Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i want my pc back [Solved]


  • This topic is locked This topic is locked

#1
jr chambers

jr chambers

    Member

  • Member
  • PipPipPip
  • 124 posts
i have a virus, nasty, it runs audio ads and will redirect my web browser. i had used spybot, no help, when i used malware bytes it had crashed my xp pro 64-when prompted for restart to remove issues( i have the hard drive partitioned with both xp pro64 and windows 7 pro) comes up with "windows could not start because of an error in the software load needed dlls for kernel" on the xp 64 pro, lucky i can still get on windows 7. before i do anything else (and crash the pc)I'd like direction, someone help me take my desktop back please.
Joel
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started! :)

Are you currently able to boot the into Safe Mode for the Windows XP Pro partition?

If so, please follow these instructions and run an OTL Scan and post the logs, if not, let me know and we will go from there.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
thank you Jasmyne, my pc only works in safe mode now. will i be able to run those in safe mode? if so how will i add the files? will i need to download them to zip drive and transfer to another pc to attach them? i have a laptop i can use.
Joel
  • 0

#4
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
To answer your questions:

thank you Jasmyne, my pc only works in safe mode now. will i be able to run those in safe mode?

Yes, you will be able to run the scan in safe mode.

if so how will i add the files? will i need to download them to zip drive and transfer to another pc to attach them? i have a laptop i can use.


You can download them to zip drive and transfer them, or if you're able to use safe mode with networking you can download them directly. Either way will work.

Jasmyne
  • 0

#5
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Attached File  OTL.Txt   141.28KB   25 downloadshear are the files you asked for...
[Are you currently able to boot the into Safe Mode for the Windows XP Pro partition?] i am not able to use the xp partition at all, it will prompt with a black screen saying i need to load the dll files...

OTL logfile created on: 7/12/2013 8:26:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\joel c\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 84.71% Memory free
6.50 Gb Paging File | 6.06 Gb Available in Paging File | 93.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 755.73 Gb Total Space | 414.77 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 300.96 Gb Free Space | 64.62% Space Free | Partition Type: NTFS
Drive E: | 175.78 Gb Total Space | 160.15 Gb Free Space | 91.11% Space Free | Partition Type: NTFS
Drive F: | 154.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.48 Gb Total Space | 4.35 Gb Free Space | 58.08% Space Free | Partition Type: NTFS

Computer Name: ASUS32BITMAINPC | User Name: joel c | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/12 20:15:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\joel c\Desktop\OTL.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/07/03 20:25:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 06:44:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/26 09:30:00 | 000,687,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/10 15:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/12/12 01:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Stopped] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/06 14:13:12 | 000,087,336 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/04/12 13:37:20 | 000,526,336 | ---- | M] (AVerMedia Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe -- (SnugTV Service)
SRV - [2010/03/23 22:11:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/09 18:55:02 | 000,169,984 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Auto | Stopped] -- C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe -- (AVerUpdateServer)
SRV - [2010/02/03 00:16:58 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/06 19:13:14 | 000,397,312 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009/10/30 12:48:42 | 000,348,160 | R--- | M] (AVerMedia) [Auto | Stopped] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/04/10 18:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/01/27 14:26:42 | 000,398,336 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (androidusb)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/08 13:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/07/28 14:25:58 | 000,088,240 | ---- | M] (Pico Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\picopp.sys -- (PICOPP)
DRV - [2011/04/04 15:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 15:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/18 07:22:52 | 000,015,360 | ---- | M] (Pico Technology) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adc200.sys -- (adc200)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/21 15:39:57 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/21 15:39:56 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/02/03 00:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/02/03 00:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/02/02 23:23:42 | 000,150,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/12/08 09:37:02 | 000,437,888 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2005/06/10 14:48:00 | 008,664,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snppro.sys -- (SNPPRO)
DRV - [2004/10/01 02:22:42 | 000,024,704 | ---- | M] (AIM Applicazioni Industriali Microprocessori s.r.l.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AIM_USBdrv10_01.sys -- (AIM_USBdriver)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF}: "URL" = http://www.basicserv...s={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF}: "URL" = http://www.basicserv...s={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.in.honda....asp/rraalog.asp
IE - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..\SearchScopes\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF}: "URL" = http://www.basicserv...s={searchTerms}
IE - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.verizon.n...ewsroom.portal"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.4.0.111
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.111
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\joel c\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\joel c\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013/07/06 20:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fast Free Converter\FastFreeConverter\[email protected] [2013/07/07 11:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 20:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 20:25:13 | 000,000,000 | ---D | M]

[2010/03/21 10:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joel c\AppData\Roaming\Mozilla\Extensions
[2013/07/05 15:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joel c\AppData\Roaming\Mozilla\Firefox\Profiles\j1wo7ccj.default\extensions
[2010/04/27 07:17:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\joel c\AppData\Roaming\Mozilla\Firefox\Profiles\j1wo7ccj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 15:25:24 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\joel c\AppData\Roaming\Mozilla\Firefox\Profiles\j1wo7ccj.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/05/16 07:39:06 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\joel c\AppData\Roaming\Mozilla\Firefox\Profiles\j1wo7ccj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013/07/05 15:11:28 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\joel c\AppData\Roaming\Mozilla\Firefox\Profiles\j1wo7ccj.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2010/03/22 20:37:18 | 000,001,819 | ---- | M] () -- C:\Users\joel c\AppData\Roaming\Mozilla\Firefox\Profiles\j1wo7ccj.default\searchplugins\bing.xml
[2013/07/03 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 20:25:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/07 11:37:29 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\PROGRAM FILES\FAST FREE CONVERTER\FASTFREECONVERTER\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\joel c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\joel c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\joel c\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\joel c\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: No name found = C:\Users\joel c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/07/11 18:32:46 | 000,450,068 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15450 more lines...
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 4.1) - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MOTOPRINTUPnPPrintService] C:\Program Files\Motorola\MOTOPRINT Host\PrintService.exe shell.icon File not found
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [snppro] C:\Windows\vsnppro.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [Grid] C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized File not found
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [P2kAutostart] File not found
O4 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: 164.109.25.72 ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: 207.130.86.35 ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: acura.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: acuraclientpurchaseexperience.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: acurainfo.programhq.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: acuraspinplay.programhq.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: ahmdealer.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: ahm-ownerlink.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: edcor.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: honda.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: honda.vo.llnwd.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondaadcmd.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondacars.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondainfo.programhq.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondamap.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondapqr.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondaprofessional.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondaspinplay.programhq.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: hondasso.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: jdpa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: jdpower.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: pcsc.acurasrs.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: prospectingacurasrs.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: travelhq.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1722759672-3242739790-961427303-1001\..Trusted Domains: xmradio.com ([]* in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.in.honda....tingActiveX.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda....AX/RraainAX.CAB (RRAAINAX_02.RRAAINAX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tstseminars....ng/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7B2A33D-DEDD-4148-BA5E-D98CA8E9A5AC}: NameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/06 09:42:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/16 23:31:56 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/20 09:55:02 | 000,000,706 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{94dea79f-4f36-11df-b8ca-00027209ea32}\Shell - "" = AutoRun
O33 - MountPoints2\{94dea79f-4f36-11df-b8ca-00027209ea32}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{edfabbf3-dbc3-11e0-b760-00027209ea32}\Shell - "" = AutoRun
O33 - MountPoints2\{edfabbf3-dbc3-11e0-b760-00027209ea32}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009/12/30 21:56:25 | 002,538,056 | ---- | M] (Hewlett-Packard )
O33 - MountPoints2\{f857ec2d-8699-11e2-85f1-00027209ea32}\Shell - "" = AutoRun
O33 - MountPoints2\{f857ec2d-8699-11e2-85f1-00027209ea32}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009/12/30 21:56:25 | 002,538,056 | ---- | M] (Hewlett-Packard )
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 20:24:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\joel c\Desktop\OTL.exe
[2013/07/11 23:36:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/07/11 20:09:20 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{4E68293B-8BC2-4CD4-8659-7C02606CEEB7}
[2013/07/10 07:34:29 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{87193DB9-A0F2-466F-A0A9-8F6651B20907}
[2013/07/09 19:34:04 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{2C7A1074-4DBC-4818-9A54-3C4542F15FAE}
[2013/07/08 20:43:43 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{8B222F98-0104-4D8D-9898-F901DA3CE3AC}
[2013/07/07 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{0F33085F-BFC3-4BC7-A479-5D1261C9E30E}
[2013/07/07 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for BasicServe
[2013/07/07 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BasicServe
[2013/07/07 11:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\BasicServe
[2013/07/07 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\DownloadTerms
[2013/07/07 11:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Helper
[2013/07/07 11:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Free Converter
[2013/07/07 11:37:21 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\SwvUpdater
[2013/07/07 09:23:02 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Roaming\vlc
[2013/07/07 09:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/07 09:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/07/07 08:51:45 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{9C17BC06-868C-45AE-B79C-DD9CC2D5A3BF}
[2013/07/05 23:07:24 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{545C2ADD-C106-4687-8BEE-71A3AD881AEB}
[2013/07/05 07:40:13 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{BF523AEF-9042-4150-94B8-CA9C4D810E5E}
[2013/07/04 11:20:50 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{ABF42E52-7234-4C2F-8FAF-A9018AA1EB2B}
[2013/07/03 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{4FC587C3-BC98-4362-AC3B-5207FE2316AD}
[2013/07/03 20:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/03 07:28:59 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{4FB30E89-17D2-4069-B06D-4CD94FB9E66A}
[2013/07/01 22:09:01 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{B32F4443-AD3E-4517-991D-A4D1D202D6FC}
[2013/07/01 07:27:02 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{790A747C-3CF4-48D1-8265-76996078916E}
[2013/06/30 10:02:38 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{DE05D14F-0084-4ED4-8BCA-9BE29B5A8884}
[2013/06/29 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{0E873F02-53EE-4097-9689-4008C0DB6A29}
[2013/06/28 07:21:31 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{3064E944-614C-462F-A1BF-DDC4D82C63F0}
[2013/06/27 07:07:55 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{7F11E3DE-CC4B-47C3-88D8-728C9E0A6B59}
[2013/06/26 18:22:35 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{5D24B308-E962-44D4-80BE-4E3A777E64D6}
[2013/06/25 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{C552CF2A-655D-4314-84DC-4671C5D9AF8E}
[2013/06/24 20:04:31 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{37C90FEB-28C0-4F91-9134-2D82D6C28F4B}
[2013/06/24 07:27:59 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{62020327-0A9F-4F4B-91C9-04590BA0703E}
[2013/06/23 12:42:08 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{14CA5D7A-2144-4B14-A87B-B8EFC0E3799A}
[2013/06/22 09:48:03 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{4CF9BFE6-40DC-40B5-8946-F7A65EBE2B2A}
[2013/06/21 21:01:31 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{85C12DAA-3E40-4FFC-9929-DE416619BA5D}
[2013/06/21 07:32:14 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{8DF9B272-56CA-4A27-97B0-6F10AB74BA6E}
[2013/06/20 19:31:50 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{C878594F-1566-461A-BC84-1DE815699CA8}
[2013/06/20 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{71C4C177-3D06-4E92-A0C9-B2E7A894750D}
[2013/06/19 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{40937C3F-68BF-48A0-A296-6CED412DC070}
[2013/06/18 07:31:49 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{969C6BF1-606E-4FDC-9475-FA42D107BF92}
[2013/06/17 07:26:15 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{FCF88FF1-907B-4D5D-84D6-48130C6A3A85}
[2013/06/16 17:57:43 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{EE62EAB9-9FE0-4289-9CA7-99EE5699D913}
[2013/06/14 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{DDFB4A44-FD87-41E4-B365-FCD3B1CCF28A}
[2013/06/13 20:27:11 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{F5A9BCA9-E193-4463-A1A9-C8A94C84F7F0}
[2013/06/13 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\joel c\AppData\Local\{ECFB2311-2972-4327-8962-5F195CFFD9F3}

========== Files - Modified Within 30 Days ==========

[2013/07/12 20:24:54 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/12 20:24:54 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/12 20:15:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\joel c\Desktop\OTL.exe
[2013/07/12 07:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/12 07:21:21 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/12 07:06:28 | 000,000,342 | -H-- | M] () -- C:\dvmexp.idx
[2013/07/12 01:15:43 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1722759672-3242739790-961427303-1001UA.job
[2013/07/12 01:15:41 | 000,002,376 | ---- | M] () -- C:\Users\joel c\Desktop\Google Chrome.lnk
[2013/07/12 01:11:21 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/12 01:11:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/12 01:09:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/12 00:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/12 00:01:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 00:01:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 23:50:43 | 268,841,321 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/11 23:43:55 | 000,003,232 | ---- | M] () -- C:\bootsqm.dat
[2013/07/11 20:12:27 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1722759672-3242739790-961427303-1001Core.job
[2013/07/11 20:06:41 | 000,001,078 | ---- | M] () -- C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/07/11 18:32:46 | 000,450,068 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/07 09:22:50 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/06 20:54:19 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/07/05 14:25:07 | 000,010,240 | ---- | M] () -- C:\Users\joel c\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/04 11:27:02 | 000,001,990 | ---- | M] () -- C:\Users\joel c\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/21 18:31:48 | 000,083,726 | ---- | M] () -- C:\Users\joel c\Desktop\car bill of sale form.pdf

========== Files Created - No Company Name ==========

[2013/07/11 23:43:55 | 000,003,232 | ---- | C] () -- C:\bootsqm.dat
[2013/07/07 11:37:22 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/07 09:22:50 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/21 18:31:47 | 000,083,726 | ---- | C] () -- C:\Users\joel c\Desktop\car bill of sale form.pdf
[2013/06/19 17:44:54 | 000,001,078 | ---- | C] () -- C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/05/18 10:23:31 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/05/09 19:14:14 | 000,000,388 | ---- | C] () -- C:\Windows\AIM_RACE_STUDIO.INI
[2013/04/18 18:32:16 | 000,000,296 | ---- | C] () -- C:\Users\joel c\.JavaPowUpload.properties
[2013/03/08 22:03:17 | 000,003,120 | ---- | C] () -- C:\Windows\winy2.ini
[2013/03/08 22:02:41 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2013/03/08 22:02:41 | 000,010,496 | ---- | C] () -- C:\Windows\System32\Machnm64.sys
[2013/03/08 22:02:41 | 000,007,168 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2012/11/18 18:10:02 | 000,000,045 | ---- | C] () -- C:\Windows\WF-2540.ini
[2012/08/24 13:40:05 | 000,001,479 | ---- | C] () -- C:\Windows\station.ini
[2012/08/24 13:39:28 | 000,001,356 | ---- | C] () -- C:\Windows\resumes.ini
[2012/08/24 13:38:42 | 000,000,034 | ---- | C] () -- C:\Windows\brochure.ini
[2012/08/24 13:37:58 | 000,001,458 | ---- | C] () -- C:\Windows\newslet.ini
[2012/08/24 13:36:02 | 000,001,510 | ---- | C] () -- C:\Windows\greeting.ini
[2012/06/03 19:06:03 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/06/03 19:06:03 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2012/04/05 20:36:05 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/28 21:07:10 | 000,015,872 | ---- | C] () -- C:\Users\joel c\mortagage envelope.wps
[2012/03/21 21:46:41 | 000,003,850 | ---- | C] () -- C:\Windows\scad3.INI
[2012/02/02 14:55:02 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/17 20:04:48 | 000,010,240 | ---- | C] () -- C:\Users\joel c\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 22:19:01 | 000,000,662 | ---- | C] () -- C:\Users\joel c\AppData\Local\MOTOPRINTUPnPService
[2011/09/05 16:33:54 | 000,103,720 | ---- | C] () -- C:\Users\joel c\GoToAssistDownloadHelper.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 08:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 08:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 08:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010/11/20 08:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 08:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 08:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 08:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 08:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 08:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 08:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 08:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 08:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 08:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 08:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES._ >
[2002/08/29 08:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\build disc iso\xpprosurce\I386\SERVICES._
[2006/03/29 08:00:00 | 000,003,341 | ---- | M] () MD5=EC2E6BC3AAC81579D1E95DD132E97672 -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\build disc iso\xpsource 64bit\AMD64\SERVICES._

< MD5 for: SERVICES.CFG >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2009\Components\Services\services.css

< MD5 for: SERVICES.EX_ >
[2009/02/06 07:06:24 | 000,049,921 | ---- | M] () MD5=0FD040A160F1065590DA5BBB50AEB870 -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\build disc iso\xpprosurce\I386\SERVICES.EX_
[2007/02/17 01:54:26 | 000,088,769 | ---- | M] () MD5=61CC48CB962FB967578ADE3417F0C81C -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\Plugins\64_64_SP2.EXE\amd64\services.ex_
[2009/07/14 11:57:06 | 000,090,161 | ---- | M] () MD5=DE6915C3876407776EC113DC4BE7CAD8 -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\build disc iso\xpsource 64bit\AMD64\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.HEARSTMAGS[1].XML >
[2012/10/14 14:58:49 | 000,000,213 | ---- | M] () MD5=0A5E7BC82C5D665484A4595446060807 -- C:\Users\Becky\AppData\Local\Microsoft\Internet Explorer\DOMStore\HRSMERWI\services.hearstmags[1].xml

< MD5 for: SERVICES.LNK >
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MS_ >
[2006/03/29 08:00:00 | 000,003,649 | ---- | M] () MD5=4E458D3CBCE7C17B339B5DCA4C63EA67 -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\build disc iso\xpsource 64bit\AMD64\SERVICES.MS_
[2002/08/29 08:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\Users\joel c\Documents\FireFox downloads\unattended build software\build disc iso\xpprosurce\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 52D0-0376
Directory of C:\
07/14/2009 12:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Becky
03/20/2010 01:50 PM <JUNCTION> Application Data [C:\Users\Becky\AppData\Roaming]
03/20/2010 01:50 PM <JUNCTION> Cookies [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Cookies]
03/20/2010 01:50 PM <JUNCTION> Local Settings [C:\Users\Becky\AppData\Local]
03/20/2010 01:50 PM <JUNCTION> My Documents [C:\Users\Becky\Documents]
03/20/2010 01:50 PM <JUNCTION> NetHood [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/20/2010 01:50 PM <JUNCTION> PrintHood [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/20/2010 01:50 PM <JUNCTION> Recent [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Recent]
03/20/2010 01:50 PM <JUNCTION> SendTo [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\SendTo]
03/20/2010 01:50 PM <JUNCTION> Start Menu [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu]
03/20/2010 01:50 PM <JUNCTION> Templates [C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Becky\AppData\Local
03/20/2010 01:50 PM <JUNCTION> Application Data [C:\Users\Becky\AppData\Local]
03/20/2010 01:50 PM <JUNCTION> History [C:\Users\Becky\AppData\Local\Microsoft\Windows\History]
03/20/2010 01:50 PM <JUNCTION> Temporary Internet Files [C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Becky\Documents
03/20/2010 01:50 PM <JUNCTION> My Music [C:\Users\Becky\Music]
03/20/2010 01:50 PM <JUNCTION> My Pictures [C:\Users\Becky\Pictures]
03/20/2010 01:50 PM <JUNCTION> My Videos [C:\Users\Becky\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:53 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\joel c
03/20/2010 09:48 AM <JUNCTION> Application Data [C:\Users\joel c\AppData\Roaming]
03/20/2010 09:48 AM <JUNCTION> Cookies [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Cookies]
03/20/2010 09:48 AM <JUNCTION> Local Settings [C:\Users\joel c\AppData\Local]
03/20/2010 09:48 AM <JUNCTION> My Documents [C:\Users\joel c\Documents]
03/20/2010 09:48 AM <JUNCTION> NetHood [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/20/2010 09:48 AM <JUNCTION> PrintHood [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/20/2010 09:48 AM <JUNCTION> Recent [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Recent]
03/20/2010 09:48 AM <JUNCTION> SendTo [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\SendTo]
03/20/2010 09:48 AM <JUNCTION> Start Menu [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Start Menu]
03/20/2010 09:48 AM <JUNCTION> Templates [C:\Users\joel c\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\joel c\AppData\Local
03/20/2010 09:48 AM <JUNCTION> Application Data [C:\Users\joel c\AppData\Local]
03/20/2010 09:48 AM <JUNCTION> History [C:\Users\joel c\AppData\Local\Microsoft\Windows\History]
03/20/2010 09:48 AM <JUNCTION> Temporary Internet Files [C:\Users\joel c\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\joel c\Documents
03/20/2010 09:48 AM <JUNCTION> My Music [C:\Users\joel c\Music]
03/20/2010 09:48 AM <JUNCTION> My Pictures [C:\Users\joel c\Pictures]
03/20/2010 09:48 AM <JUNCTION> My Videos [C:\Users\joel c\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 445,344,415,744 bytes free

< End of report >

Attached Files


Edited by RKinner, 14 July 2013 - 09:51 AM.

  • 0

#6
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I've got another scan I'd like your to run. :)

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#7
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
thank you, here is the report..Attached File  MBRCheck_07.13.13_12.12.26.txt   6.92KB   63 downloads
  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Some more scans, one to get another look at the MBR and another to try to get some scans from the XP partition.

Step 1 - Run TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2 - FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC. You need to follow these instructions for the XP installation.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. TDSSKiller Log
2. FRST log
  • 0

#9
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
the pc was in safe mode, loaded the TDSSKiller to the desktop, completed run and change parameters(loaded modules), then rebooted, after reboot started the scan, then blue screen and it restarted, tried to complete the same steps in safe mode,but, on restart the software doesn't load, so how do i complete the test with the TDSSkiller?? I stopped-did not complete step 2- because we are stuck at step 1.
one more thing to add, when i first had downloaded and run malware bytes it did show i had a virus named heuristic(just thought this could help,maybe not)
Joel

Edited by jr chambers, 13 July 2013 - 04:07 PM.

  • 0

#10
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Go ahead and skip TDSSKiller and move on to FRST. There are other scans than can be used to check the MBR, I just need to discuss with my instructor which would be best to use next.
  • 0

Advertisements


#11
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
now to make it clear, i have lost my xp pro64 partition-it will not start [stated missing dll kernels]. windows 7 starts but only operational in safe mode. you want me to use the FRST on both windows 7 and xp pro64?
Joel
  • 0

#12
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
We need to trouble shoot one at a time, so to begin with, start with the XP Pro partition.
  • 0

#13
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
after the bios runs i get a 28 second prompt to choose which operating system to use, xp or windows7, after choosing windows xp then pressing f8 key ,the advanced option menu comes up , i have these options only: safe mode, safe mode with networking, safe mode with command prompt, enable boot logging, enable vga mode, last known good configuration, directory services restore mode, debugging mode, disable automatic restart on system failure, start windows normally, reboot, return to OS choices menu lastly "use the up and down arrow key to move the highlight to your choice. so how do i enter the system recovery option??? do i run the usb drive first-make it first boot????
give me some time, going to find the set-up disc and try that route(need to read fully what you posted)....i tried to use the xp installation disc and get to the repair option, prompted to choose 1:D:\WINDOWS 2:\C:\WINDOWS 3:\E:\Windows just as i typed it(why is the 3rd option not in caps?). press any of the number options and i get prompted for password, neither version of windows has a password, tried the default of admin and no luck..these partition are on separate hard drives also, so win7 is on a 1tb drive and the xp pro64 is on a 500gig drive..ok what now :help:

Edited by jr chambers, 13 July 2013 - 09:34 PM.

  • 0

#14
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Since that approach isn't working, let's try another.

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

Posted Image

Download the following files to the desktop .. Right click the links and select save as...then select desktop

IsoToUsb

OTLPE_standard

Right click OTLPE on your desktop and select Peazip ..Open as archive

Posted Image


Select OTLPE standard

Posted Image

Click Extract, ensure that desktop is selected

Posted Image

Insert the USB stick Then run ISO to USB

Posted Image

Select the ISO file on the desktop, tick bootable. Press Burn.

  • Reboot your system using the boot USB you just created.
  • As the USB needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from a USB it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to: select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it.
  • You can backup any files that you wish from this OS.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#15
jr chambers

jr chambers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
this[ Drag and drop this attached scan.txt into the Custom scans and fixes box] is not something i can move(it's not a link) tried to use my mouse to move it to my usb drive but it's not a link,
Joel
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP