Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

svchost.exe using all memory - XP SP3 [Solved]

Started by edge1334 , May 15 2012 06:45 PM

  • This topic is locked This topic is locked

#1
edge1334
Posted 15 May 2012 - 06:45 PM

edge1334

    Member

  • Member
  • PipPip
  • 30 posts
I have run Malwarebytes Anti-Malware and another anti-virus scan. If I let it run the pc errors out with not enought memory. I let the Malware scan run again and would end the svchost.exe process whenever it got up to 1/2 GB. I have run a tasklist /svc command to find that this svchost is always running:EventSystem, Nla, RasMan, SENS, TapiSrv, winmgmt, and BITS. I have looked at many svchost memory fixes online, but nothing looked relative to my issue.

Thanks in advance for your help,
Dan
  • 0

Advertisements

#2
Essexboy
Posted 16 May 2012 - 01:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will need a look at your system

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
edge1334
Posted 16 May 2012 - 07:22 PM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
See logs posted below. Thanks

OTL.txt no Extras.txt was created

OTL logfile created on: 5/16/2012 9:01:46 PM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Rita & Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 78.06% Memory free
4.81 Gb Paging File | 4.37 Gb Available in Paging File | 90.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 131.49 Gb Free Space | 56.48% Space Free | Partition Type: NTFS

Computer Name: RITA_DAN | User Name: Rita & Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 21:00:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rita & Dan\Desktop\OTL.exe
PRC - [2012/04/11 10:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/02/21 07:48:21 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/23 01:48:40 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/10/08 11:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 12:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/06/04 07:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/04/27 17:31:19 | 000,128,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2010/04/27 17:31:19 | 000,032,496 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 19:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 18:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
PRC - [2003/09/01 07:42:50 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 12:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 19:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2000/03/24 15:43:58 | 000,167,936 | ---- | M] (Sierra Online, Inc.) -- C:\SIERRA\CardStudio\PLNRnote.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2010/07/13 00:06:08 | 000,729,088 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2010/07/13 00:06:06 | 000,505,835 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2010/07/13 00:06:06 | 000,344,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2010/07/13 00:06:04 | 000,712,704 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2010/07/13 00:06:04 | 000,327,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2010/07/13 00:06:04 | 000,163,840 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2010/07/11 22:47:18 | 004,530,190 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2010/07/11 22:47:18 | 000,791,566 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2010/07/11 22:47:18 | 000,309,755 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2010/07/11 22:47:18 | 000,199,182 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2010/07/11 22:47:18 | 000,079,886 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/23 17:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2006/09/16 01:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\RITA&D~1\LOCALS~1\Temp\hpdj.exe -- (hpdj)
SRV - [2012/04/11 10:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/02/21 07:48:21 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/23 01:48:40 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/10/08 11:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/04 07:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/04/27 17:31:19 | 000,128,240 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2010/04/27 17:31:19 | 000,032,496 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/10/08 11:14:59 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/10/08 11:14:59 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/03/31 12:32:28 | 000,052,984 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scfint.sys -- (scfint)
DRV - [2010/03/31 12:32:25 | 000,086,264 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/08/18 19:03:12 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 18:21:20 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 18:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/23 04:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2007/12/03 13:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/20 03:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 03:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\SearchScopes,DefaultScope = {95C1204B-504D-41B8-AF08-A7E70A01DAF8}
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\SearchScopes\{95C1204B-504D-41B8-AF08-A7E70A01DAF8}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/10/21 04:54:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\RITA&D~1\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon File not found
O4 - HKU\.DEFAULT..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
O4 - HKU\S-1-5-18..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
O4 - HKU\S-1-5-19..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
O4 - HKU\S-1-5-20..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
O4 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
O4 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://espn.go.com/f...eID=63&swlist=" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe (Sierra Online, Inc.)
O4 - Startup: C:\Documents and Settings\Rita & Dan\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O15 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234833500093 (MUWebControl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://rja-secureac...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.112.12 68.238.96.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C67A75-DF14-4602-ABD2-D7C85F32264D}: DhcpNameServer = 68.238.112.12 68.238.96.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 21:00:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rita & Dan\Desktop\OTL.exe
[2012/05/13 14:36:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rita & Dan\Recent
[2012/05/13 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Cannot Find Fix Wizard
[2012/05/13 13:38:38 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2012/05/13 13:38:38 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2012/05/13 13:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Cannot Find Fix Wizard
[2012/05/13 13:38:27 | 001,913,856 | ---- | C] (Security Stronghold ) -- C:\Documents and Settings\Rita & Dan\My Documents\WindowsCannotFindFixWizard.exe
[2012/05/01 17:30:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/05/01 17:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/30 21:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/21 20:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2012/04/17 21:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 21:07:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/16 21:04:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 21:00:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rita & Dan\Desktop\OTL.exe
[2012/05/16 21:00:00 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Daily Full Scan.job
[2012/05/16 20:53:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/16 20:53:35 | 000,000,142 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/05/16 20:51:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 20:50:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/16 20:50:50 | 3184,508,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 22:09:33 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 13:38:39 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Rita & Dan\Desktop\Windows Cannot Find Fix Wizard.lnk
[2012/05/13 13:38:22 | 001,913,856 | ---- | M] (Security Stronghold ) -- C:\Documents and Settings\Rita & Dan\My Documents\WindowsCannotFindFixWizard.exe
[2012/05/13 13:34:50 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/05/12 20:47:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/30 23:32:39 | 000,019,237 | ---- | M] () -- C:\Documents and Settings\Rita & Dan\Desktop\memory_error.jpg
[2012/04/30 22:28:30 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/29 22:16:08 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/26 06:08:57 | 000,458,490 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/26 06:08:57 | 000,078,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/13 13:38:39 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Rita & Dan\Desktop\Windows Cannot Find Fix Wizard.lnk
[2012/05/13 13:34:45 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\Rita & Dan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/13 13:34:45 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
[2012/05/13 13:34:44 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Rita & Dan\Start Menu\Programs\Startup\Warner Bros.lnk
[2012/05/13 13:30:32 | 3184,508,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/30 23:32:38 | 000,019,237 | ---- | C] () -- C:\Documents and Settings\Rita & Dan\Desktop\memory_error.jpg
[2012/04/16 06:48:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 02:58:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/02 16:52:51 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/01/30 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/01/07 15:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2011/03/02 11:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/03/02 11:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2009/01/16 15:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/07/24 20:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/01 17:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/07/24 12:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita & Dan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/09 07:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita & Dan\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/04/01 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita & Dan\Application Data\HandBrake
[2009/09/08 21:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita & Dan\Application Data\ieSpell
[2011/09/16 06:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita & Dan\Application Data\Juniper Networks
[2012/03/08 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita & Dan\Application Data\Wise Registry Cleaner
[2012/05/16 21:00:00 | 000,000,538 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Full Scan.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

< End of report >


aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 21:17:34
-----------------------------
21:17:34.137 OS Version: Windows 5.1.2600 Service Pack 3
21:17:34.137 Number of processors: 2 586 0x1706
21:17:34.137 ComputerName: RITA_DAN UserName:
21:17:49.181 Initialize success
21:18:12.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:18:12.052 Disk 0 Vendor: ST325031 4.AD Size: 238418MB BusType: 3
21:18:12.068 Disk 0 MBR read successfully
21:18:12.068 Disk 0 MBR scan
21:18:12.068 Disk 0 TDL4@MBR code has been found
21:18:12.068 Disk 0 MBR hidden
21:18:12.068 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:18:12.099 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238377 MB offset 81920
21:18:12.099 Disk 0 MBR [TDL4] **ROOTKIT**
21:18:12.099 Disk 0 trace - called modules:
21:18:12.099 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8980149f]<<
21:18:12.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa66478]
21:18:12.099 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89c72f18]
21:18:12.099 \Driver\iaStor[0x89826d30] -> IRP_MJ_CREATE -> 0x8980149f
21:18:12.115 Scan finished successfully
21:18:39.079 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rita & Dan\Desktop\MBR.dat"
21:18:39.079 The log file has been saved successfully to "C:\Documents and Settings\Rita & Dan\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 17 May 2012 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a quick clean up now, starting with the MBR infection


Re-Run aswMBR

Click Scan

On completion of the scan
Click the Fix Button

Posted Image

Save the log as before and post in your next reply

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\RITA&D~1\LOCALS~1\Temp\hpdj.exe -- (hpdj)
    O3 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
    O3 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
    O4 - HKU\.DEFAULT..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
    O4 - HKU\S-1-5-18..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
    O4 - HKU\S-1-5-19..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
    O4 - HKU\S-1-5-20..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
    O4 - HKU\S-1-5-21-668436073-3180396984-1500902624-1006..\Run: [Microsoft] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp\Microsoft\imhfelfqg.dll ()
    O4 - Startup: C:\Documents and Settings\Rita & Dan\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    [2012/05/13 13:38:38 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
    [2012/05/13 13:38:38 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
edge1334
Posted 17 May 2012 - 03:59 PM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I Re-Run aswMBR

Click Scan

On completion of the scan
Clicked the Fix Button
I saved the log then clicked Exit

The PC froze so I did a hard boot.
When the pc comes back up I get the BIOS splash screen with F2=Setup and F12=Boot Menu, then it goes to a black screen with a cursor blinking in the top left of the screen. I am not able to do anything from this other than a hard boot.
I can access the Setup and Boot menus after the hard boot. I was able to run a Diagnostics from the boot menu, but Windows never starts. I am not able to access Safe Mode.

Edited by edge1334, 17 May 2012 - 04:00 PM.

  • 0

#6
Essexboy
Posted 18 May 2012 - 11:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks as though the Infection fought back whilst aswMBR was cleaning it

Download the following three programmes to your desktop :

1. WiNToBootic
2. Windows XP RC
3. Farbar Recovery Scan Tool

Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot

Posted Image

Drag and drop the Windows XP RC ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

Once the system has booted you will see the following dialogue, select R
Posted Image

This will take you to the Command Prompt (C:\)

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#7
edge1334
Posted 20 May 2012 - 11:35 AM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have downloaded the following three programmes to my desktop :

1. WiNToBootic
2. Windows XP RC
3. Farbar Recovery Scan Tool

Extracted wintoboot to your desktop
Insert a USB drive of at 4GB
and Run Wintoboot

When I Drag and drop the Windows XP RC ISO to the programme in the space indicated I get the following error in a pop up window.
' Sorry, it looks not like a windows 7 based disk image. Possible rootcause: incorreect file format or incorrect Windows version. (Note: ISO with Win 7/2008/Vista/PE2/PE3 supported only)'

I am running Windows 7 SP1 on my laptop that I am using for this process.

Thanks
  • 0

#8
edge1334
Posted 20 May 2012 - 12:33 PM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I have downloaded the following three programmes to my desktop :

1. WiNToBootic
2. Windows XP RC
3. Farbar Recovery Scan Tool

Extracted wintoboot to your desktop
Insert a USB drive of at 4GB
and Run Wintoboot

When I Drag and drop the Windows XP RC ISO to the programme in the space indicated I get the following error in a pop up window.
' Sorry, it looks not like a windows 7 based disk image. Possible rootcause: incorreect file format or incorrect Windows version. (Note: ISO with Win 7/2008/Vista/PE2/PE3 supported only)'

I am running Windows 7 SP1 on my laptop that I am using for this process.

Thanks


I have also attempted from another pc with XP and I received the same error when dragging the rc.iso to to WinToBootic.
  • 0

#9
Essexboy
Posted 20 May 2012 - 02:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will check the programme out, meanwhile we will use a PE CD to access the system

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


[/list]
  • 0

#10
edge1334
Posted 20 May 2012 - 04:43 PM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the FRST.txt


Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 20-05-2012 19:38:09
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [150040 2008-08-18] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [150040 2008-08-18] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [176128 2003-09-01] (HP)
HKLM\...\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [233472 2003-10-23] (Hewlett-Packard Company)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [178712 2008-08-18] (Intel Corporation)
HKLM\...\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [229437 2003-05-21] (Hewlett-Packard)
HKLM\...\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw [909312 2008-02-26] (Realtek)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\RITA&D~1\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon [x]
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [49152 2003-06-25] (Hewlett-Packard)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2008-03-11] ( )
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [dplaysvr] %APPDATA%\dplaysvr.exe [x]
HKLM\...\Run: [pAflJBODLBxfsV.exe] C:\Documents and Settings\All Users\Application Data\pAflJBODLBxfsV.exe [378880 2012-05-17] ( )
HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-11] (Macrovision Corporation)
HKU\Administrator\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-11] (Macrovision Corporation)
HKU\Default User\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\LocalService\...\Run: [Apple] rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Apple\elbmwb.dll",DllRegisterServer [197912 2012-05-16] ()
HKU\NetworkService\...\Run: [Apple] rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Apple\elbmwb.dll",DllRegisterServer [197912 2012-05-16] ()
HKU\Rita & Dan\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-11] (Macrovision Corporation)
HKU\Rita & Dan\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Rita & Dan\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Rita & Dan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Rita & Dan\...\Run: [Apple] rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Apple\elbmwb.dll",DllRegisterServer [197912 2012-05-16] ()
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.238.112.12 68.238.96.12
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

================================ Services (Whitelisted) ==================

2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-10-23] (Juniper Networks)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 SAVAdminService; "C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [163056 2010-10-08] (Sophos Plc)
2 SAVService; "C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe" [97520 2010-06-04] (Sophos Plc)
4 SharedAccess; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 Sophos AutoUpdate Service; "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-04-11] (Sophos Plc)
2 Sophos Client Firewall; "C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe" [32496 2010-04-27] (Sophos Plc)
2 Sophos Client Firewall Manager; "C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe" [128240 2010-04-27] (Sophos Plc)
2 swi_service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [1543704 2012-02-21] (Sophos Plc)
2 TVersityMediaServer; "C:\Program Files\TVersity\Media Server\MediaServer.exe" [884736 2010-07-25] ()
2 hpdj; C:\DOCUME~1\RITA&D~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product= [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

========================== Drivers (Whitelisted) =============

1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
4 amdagp; C:\Windows\System32\DRIVERS\amdagp.sys [43008 2008-04-14] (Advanced Micro Devices, Inc.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
3 Diag69xp; C:\Windows\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation)
2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-02-18] (Juniper Networks)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [6044864 2008-08-18] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4752896 2008-08-18] (Realtek Semiconductor Corp.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [110080 2008-08-18] (Intel® Corporation)
2 LANPkt; C:\Windows\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
4 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation)
4 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation)
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [106368 2008-08-18] (Realtek Semiconductor Corporation )
3 RTLVLAN; C:\Windows\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
1 SAVOnAccessControl; C:\Windows\System32\DRIVERS\savonaccesscontrol.sys [153344 2010-10-08] (Sophos Plc)
1 SAVOnAccessFilter; C:\Windows\System32\DRIVERS\savonaccessfilter.sys [24064 2010-10-08] (Sophos Plc)
1 scfdriver; \??\C:\WINDOWS\system32\Drivers\scfdriver.sys [86264 2010-03-31] (Sophos Plc)
1 scfint; C:\Windows\System32\DRIVERS\scfint.sys [52984 2010-03-31] (Sophos Plc)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [14976 2008-05-23] (Sophos Plc)
4 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
4 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-20 19:37 - 2012-05-20 19:37 - 0000000 ____D C:\FRST
2012-05-17 17:21 - 2012-05-17 17:21 - 0001757 ____A C:\Documents and Settings\Rita & Dan\Desktop\aswMBR2.txt
2012-05-17 17:21 - 2012-05-17 17:21 - 0000512 ____A C:\Documents and Settings\Rita & Dan\Desktop\MBR.dat
2012-05-17 17:18 - 2012-05-17 17:16 - 0378880 ____A ( ) C:\Documents and Settings\All Users\Application Data\pAflJBODLBxfsV.exe
2012-05-16 21:18 - 2012-05-16 21:18 - 0001511 ____A C:\Documents and Settings\Rita & Dan\Desktop\aswMBR.txt
2012-05-16 21:14 - 2012-05-17 17:19 - 4731392 ____A (AVAST Software) C:\Documents and Settings\Rita & Dan\Desktop\aswMBR.exe
2012-05-16 21:11 - 2012-05-16 21:27 - 0069276 ____A C:\Documents and Settings\Rita & Dan\Desktop\OTL.Txt
2012-05-16 21:00 - 2012-05-16 21:00 - 0595456 ____A (OldTimer Tools) C:\Documents and Settings\Rita & Dan\Desktop\OTL.exe
2012-05-16 20:33 - 2012-05-16 20:33 - 0069087 ____A C:\Documents and Settings\Rita & Dan\Desktop\OTL.docx
2012-05-13 13:38 - 2012-05-13 13:38 - 1913856 ____A (Security Stronghold ) C:\Documents and Settings\Rita & Dan\My Documents\WindowsCannotFindFixWizard.exe
2012-05-13 13:38 - 2012-05-13 13:38 - 0001825 ____A C:\Documents and Settings\Rita & Dan\Desktop\Windows Cannot Find Fix Wizard.lnk
2012-05-13 13:38 - 2012-05-13 13:38 - 0000000 ____D C:\Program Files\Windows Cannot Find Fix Wizard
2012-05-13 13:38 - 2011-02-17 18:44 - 0356352 ____A (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2012-05-13 13:38 - 2011-02-17 18:44 - 0081920 ____A (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2012-05-13 13:34 - 2009-12-09 07:21 - 0000898 ____A C:\Documents and Settings\Rita & Dan\Start Menu\Programs\Startup\Warner Bros.lnk
2012-05-13 13:34 - 2009-05-03 20:58 - 0000601 ____A C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
2012-05-13 13:34 - 2009-01-29 23:39 - 0000949 ____A C:\Documents and Settings\Rita & Dan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2012-05-13 13:30 - 2012-05-17 16:51 - 3184508928 __ASH C:\hiberfil.sys
2012-05-13 13:25 - 2012-05-13 13:25 - 0000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-05-06 13:52 - 2012-05-06 13:52 - 0011076 ____A C:\Documents and Settings\Rita & Dan\Desktop\Vacation Supplies June 8.docx
2012-05-05 17:41 - 2012-05-05 17:41 - 0027264 ____A C:\Documents and Settings\Rita & Dan\My Documents\GirlsNiteOut.docx
2012-05-05 17:41 - 2012-05-05 17:41 - 0000162 ___AH C:\Documents and Settings\Rita & Dan\My Documents\~$rlsNiteOut.docx
2012-05-01 18:03 - 2012-05-01 18:03 - 0060973 ____A C:\Documents and Settings\Rita & Dan\My Documents\Slow PC fix SVCHOST.exe memroy leak.docx
2012-05-01 17:30 - 2012-05-01 17:30 - 0000000 ____D C:\Windows\System32\appmgmt
2012-05-01 17:12 - 2012-05-01 17:12 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2012-04-30 23:32 - 2012-04-30 23:32 - 0019237 ____A C:\Documents and Settings\Rita & Dan\Desktop\memory_error.jpg
2012-04-30 21:58 - 2012-05-13 14:36 - 0000000 ____D C:\Windows\Minidump
2012-04-26 06:03 - 2012-04-26 06:03 - 0000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-04-21 20:47 - 2012-04-21 20:47 - 0000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple

============ 3 Months Modified Files and Folders ===============

2012-05-20 19:37 - 2012-05-20 19:37 - 0000000 ____D C:\FRST
2012-05-17 17:22 - 2008-04-25 17:28 - 2046551 ____A C:\Windows\WindowsUpdate.log
2012-05-17 17:21 - 2012-05-17 17:21 - 0001757 ____A C:\Documents and Settings\Rita & Dan\Desktop\aswMBR2.txt
2012-05-17 17:21 - 2012-05-17 17:21 - 0000512 ____A C:\Documents and Settings\Rita & Dan\Desktop\MBR.dat
2012-05-17 17:21 - 2012-04-16 06:48 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-05-17 17:19 - 2012-05-16 21:14 - 4731392 ____A (AVAST Software) C:\Documents and Settings\Rita & Dan\Desktop\aswMBR.exe
2012-05-17 17:16 - 2012-05-17 17:18 - 0378880 ____A ( ) C:\Documents and Settings\All Users\Application Data\pAflJBODLBxfsV.exe
2012-05-17 17:05 - 2009-06-11 12:36 - 0000142 ____A C:\Windows\ODBC.INI
2012-05-17 17:04 - 2010-01-31 13:13 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-17 16:56 - 2009-10-23 17:52 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Tracing
2012-05-17 16:55 - 2009-12-15 04:20 - 0001965 ____A C:\Documents and Settings\Rita & Dan\hubsvclog.txt
2012-05-17 16:54 - 2008-04-25 12:16 - 0002206 ____A C:\Windows\System32\wpa.dbl
2012-05-17 16:54 - 2008-04-25 05:25 - 0000159 ____A C:\Windows\wiadebug.log
2012-05-17 16:54 - 2008-04-25 05:25 - 0000049 ____A C:\Windows\wiaservc.log
2012-05-17 16:52 - 2010-01-31 13:13 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-17 16:52 - 2008-04-25 17:32 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-17 16:51 - 2012-05-13 13:30 - 3184508928 __ASH C:\hiberfil.sys
2012-05-17 16:51 - 2009-01-26 22:25 - 0000062 __ASH C:\Documents and Settings\Rita & Dan\Local Settings\desktop.ini
2012-05-17 16:51 - 2008-04-25 17:32 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-05-17 16:51 - 2008-04-25 17:32 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-05-17 15:04 - 2008-04-25 12:16 - 0000886 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-05-16 21:28 - 2009-01-26 22:25 - 0000178 ___SH C:\Documents and Settings\Rita & Dan\ntuser.ini
2012-05-16 21:27 - 2012-05-16 21:11 - 0069276 ____A C:\Documents and Settings\Rita & Dan\Desktop\OTL.Txt
2012-05-16 21:18 - 2012-05-16 21:18 - 0001511 ____A C:\Documents and Settings\Rita & Dan\Desktop\aswMBR.txt
2012-05-16 21:12 - 2008-04-25 17:32 - 0032384 ____A C:\Windows\SchedLgU.Txt
2012-05-16 21:04 - 2010-01-31 13:13 - 0000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2012-05-16 21:00 - 2012-05-16 21:00 - 0595456 ____A (OldTimer Tools) C:\Documents and Settings\Rita & Dan\Desktop\OTL.exe
2012-05-16 21:00 - 2009-06-11 12:32 - 0000538 ____A C:\Windows\Tasks\Daily Full Scan.job
2012-05-16 20:54 - 2009-01-26 22:25 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\ApplicationHistory
2012-05-16 20:33 - 2012-05-16 20:33 - 0069087 ____A C:\Documents and Settings\Rita & Dan\Desktop\OTL.docx
2012-05-15 22:48 - 2009-01-30 00:14 - 0219450 ____A C:\hpfr3600.log
2012-05-15 22:45 - 2009-01-26 22:25 - 0000000 __SHD C:\Documents and Settings\Rita & Dan\Local Settings\Temporary Internet Files
2012-05-15 22:09 - 2009-01-29 23:58 - 0035328 ____A C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-14 15:23 - 2012-03-08 18:28 - 0000000 ____D C:\Documents and Settings\Rita & Dan\My Documents\PC Clean
2012-05-14 14:25 - 2008-04-25 05:17 - 0000000 ____D C:\Windows\ime
2012-05-14 12:20 - 2009-01-26 22:31 - 0000000 __SHD C:\Documents and Settings\Rita & Dan\UserData
2012-05-13 14:36 - 2012-04-30 21:58 - 0000000 ____D C:\Windows\Minidump
2012-05-13 13:38 - 2012-05-13 13:38 - 1913856 ____A (Security Stronghold ) C:\Documents and Settings\Rita & Dan\My Documents\WindowsCannotFindFixWizard.exe
2012-05-13 13:38 - 2012-05-13 13:38 - 0001825 ____A C:\Documents and Settings\Rita & Dan\Desktop\Windows Cannot Find Fix Wizard.lnk
2012-05-13 13:38 - 2012-05-13 13:38 - 0000000 ____D C:\Program Files\Windows Cannot Find Fix Wizard
2012-05-13 13:38 - 2009-01-26 22:25 - 0000000 ___RD C:\Documents and Settings\Rita & Dan\My Documents
2012-05-13 13:35 - 2008-04-25 17:27 - 0000000 ____D C:\Windows\System32\Restore
2012-05-13 13:34 - 2012-03-08 18:07 - 0000000 ____D C:\Windows\pss
2012-05-13 13:34 - 2008-04-25 12:16 - 0000507 ____A C:\Windows\win.ini
2012-05-13 13:34 - 2008-04-25 12:16 - 0000227 ____A C:\Windows\system.ini
2012-05-13 13:34 - 2008-04-25 12:16 - 0000211 _RASH C:\boot.ini
2012-05-13 13:29 - 2008-04-25 17:32 - 0000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-05-13 13:28 - 2008-04-25 17:32 - 0000178 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2012-05-13 13:25 - 2012-05-13 13:25 - 0000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-05-13 13:25 - 2008-04-25 17:32 - 0000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-05-12 20:47 - 2009-06-03 10:50 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-05-12 01:53 - 2009-01-16 15:53 - 0000000 ___HD C:\Windows\$hf_mig$
2012-05-09 10:42 - 2011-04-19 03:05 - 0000000 __SHD C:\Config.Msi
2012-05-06 13:52 - 2012-05-06 13:52 - 0011076 ____A C:\Documents and Settings\Rita & Dan\Desktop\Vacation Supplies June 8.docx
2012-05-05 17:41 - 2012-05-05 17:41 - 0027264 ____A C:\Documents and Settings\Rita & Dan\My Documents\GirlsNiteOut.docx
2012-05-05 17:41 - 2012-05-05 17:41 - 0000162 ___AH C:\Documents and Settings\Rita & Dan\My Documents\~$rlsNiteOut.docx
2012-05-05 17:30 - 2009-01-26 22:35 - 0086064 ____A C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-05-01 18:04 - 2009-01-16 15:57 - 0000000 ____D C:\Program Files\Google
2012-05-01 18:03 - 2012-05-01 18:03 - 0060973 ____A C:\Documents and Settings\Rita & Dan\My Documents\Slow PC fix SVCHOST.exe memroy leak.docx
2012-05-01 17:30 - 2012-05-01 17:30 - 0000000 ____D C:\Windows\System32\appmgmt
2012-05-01 17:28 - 2009-01-26 22:25 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Local Settings\Application Data\Google
2012-05-01 17:26 - 2011-05-28 17:16 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WildTangent
2012-05-01 17:12 - 2012-05-01 17:12 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2012-04-30 23:32 - 2012-04-30 23:32 - 0019237 ____A C:\Documents and Settings\Rita & Dan\Desktop\memory_error.jpg
2012-04-30 22:28 - 2012-03-08 18:42 - 0000786 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 22:28 - 2012-03-08 18:42 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 22:27 - 2009-10-31 21:44 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Application Data\Skype
2012-04-29 22:16 - 2009-10-31 21:44 - 0002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2012-04-26 20:08 - 2009-01-29 23:23 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-26 06:52 - 2008-04-25 17:34 - 0000000 ____D C:\Windows\Microsoft.NET
2012-04-26 06:10 - 2009-01-29 23:32 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-04-26 06:08 - 2008-04-25 05:22 - 0526316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-26 06:03 - 2012-04-26 06:03 - 0000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-04-21 20:47 - 2012-04-21 20:47 - 0000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
2012-04-17 21:13 - 2012-04-17 21:13 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2012-04-16 07:28 - 2010-09-25 06:05 - 0230808 ___RA (Coupons, Inc.) C:\Windows\System32\cpnprt2.cid
2012-04-16 07:24 - 2012-04-16 07:24 - 0000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2012-04-16 07:23 - 2012-04-16 07:23 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-04-16 07:23 - 2012-04-16 07:23 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-04-16 06:44 - 2012-04-16 06:44 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-04-16 06:44 - 2012-04-16 06:44 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-04-04 15:56 - 2012-03-08 18:42 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 12:42 - 2010-08-28 17:22 - 0000000 ____D C:\Documents and Settings\Rita & Dan\My Documents\Electronics
2012-03-30 05:41 - 2009-01-29 23:32 - 0000000 ____D C:\Program Files\Microsoft Office
2012-03-28 18:06 - 2009-04-09 21:22 - 0000000 ____D C:\Documents and Settings\Rita & Dan\My Documents\Joseph's folder
2012-03-27 14:53 - 2012-03-27 14:53 - 0000000 ____D C:\Documents and Settings\Rita & Dan\My Documents\Fitness
2012-03-20 20:29 - 2012-03-20 20:29 - 0054156 ___AH C:\Windows\QTFont.qfn
2012-03-20 20:29 - 2012-03-20 20:29 - 0001409 ____A C:\Windows\QTFont.for
2012-03-20 05:15 - 2008-04-25 05:21 - 0280536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-20 04:59 - 2012-03-20 04:59 - 0000000 __HDC C:\Windows\$NtUninstallKB2641653$
2012-03-20 04:56 - 2012-03-20 04:56 - 0000000 __HDC C:\Windows\$NtUninstallKB2647518$
2012-03-20 04:56 - 2012-03-20 04:56 - 0000000 __HDC C:\Windows\$NtUninstallKB2621440$
2012-03-15 21:32 - 2009-02-02 19:21 - 0000000 ____D C:\Documents and Settings\Rita & Dan\My Documents\My Downloads
2012-03-13 06:06 - 2008-04-25 05:22 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-09 19:11 - 2012-03-09 19:11 - 17592539 ____A C:\Documents and Settings\Rita & Dan\My Documents\PC Clean.zip
2012-03-08 23:08 - 2009-01-26 22:29 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Application Data\MSN6
2012-03-08 20:00 - 2012-03-08 18:31 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Application Data\Wise Registry Cleaner
2012-03-08 18:42 - 2012-03-08 18:42 - 0000000 ____D C:\Documents and Settings\Rita & Dan\Application Data\Malwarebytes
2012-03-08 18:42 - 2012-03-08 18:42 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-03-08 18:33 - 2012-03-08 18:33 - 0000684 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2012-03-08 18:33 - 2012-03-08 18:33 - 0000000 ____D C:\Program Files\CCleaner
2012-03-08 18:30 - 2012-03-08 18:30 - 0000805 ____A C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
2012-03-08 18:30 - 2012-03-08 18:30 - 0000000 ____D C:\Program Files\Wise Registry Cleaner
2012-03-02 06:01 - 2009-01-29 23:27 - 11082752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-03-02 06:01 - 2007-08-13 19:54 - 11082752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-01 07:01 - 2010-06-09 07:47 - 0743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-03-01 07:01 - 2010-03-28 14:45 - 0247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-03-01 07:01 - 2010-03-28 14:45 - 0012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-03-01 07:01 - 2009-01-29 23:27 - 2000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-03-01 07:01 - 2009-01-29 23:27 - 0602112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-03-01 07:01 - 2009-01-29 23:27 - 0055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-03-01 07:01 - 2009-01-16 15:54 - 1212416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-03-01 07:01 - 2009-01-16 15:54 - 0916992 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-03-01 07:01 - 2008-08-20 13:00 - 5978624 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 5978624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 1469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-01 07:01 - 2008-04-25 12:16 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-01 07:01 - 2008-04-25 12:16 - 0025600 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-01 07:01 - 2007-08-13 19:54 - 0611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-03-01 07:01 - 2007-08-13 19:54 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-01 07:01 - 2007-08-13 19:54 - 0184320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-03-01 07:01 - 2007-08-13 19:54 - 0066560 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-03-01 07:01 - 2007-08-13 19:54 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-01 07:01 - 2007-08-13 19:54 - 0025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-03-01 07:01 - 2007-08-13 19:45 - 1469440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-03-01 07:01 - 2007-08-13 19:44 - 0206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-03-01 07:01 - 2007-08-13 19:44 - 0105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-03-01 07:01 - 2007-08-13 19:44 - 0043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-03-01 07:01 - 2007-08-13 19:39 - 0387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-03-01 07:01 - 2007-08-13 19:34 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-29 10:10 - 2012-02-29 10:10 - 0148480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\imagehlp.dll
2012-02-29 10:10 - 2009-12-24 02:59 - 0177664 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wintrust.dll
2012-02-29 10:10 - 2008-04-25 12:16 - 0177664 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 10:10 - 2008-04-25 12:16 - 0148480 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 08:17 - 2008-04-25 12:16 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-29 08:17 - 2008-04-25 12:16 - 0174080 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-29 08:17 - 2007-08-13 19:39 - 0174080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2012-02-27 21:43 - 2009-01-26 22:25 - 0000000 ___RD C:\Documents and Settings\Rita & Dan\My Documents\My Music
2012-02-25 12:35 - 2012-02-25 12:35 - 0173961 ____A C:\Documents and Settings\Rita & Dan\My Documents\sig2.JPG
2012-02-25 12:34 - 2012-02-25 12:26 - 0174257 ____A C:\Documents and Settings\Rita & Dan\My Documents\sig.JPG
2012-02-25 09:24 - 2009-01-31 09:50 - 0000000 ____D C:\Documents and Settings\Rita & Dan\My Documents\Soccer
2012-02-21 04:22 - 2009-07-23 16:48 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-21 04:02 - 2012-02-21 04:02 - 0000000 __HDC C:\Windows\$NtUninstallKB2660465$
2012-02-21 04:00 - 2012-02-21 04:00 - 0000000 __HDC C:\Windows\$NtUninstallKB2661637$

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-05-16 21:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP5

RP: -> 2012-05-16 20:45 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP4

RP: -> 2012-05-16 20:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP3

RP: -> 2012-05-16 20:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2

RP: -> 2012-05-13 13:36 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1


========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 3036.92 MB
Available physical RAM: 2772.46 MB
Total Pagefile: 2861.84 MB
Available Pagefile: 2800.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:131.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Removable) (Total:3.74 GB) (Free:3.69 GB) NTFS
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 233 GB 40 MB
======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 39 MB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 233 GB Healthy
======================================================================================================
======================= End Of Log ==========================
  • 0

Advertisements

#11
Essexboy
Posted 21 May 2012 - 11:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It appears that wiNTBoot is a vista/7 programme only - my apologies for that

Download the attached fixlist.txt to the USB that contains the FRST programme
[attachment=57924:fixlist.txt]
From the Reatogo desktop start FRST
Once the programme has started then press the fix button
After it has completed then reboot to normal windows and let me know the result
  • 0

#12
edge1334
Posted 21 May 2012 - 03:14 PM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I ran the FRST program using the supplied fixlist.txt. after the fix completed I rebooted and changed the BIOS to run from hardrive (normal windows)and still have the black screen with blinking cursor.

Here is a copy of the fixlog.txt after running FRST.


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 2012-05-21 17:44:48 Run:1
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pAflJBODLBxfsV.exe Value deleted successfully.
HKEY_USERS\Rita & Dan\Software\Microsoft\Windows\CurrentVersion\Run\\Apple Value deleted successfully.
C:\Documents and Settings\All Users\Application Data\pAflJBODLBxfsV.exe moved successfully.
SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.

==== End of Fixlog ====
  • 0

#13
Essexboy
Posted 21 May 2012 - 03:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Next step -

Boot to the Reatogo desktop. Double click MBRFix. A command prompt will be presented. Type the following commands and press Enter after each line:

C:
cd C:\
MbrFix /drive 0 fixmbr
Exit

Then reboot
  • 0

#14
edge1334
Posted 21 May 2012 - 03:41 PM

edge1334

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I booted to the Reatogo desktop.
Double clicked MBRFix.

At the command prompt I typed the following commands and press Enter after each line:

C:
cd C:\
MbrFix /drive 0 fixmbr ----> when I hit enter I got the following
'MBRFix' is not recognized as an internal or external command, operable program or batch file.
  • 0

#15
Essexboy
Posted 22 May 2012 - 11:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that you had a space between mbrfix and the / also did you use 0(zero) and not o

C:
cd C:\
MbrFix /drive 0 fixmbr
Exit
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP