her router as a first use. Additionally Email etc will need to be reset
  • 0

#9
GirlNeedsHelpWithSpyBotLog
Posted 30 November 2012 - 04:40 PM

GirlNeedsHelpWithSpyBotLog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Alright-
Thank you :)


I will follow those instructions.
If any additional questions, I'll use my desktop to find you again.

I sincerely appreciate your time.
-Girl
  • 0

#10
Essexboy
Posted 30 November 2012 - 05:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Feel free to ask I am here to serve :rofl:
  • 0

#11
Essexboy
Posted 03 December 2012 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP