Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible MBR virus? idk, ima noob, pls help! [Closed]

Started by Txman777 , Jun 20 2012 08:03 PM

  • This topic is locked This topic is locked

#1
Txman777
Posted 20 June 2012 - 08:03 PM

Txman777

    New Member

  • Member
  • Pip
  • 4 posts

:help:


Well I have Avast, have used Kaspersky Virus remover, combo fix, tdss killer, eset online scanner....and the list goes on. The computer just isn't and hasn't been acting right for a while. Whenever the computer boots, it takes FOREVER for the user to show in task manager and start user specific tools like EVGA precision. Afraid I'm gonna burn my card up as long as it takes sometimes.

Also my ping has been rubber banding while gaming. Thank you in advance for any and all help! you are all true saints and deserve....well whatever it is you fantasize about :whistling: lol


Here is my OTL log:

OTL logfile created on: 06/20/2012 08:50:18 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = D:\Documents and Settings\winslow\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.59% Memory free
7.34 Gb Paging File | 6.51 Gb Available in Paging File | 88.64% Paging File free
Paging file location(s): D:\pagefile.sys 4605 4605 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 78.13 Gb Total Space | 78.04 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 82.98 Gb Free Space | 77.25% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: winslow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 20:48:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\winslow\desktop\OTL.exe
PRC - [2012/06/20 06:15:21 | 137,525,896 | ---- | M] () -- D:\Documents and Settings\winslow\desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
PRC - [2012/06/19 23:25:33 | 000,302,184 | ---- | M] () -- D:\Program Files\EVGA Precision\EVGAPrecision.exe
PRC - [2012/06/19 21:13:43 | 000,717,328 | ---- | M] () -- D:\Documents and Settings\winslow\Local Settings\temp\RarSFX0\6801776.exe
PRC - [2012/06/19 21:13:38 | 000,457,768 | ---- | M] (Kaspersky Lab) -- D:\Documents and Settings\winslow\Local Settings\temp\4123630\6801776.exe
PRC - [2012/06/14 17:20:17 | 000,016,864 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefoxx\plugin-container.exe
PRC - [2012/06/14 17:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefoxx\firefox.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 09:16:36 | 001,775,104 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\defs\12062001\algo.dll
MOD - [2012/06/20 06:15:21 | 137,525,896 | ---- | M] () -- D:\Documents and Settings\winslow\desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
MOD - [2012/06/20 02:31:08 | 001,775,104 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\defs\12062000\algo.dll
MOD - [2012/06/19 23:25:33 | 000,302,184 | ---- | M] () -- D:\Program Files\EVGA Precision\EVGAPrecision.exe
MOD - [2012/06/19 21:13:43 | 000,717,328 | ---- | M] () -- D:\Documents and Settings\winslow\Local Settings\temp\RarSFX0\6801776.exe
MOD - [2012/06/19 13:43:05 | 001,775,104 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\defs\12061901\algo.dll
MOD - [2012/06/14 17:20:15 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefoxx\mozjs.dll
MOD - [2012/06/13 19:52:34 | 009,459,912 | ---- | M] () -- D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/05/24 10:45:42 | 000,138,112 | ---- | M] () -- D:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2012/05/15 05:18:00 | 001,570,624 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- D:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- D:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- D:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010/08/09 12:52:06 | 000,258,048 | ---- | M] () -- D:\Program Files\EVGA Precision\RTHAL.dll
MOD - [2010/08/09 12:51:58 | 000,229,376 | ---- | M] () -- D:\Program Files\EVGA Precision\RTCore.dll
MOD - [2010/08/09 12:51:54 | 000,139,264 | ---- | M] () -- D:\Program Files\EVGA Precision\RTUI.dll
MOD - [2010/08/09 12:51:50 | 000,061,440 | ---- | M] () -- D:\Program Files\EVGA Precision\RTFC.dll
MOD - [2009/11/14 13:11:32 | 000,024,576 | ---- | M] () -- D:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- D:\WINDOWS\system32\mmfinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Disabled | Stopped] -- D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/16 02:57:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/13 19:52:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/02 04:09:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- D:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\tdx.sys -- (tdx)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\1CF.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\winslow\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\DOCUME~1\winslow\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/06/20 01:02:28 | 000,032,072 | ---- | M] () [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/06/19 21:12:35 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\22861256.sys -- (22861256)
DRV - [2012/06/19 01:17:46 | 000,138,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/16 20:20:26 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/16 20:20:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/20 16:22:20 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/30 12:11:00 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/26 13:37:26 | 004,713,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/02 10:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/17 17:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/10/20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/05/25 14:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 52 7A 84 BF AF CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js..extensions.enabledItems: [email protected]:1.0
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js..network.proxy.type: 0
FF - user.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js..extensions.enabledItems: [email protected]:1.0
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: D:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/25 01:18:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/18 17:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins

[2009/10/10 00:16:29 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\winslow\Application Data\Mozilla\Extensions
[2012/06/14 22:37:41 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\winslow\Application Data\Mozilla\Firefox\Profiles\cvqql2a2.default\extensions
[2010/05/06 06:46:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\winslow\Application Data\Mozilla\Firefox\Profiles\cvqql2a2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/18 17:07:38 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/20 03:18:20 | 000,000,027 | --S- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EVGAPrecision] D:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] D:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: D:\Documents and Settings\winslow\Start Menu\Programs\Startup\_uninst_22861256.lnk = D:\Documents and Settings\winslow\Local Settings\temp\_uninst_22861256.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255153682171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256032599424 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.83.133 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45F14FCD-A638-4FE6-AF97-FED8C08C4D5F}: DhcpNameServer = 208.180.83.133 208.180.42.68
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: D:\Documents and Settings\winslow\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\winslow\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/09 23:01:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 20:48:46 | 000,596,992 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\winslow\Desktop\OTL.exe
[2012/06/20 06:15:43 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood
[2012/06/20 06:15:40 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- D:\WINDOWS\System32\drivers\22861256.sys
[2012/06/20 00:51:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Application Data\FreeFileViewer
[2012/06/20 00:51:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2012/06/20 00:51:21 | 000,000,000 | ---D | C] -- D:\Program Files\FreeFileViewer
[2012/06/20 00:50:58 | 000,000,000 | ---D | C] -- D:\Program Files\Free Offers from Freeze.com
[2012/06/19 23:31:31 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\winslow\Recent
[2012/06/19 23:09:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Local Settings\Application Data\NPE
[2012/06/19 23:09:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Norton
[2012/06/19 22:45:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\My Documents\childsupport
[2012/06/19 21:01:46 | 004,731,392 | ---- | C] (AVAST Software) -- D:\Documents and Settings\winslow\Desktop\aswMBR.exe
[2012/06/18 17:07:36 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2012/06/16 00:09:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Application Data\f-secure
[2012/06/16 00:09:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/15 23:09:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Application Data\WinPatrol
[2012/06/15 23:09:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2012/06/15 23:09:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\InstallMate
[2012/06/15 23:09:56 | 000,000,000 | ---D | C] -- D:\Program Files\BillP Studios
[2012/06/14 03:32:45 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012/06/14 03:32:40 | 000,000,000 | ---D | C] -- D:\Program Files\HiJackThis
[2012/06/14 03:32:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Start Menu\Programs\HiJackThis
[2012/06/14 03:04:10 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2012/06/14 03:04:10 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2012/06/14 03:04:10 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2012/06/14 03:04:10 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2012/06/14 03:04:06 | 000,000,000 | ---D | C] -- D:\IE8
[2012/06/13 19:58:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\My Documents\My Received Files
[2012/06/13 19:57:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Tracing
[2012/06/13 19:56:05 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft
[2012/06/13 19:55:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\microsoft
[2012/06/13 19:55:49 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live SkyDrive
[2012/06/13 19:55:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/06/13 19:55:26 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live
[2012/06/13 19:49:57 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Windows Live
[2012/06/13 06:10:57 | 000,000,000 | ---D | C] -- D:\Malwarebytes
[2012/06/06 22:08:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\Application Data\ooVoo Details
[2012/06/05 22:45:23 | 000,000,000 | ---D | C] -- D:\WINDOWS\temp
[2012/06/05 22:40:15 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2012/06/05 22:40:12 | 000,000,000 | ---D | C] -- D:\Qoobox
[2012/06/02 01:20:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\winslow\My Documents\evga
[2012/05/25 01:19:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/25 01:19:11 | 000,337,880 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/25 01:19:11 | 000,020,696 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/25 01:19:10 | 000,053,848 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/25 01:19:10 | 000,035,672 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/25 01:19:09 | 000,612,184 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/25 01:19:09 | 000,095,704 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/25 01:19:09 | 000,089,048 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/25 01:19:09 | 000,024,920 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/25 01:18:43 | 000,201,352 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2012/05/25 01:18:43 | 000,041,184 | ---- | C] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2012/05/25 01:18:29 | 000,000,000 | ---D | C] -- D:\Program Files\AVAST Software
[2012/05/25 01:18:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AVAST Software

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,038,827 | R--- | M] () -- D:\Documents and Settings\winslow\My Documents\image004.jpg
[2012/06/20 20:48:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\winslow\Desktop\OTL.exe
[2012/06/20 20:44:00 | 000,002,563 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\HiJackThis.lnk
[2012/06/20 06:16:34 | 000,000,818 | ---- | M] () -- D:\Documents and Settings\winslow\Start Menu\Programs\Startup\_uninst_22861256.lnk
[2012/06/20 06:15:21 | 137,525,896 | ---- | M] () -- D:\Documents and Settings\winslow\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
[2012/06/20 06:13:52 | 002,109,032 | ---- | M] () -- D:\Documents and Settings\winslow\Desktop\tdsskiller.zip
[2012/06/20 03:18:20 | 000,000,027 | --S- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2012/06/20 01:02:28 | 000,032,072 | ---- | M] () -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/20 00:51:24 | 000,000,772 | ---- | M] () -- D:\Documents and Settings\winslow\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012/06/20 00:51:24 | 000,000,754 | ---- | M] () -- D:\Documents and Settings\winslow\Desktop\FreeFileViewer.lnk
[2012/06/19 23:29:07 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012/06/19 23:29:00 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/06/19 22:26:41 | 000,002,497 | ---- | M] () -- D:\Documents and Settings\winslow\Desktop\Microsoft Office Word 2003.lnk
[2012/06/19 21:12:35 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- D:\WINDOWS\System32\drivers\22861256.sys
[2012/06/19 21:03:07 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Documents and Settings\winslow\Desktop\aswMBR.exe
[2012/06/19 01:17:46 | 000,138,992 | ---- | M] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/06/19 01:17:31 | 000,281,152 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.xtr
[2012/06/17 02:21:26 | 000,000,749 | ---- | M] () -- D:\Documents and Settings\winslow\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/17 02:21:26 | 000,000,731 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/17 02:18:14 | 000,002,625 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2012/06/17 01:09:48 | 000,281,152 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.ex0
[2012/06/16 14:40:21 | 000,002,571 | ---- | M] () -- D:\Documents and Settings\winslow\Desktop\Microsoft Calculator Plus.lnk
[2012/06/15 00:08:14 | 000,045,911 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\jaycee medical card.pdf
[2012/06/13 23:07:13 | 000,855,729 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\may statement.pdf
[2012/06/13 21:12:13 | 005,292,054 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\loan app.bmp
[2012/06/13 19:52:35 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/13 06:37:30 | 000,436,080 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012/06/13 06:37:30 | 000,068,850 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2012/06/13 02:12:07 | 000,009,993 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\birth control.jpg
[2012/06/02 01:38:43 | 001,075,672 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/02 01:38:43 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2012/06/02 01:37:38 | 001,075,672 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/02 00:00:26 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 23:22:52 | 000,000,925 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/06/01 23:22:52 | 000,000,874 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2012/06/01 23:17:04 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\CCleaner.lnk
[2012/05/27 15:14:01 | 000,598,829 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\ethan insurance card.pdf
[2012/05/26 02:10:14 | 000,000,545 | ---- | M] () -- D:\Documents and Settings\winslow\My Documents\Shortcut to Track 3.mp3.lnk
[2012/05/25 02:03:42 | 000,604,003 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20120525-030643.backup
[2012/05/25 02:03:42 | 000,604,003 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20120525-030642.backup
[2012/05/25 01:48:49 | 000,442,760 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2012/05/25 01:19:12 | 000,001,689 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/25 01:13:01 | 000,023,392 | ---- | M] () -- D:\WINDOWS\System32\nscompat.tlb
[2012/05/25 01:13:01 | 000,016,832 | ---- | M] () -- D:\WINDOWS\System32\amcompat.tlb
[2012/05/24 10:48:10 | 000,021,376 | ---- | M] (IObit) -- D:\WINDOWS\System32\RegistryDefragBootTime.exe

========== Files Created - No Company Name ==========

[2012/06/20 06:16:34 | 000,000,818 | ---- | C] () -- D:\Documents and Settings\winslow\Start Menu\Programs\Startup\_uninst_22861256.lnk
[2012/06/20 06:13:45 | 002,109,032 | ---- | C] () -- D:\Documents and Settings\winslow\Desktop\tdsskiller.zip
[2012/06/20 06:11:17 | 137,525,896 | ---- | C] () -- D:\Documents and Settings\winslow\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
[2012/06/20 01:02:28 | 000,032,072 | ---- | C] () -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/20 00:51:24 | 000,000,772 | ---- | C] () -- D:\Documents and Settings\winslow\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012/06/20 00:51:24 | 000,000,754 | ---- | C] () -- D:\Documents and Settings\winslow\Desktop\FreeFileViewer.lnk
[2012/06/15 00:08:14 | 000,045,911 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\jaycee medical card.pdf
[2012/06/14 03:32:40 | 000,002,563 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\HiJackThis.lnk
[2012/06/14 03:04:10 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2012/06/14 03:04:10 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2012/06/14 03:04:10 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2012/06/14 03:04:10 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2012/06/14 03:04:10 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2012/06/13 23:07:13 | 000,855,729 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\may statement.pdf
[2012/06/13 21:12:12 | 005,292,054 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\loan app.bmp
[2012/06/13 02:12:05 | 000,009,993 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\birth control.jpg
[2012/06/02 01:13:45 | 002,807,708 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2012/06/02 01:13:45 | 000,010,264 | ---- | C] () -- D:\WINDOWS\System32\nvinfo.pb
[2012/06/01 23:22:52 | 000,000,925 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/05/27 15:11:40 | 000,598,829 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\ethan insurance card.pdf
[2012/05/26 07:04:43 | 000,000,830 | ---- | C] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/26 02:10:14 | 000,000,545 | ---- | C] () -- D:\Documents and Settings\winslow\My Documents\Shortcut to Track 3.mp3.lnk
[2012/05/25 01:19:12 | 000,001,689 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/02/14 18:39:02 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2011/12/13 02:16:54 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\winslow\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 01:56:17 | 000,024,576 | R--- | C] () -- D:\WINDOWS\System32\AsIO.dll
[2011/08/06 01:56:17 | 000,012,400 | R--- | C] () -- D:\WINDOWS\System32\drivers\AsIO.sys
[2010/10/04 13:28:53 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini
[2010/10/04 13:28:52 | 000,073,220 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/04 13:28:52 | 000,031,053 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/04 13:28:52 | 000,029,114 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/04 13:28:52 | 000,027,417 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/04 13:28:52 | 000,021,021 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/04 13:28:52 | 000,015,670 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/04 13:28:52 | 000,013,280 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/04 13:28:52 | 000,010,673 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/04 13:28:52 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/04 13:28:52 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/04 13:28:52 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/04 13:28:52 | 000,001,137 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/04 13:28:52 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/04 13:28:52 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/04 13:28:52 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/02 23:02:13 | 000,094,208 | ---- | C] () -- D:\WINDOWS\System32\GTW32N50.dll
[2010/08/26 00:43:09 | 001,075,672 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/26 00:43:07 | 001,075,672 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/26 00:43:07 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin

========== LOP Check ==========

[2012/05/25 01:18:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/06 01:48:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG10
[2009/11/11 14:11:05 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/07/18 02:06:07 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2010/04/04 14:44:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\EA Logs
[2012/06/16 00:09:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/17 02:34:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\InstallMate
[2012/06/17 01:03:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IObit
[2010/02/17 17:26:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\LightScribe
[2011/08/05 18:38:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/08 20:44:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Napster
[2011/04/26 00:02:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/08 15:06:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/13 17:34:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/19 04:12:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\AVG
[2011/07/18 02:10:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\AVG10
[2012/05/27 15:11:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\Canon
[2011/04/16 16:55:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\DVDVideoSoftIEHelpers
[2011/11/30 19:23:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\ElevatedDiagnostics
[2010/10/06 15:31:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\EPSON
[2012/06/16 00:09:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\f-secure
[2012/06/20 00:54:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\FreeFileViewer
[2010/03/03 19:20:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\GetRightToGo
[2012/05/17 14:55:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\IObit
[2010/01/20 13:35:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\NewSoft
[2012/06/06 22:08:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\ooVoo Details
[2012/04/28 04:26:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\Oracle
[2009/11/12 20:05:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\PCToolsFirewallPlus
[2011/04/26 00:05:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\Research In Motion
[2009/11/12 20:05:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\Spam Monitor
[2012/06/15 23:09:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\winslow\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> D:\Program Files\EVGA Precision\EVGAPrecision.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\walt.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\Resume.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\resignation.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\parade of lights.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\Mikk.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\me.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\Justin, Amy, and, me.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\image004.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo1.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\Getting ready for the rodeo.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\winslow\My Documents\Coby and Ali @ Ali's 10th b-day party.JPG:Roxio EMC Stream

< End of report >
  • 0

Advertisements

#2
Txman777
Posted 20 June 2012 - 08:09 PM

Txman777

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL Extras logfile created on: 06/20/2012 08:50:18 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = D:\Documents and Settings\winslow\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.59% Memory free
7.34 Gb Paging File | 6.51 Gb Available in Paging File | 88.64% Paging File free
Paging file location(s): D:\pagefile.sys 4605 4605 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 78.13 Gb Total Space | 78.04 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 82.98 Gb Free Space | 77.25% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: winslow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefoxx\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync discovery
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\EA GAME\Battlefield 2\BF2.exe" = D:\Program Files\EA GAME\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"D:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = D:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Disabled:BlackBerry Desktop Software -- (Research In Motion)
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\WINDOWS\system32\mmc.exe" = D:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"D:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = D:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"Canon MP530 User Registration" = Canon MP530 User Registration
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"FileHippo.com" = FileHippo.com Update Checker
"FreeFileViewer_is1" = Free File Viewer 2011
"GameSpy Arcade" = GameSpy Arcade
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Precision" = EVGA Precision 1.9.6
"PunkBusterSvc" = PunkBuster Services
"Speccy" = Speccy
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/18/2012 01:18:56 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/19/2012 01:06:17 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/19/2012 01:18:37 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/20/2012 01:06:15 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/20/2012 01:18:26 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/21/2012 01:06:20 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/21/2012 01:18:24 PM | Computer Name = MAIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 05/25/2012 10:09:57 PM | Computer Name = MAIN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Standard Edition 2003 -- Error 1706. Setup
cannot find the required files. Check your connection to the network, or CD-ROM
drive. For other potential solutions to this problem, see D:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 06/13/2012 09:31:23 PM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 06/14/2012 04:25:56 AM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 06/20/2012 12:32:03 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1
time(s).

Error - 06/20/2012 12:32:03 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 06/20/2012 04:08:14 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 06/20/2012 04:08:14 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 06/20/2012 04:16:47 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 06/20/2012 04:16:47 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 06/20/2012 04:16:51 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 06/20/2012 04:16:51 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 06/20/2012 04:18:05 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Defender service
to connect.

Error - 06/20/2012 04:18:05 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%1053


< End of report >
  • 0

#3
Render
Posted 24 June 2012 - 09:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#4
Txman777
Posted 24 June 2012 - 03:41 PM

Txman777

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello Render and thank you for your help! Also, yes I do have access to a windows disk.

I have attached the zip file and here is the MBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 16:31:11
-----------------------------
16:31:11.859 OS Version: Windows 5.1.2600 Service Pack 3
16:31:11.859 Number of processors: 4 586 0x1707
16:31:11.859 ComputerName: MAIN UserName:
16:31:13.234 Initialize success
16:31:14.109 AVAST engine defs: 12062400
16:31:40.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-1b
16:31:40.046 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
16:31:40.062 Disk 0 MBR read successfully
16:31:40.062 Disk 0 MBR scan
16:31:40.109 Disk 0 Windows XP default MBR code
16:31:40.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
16:31:40.109 Disk 0 Partition - 00 0F Extended LBA 225231 MB offset 163846935
16:31:40.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 109999 MB offset 163846998
16:31:40.125 Disk 0 Partition - 00 05 Extended 115231 MB offset 389126430
16:31:40.140 Disk 0 Partition 3 00 0E FAT16 LBA 115231 MB offset 389126493
16:31:40.140 Disk 0 scanning sectors +625121280
16:31:40.203 Disk 0 scanning D:\WINDOWS\system32\drivers
16:31:45.593 Service scanning
16:31:53.546 Modules scanning
16:31:58.062 Disk 0 trace - called modules:
16:31:58.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:31:58.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad15ab8]
16:31:58.093 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000082[0x8acf19e8]
16:31:58.093 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-1b[0x8ad1bb00]
16:31:58.421 AVAST engine scan D:\WINDOWS
16:32:00.281 AVAST engine scan D:\WINDOWS\system32
16:33:09.625 AVAST engine scan D:\WINDOWS\system32\drivers
16:33:16.062 AVAST engine scan D:\Documents and Settings\winslow
16:36:29.203 AVAST engine scan D:\Documents and Settings\All Users
16:37:08.812 Scan finished successfully
16:37:59.078 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\winslow\Desktop\MBR.dat"
16:37:59.078 The log file has been saved successfully to "D:\Documents and Settings\winslow\Desktop\aswMBR.txt"

Attached Files


Edited by Txman777, 24 June 2012 - 03:43 PM.

  • 0

#5
Render
Posted 24 June 2012 - 05:07 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
MBR looks good. Please proceed with this:

From the Start menu open your Computer
You should see something like this:

Posted Image

Right click your system partition (usually C) and select Properties

Posted Image

Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot

Once that has completed:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement
  • 0

#6
Render
Posted 11 July 2012 - 01:48 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP