Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups "text enhance" [Closed]

Started by Dolly99 , Jul 24 2012 12:48 AM

  • This topic is locked This topic is locked

#1
Dolly99
Posted 24 July 2012 - 12:48 AM

Dolly99

    Member

  • Member
  • PipPip
  • 48 posts
Hi I am getting the "text enhance" box for anywhere to type that directs to "prizeking" I am also getting pop ups for mate1.com when I go to Ebay. I have run OTL here are the logs. Thanks for any help you can give me.

OTL logfile created on: 24/07/2012 4:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\xps\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.52% Memory free
4.23 Gb Paging File | 2.17 Gb Available in Paging File | 51.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.01 Gb Total Space | 5.88 Gb Free Space | 7.35% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 2.98 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: XPS-PC | User Name: xps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 16:32:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xps\Downloads\OTL.exe
PRC - [2012/07/23 20:53:41 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/21 16:00:00 | 000,611,144 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/03/08 08:41:46 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/15 09:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/09 22:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 22:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/15 00:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/10 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/23 20:53:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/09 22:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/21 12:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/10 17:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 62 D7 ED 0A E6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enAU377
IE - HKCU\..\SearchScopes\{B0C35157-774E-4A5B-83D6-737E3B7F0DFF}: "URL" = http://websearch.ask...69-823415ED85D0
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyEU1MtUl&i=26
IE - HKCU\..\SearchScopes\{FBB3D2BC-2E0D-4D54-B9E3-BA25BF2C37C9}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

[2010/12/21 08:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xps\AppData\Roaming\Mozilla\Extensions
[2010/12/21 08:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xps\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/06/14 17:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/24 09:56:15 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Word%20Slinger/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{711A1AA5-CF5B-4DF8-A963-A3B75EF5DE01}: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E65FABC-8FAB-4958-A446-AE3BB836B2F3}: DhcpNameServer = 192.168.0.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 21:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/07/23 21:06:01 | 000,000,000 | ---D | C] -- C:\Firefox

========== Files - Modified Within 30 Days ==========

[2012/07/24 16:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 15:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 15:42:13 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/07/24 15:42:13 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/24 15:22:58 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 15:22:58 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 09:48:39 | 000,611,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/24 09:48:38 | 000,110,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 06:48:24 | 000,001,776 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/07/24 06:28:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 03:22:28 | 000,252,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/24 03:21:12 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 03:19:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

========== Files Created - No Company Name ==========

[2010/06/03 17:23:12 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/30 08:18:20 | 000,084,480 | ---- | C] () -- C:\Users\xps\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 21:57:07 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/27 21:56:58 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/27 19:12:01 | 000,000,680 | ---- | C] () -- C:\Users\xps\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/06/16 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\Azureus
[2012/06/14 17:34:53 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\Driver Pro
[2010/11/25 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\HandBrake
[2010/06/04 06:02:43 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\OpenOffice.org
[2010/11/25 15:32:11 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\SpinTop
[2010/12/21 08:02:41 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\TomTom
[2012/07/24 03:19:57 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D6F36A30

< End of report >

OTL Extras logfile created on: 24/07/2012 4:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\xps\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.52% Memory free
4.23 Gb Paging File | 2.17 Gb Available in Paging File | 51.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.01 Gb Total Space | 5.88 Gb Free Space | 7.35% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 2.98 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: XPS-PC | User Name: xps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080B14EA-B7E9-4970-9043-8AF08551C69A}" = lport=137 | protocol=17 | dir=in | app=system |
"{246CC167-F82D-4C39-9462-4E93ECF316A6}" = rport=445 | protocol=6 | dir=out | app=system |
"{27110534-B7B1-4AC8-AD1F-51A33C9851B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29512F7C-439B-4C1F-A65A-B0B37D09E0DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{2CC57530-58C8-4718-A0D1-215AD3836B51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5094985D-820C-42A6-83FA-BC08846A31FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{50A55C38-3E4C-4491-8497-8633E534A5C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F2A5371-F95F-4A0D-8F27-952E889D4728}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{846F19AE-339E-45EF-BADA-06EFB332ABFC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A31137AE-24EF-4926-BDA5-B00031E2F24D}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA1EA9C0-2B43-402F-9DA8-13DF1877E3EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC3A7834-636A-474C-8AD3-65D983047379}" = lport=445 | protocol=6 | dir=in | app=system |
"{AFA6C047-8946-4B22-99FD-0058F4FAAE1F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B9373C4C-37B8-4151-ACC0-5F8A626D09F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFCD19A9-A380-4E2C-A4FE-3F29929C92D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3C51480-353E-4AFE-AC02-F53D0A3C6D7E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EBF7CF5F-3A97-473C-8382-13F3A76C8741}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EDB6A52B-ED2D-462F-8855-44CED8B7EF36}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D47249F-3857-499B-B833-9B48D468B576}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{499FD9E8-3D32-4A54-9F4B-5C3680DF6AFA}" = protocol=1 | dir=out | [email protected],-28544 |
"{6E183FB5-D4DD-432D-87E8-789095EAE206}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9185EEB3-C127-4E8A-B3A2-A65532886913}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{94C71304-2A22-4402-81B5-EF156C660C23}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{99CACB4C-2617-4C90-93DC-71FA4EA6B1AA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9D139A87-8D9E-4C1E-84A7-A1C59359043C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B7440E04-DF27-4675-8688-08798423EA1E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C06A7647-75EA-4AE4-9BFB-921E2F1B3155}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C485662B-1B67-4BD7-A6F0-AA2AD40E0849}" = protocol=58 | dir=in | [email protected],-28545 |
"{E3E06A9D-A722-4EBC-B32C-08EF77972F26}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 33
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BookSmart® 2.6.1 2.6.1" = BookSmart® 2.6.1 2.6.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
"Driver Pro_is1" = Driver Pro v3.0
"Google Chrome" = Google Chrome
"ieSpell" = ieSpell
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Optimizer Pro_is1" = Optimizer Pro v3.0
"TomTom HOME" = TomTom HOME 2.8.1.2218
"UltSounds" = Windows Sound Schemes
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 1.1.5
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/06/2012 3:51:24 AM | Computer Name = xps-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/06/2012 3:51:24 AM | Computer Name = xps-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/06/2012 8:39:01 PM | Computer Name = xps-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/06/2012 10:11:34 PM | Computer Name = xps-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/06/2012 10:11:35 PM | Computer Name = xps-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/07/2012 6:48:00 AM | Computer Name = xps-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/07/2012 7:13:32 AM | Computer Name = xps-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/07/2012 1:23:17 PM | Computer Name = xps-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/07/2012 1:59:42 PM | Computer Name = xps-PC | Source = Windows Backup | ID = 4103
Description =

Error - 24/07/2012 2:07:25 AM | Computer Name = xps-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module nvd3dum.dll, version 8.15.11.8621, time stamp 0x4a37cb42,
exception code 0xc0000005, fault offset 0x00396813, process id 0xcec, application
start time 0x01cd6933610664f0.

[ Media Center Events ]
Error - 21/01/2012 2:20:46 AM | Computer Name = xps-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/02/2012 6:16:10 PM | Computer Name = xps-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 23/07/2012 7:13:32 AM | Computer Name = xps-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/07/2012 1:23:18 PM | Computer Name = xps-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/07/2012 1:58:58 PM | Computer Name = xps-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 23/07/2012 4:28:11 PM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 23/07/2012 7:22:53 PM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 23/07/2012 7:24:34 PM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 23/07/2012 7:47:13 PM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 23/07/2012 8:12:37 PM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 23/07/2012 8:15:35 PM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 24/07/2012 1:42:12 AM | Computer Name = xps-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
  • 0

Advertisements

#2
CompCav
Posted 28 July 2012 - 01:34 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Dolly99! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Please uninstall the following programs:

Ask Toolbar - Adware like toolbar
Ask Toolbar Updater - see above
Vuze Remote Toolbar - P2P tool that is basically a malware highway into your computer.


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Your copy of OTL is old please delete it before downloading a fresh copy.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.
  • 0

#3
Dolly99
Posted 29 July 2012 - 04:56 AM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thanks so much for taking the time to help me with this.

I have uninstalled the 3 programs

When I downloaded aswMBR I got a box asking "would you like to downlaod the latest Avast! virus definitions?" I said no.

Here is the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 20:35:29
-----------------------------
20:35:29.566 OS Version: Windows 6.0.6002 Service Pack 2
20:35:29.566 Number of processors: 2 586 0x1706
20:35:29.566 ComputerName: XPS-PC UserName: xps
20:35:31.110 Initialize success
20:37:19.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:37:19.490 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
20:37:19.505 Disk 0 MBR read successfully
20:37:19.505 Disk 0 MBR scan
20:37:19.521 Disk 0 unknown MBR code
20:37:19.537 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81925 MB offset 96390
20:37:19.568 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 3074 MB offset 482094648
20:37:19.583 Disk 0 scanning sectors +488392065
20:37:19.630 Disk 0 scanning C:\Windows\system32\drivers
20:37:26.369 Service scanning
20:37:38.272 Service MpKsle30aa457 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79E23E32-CFE4-4BBC-BA3A-6E55D62F4F49}\MpKsle30aa457.sys **LOCKED** 32
20:38:14.823 Modules scanning
20:38:28.567 Disk 0 trace - called modules:
20:38:28.613 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
20:38:28.613 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857d3a30]
20:38:28.629 3 CLASSPNP.SYS[833c18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85278b98]
20:38:28.629 Scan finished successfully
20:39:53.633 Disk 0 MBR has been saved successfully to "C:\Users\xps\Documents\MBR.dat"
20:39:53.665 The log file has been saved successfully to "C:\Users\xps\Documents\aswMBR.txt"

I do not know where I have saved OTL to. I looked in the uninstall and could not find it. I used the search box on the start button and found it but have no idea where I have saved it to, I have also managed to lose aswMBR and have no idea where I have saved it to. I'm feeling really stupid right now. Please bear with me, I really appreciate the time you are taking to help me with this.
  • 0

#4
CompCav
Posted 29 July 2012 - 05:32 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OTL is on our desktop, just right click on it and delete it, OTL does not install like a regular program. Then just download a fresh copy.

aswMBR also made a file on your desktop called mbr.dat.
Please attach mbr.dat to your next reply.

To attach a file you click Use Full Editor under the fast reply box.
Then under the new box on the left it says Click to Attach Files. click that and navigate to the file on your desktop and click on it and then Open.

Once it is uploaded, click attach to post on the right.
  • 0

#5
Dolly99
Posted 29 July 2012 - 10:04 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here is my OTL.txt file. I can not find Extras.Txt

OTL logfile created on: 30/07/2012 1:45:17 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\xps\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.39% Memory free
4.23 Gb Paging File | 3.52 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.01 Gb Total Space | 5.36 Gb Free Space | 6.69% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 2.98 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: XPS-PC | User Name: xps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 13:42:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\xps\Desktop\OTL.exe
PRC - [2012/07/29 20:53:35 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/21 16:00:00 | 000,611,144 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 11:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/09 22:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 22:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/10 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/29 20:53:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/09 22:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/21 12:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/10 17:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 62 D7 ED 0A E6 CA 01 [binary data]
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\SearchScopes\{B0C35157-774E-4A5B-83D6-737E3B7F0DFF}: "URL" = http://websearch.ask...69-823415ED85D0
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyEU1MtUl&i=26
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\SearchScopes\{FBB3D2BC-2E0D-4D54-B9E3-BA25BF2C37C9}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

[2010/12/21 08:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xps\AppData\Roaming\Mozilla\Extensions
[2010/12/21 08:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xps\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/06/14 17:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/24 09:56:15 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-185358107-4069300981-2039749240-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Word%20Slinger/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{711A1AA5-CF5B-4DF8-A963-A3B75EF5DE01}: DhcpNameServer = 192.168.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E65FABC-8FAB-4958-A446-AE3BB836B2F3}: DhcpNameServer = 192.168.0.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 13:41:22 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\xps\Desktop\OTL.exe
[2012/07/23 21:06:01 | 000,000,000 | ---D | C] -- C:\Firefox

========== Files - Modified Within 30 Days ==========

[2012/07/30 13:42:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\xps\Desktop\OTL.exe
[2012/07/30 13:38:27 | 000,611,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/30 13:38:27 | 000,110,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/30 13:36:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 13:35:58 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/30 13:35:44 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/07/30 13:34:15 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 13:34:15 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 13:34:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 13:34:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 13:34:05 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 20:56:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/29 20:39:53 | 000,000,512 | ---- | M] () -- C:\Users\xps\Documents\MBR.dat
[2012/07/27 11:50:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 06:48:24 | 000,001,776 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/07/24 03:22:28 | 000,252,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/29 20:39:53 | 000,000,512 | ---- | C] () -- C:\Users\xps\Documents\MBR.dat
[2010/06/03 17:23:12 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/30 08:18:20 | 000,084,480 | ---- | C] () -- C:\Users\xps\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 21:57:07 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/27 21:56:58 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/27 19:12:01 | 000,000,680 | ---- | C] () -- C:\Users\xps\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/06/16 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\Azureus
[2012/06/14 17:34:53 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\Driver Pro
[2010/11/25 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\HandBrake
[2010/06/04 06:02:43 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\OpenOffice.org
[2010/11/25 15:32:11 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\SpinTop
[2010/12/21 08:02:41 | 000,000,000 | ---D | M] -- C:\Users\xps\AppData\Roaming\TomTom
[2012/07/29 20:56:55 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 12:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/19 07:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 07:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2012/01/03 23:10:44 | 000,585,874 | ---- | M] () MD5=0E19E0BEA7B159153258688CF8ED7716 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/21 12:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 16:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 16:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 22:39:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 22:39:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 12:41:26 | 000,001,688 | ---- | M] () MD5=3082647B3541D5282ECD09C09B9B4602 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 12:41:26 | 000,001,688 | ---- | M] () MD5=3082647B3541D5282ECD09C09B9B4602 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/19 07:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 07:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 07:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 22:39:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 07:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 22:39:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 07:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2010/05/20 23:08:00 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/20 23:01:50 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/01/21 12:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 12:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 12:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 12:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 12:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D6F36A30

< End of report >
  • 0

#6
Dolly99
Posted 29 July 2012 - 10:12 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I have tried the search button for the mbr.dat file and can not find it. It brings up 2 files OTL.txt and aswMBR.txt
  • 0

#7
CompCav
Posted 29 July 2012 - 10:16 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the OTL file, we do not need the extras.txt right now but I do need you to attach the mbr.dat file to your next post as requested in post #4. :)
  • 0

#8
CompCav
Posted 29 July 2012 - 10:18 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK make sure aswMBR is on your desktop and rerun it.

Then you will find mbr.dat on your desktop. Please attach it.
  • 0

#9
Dolly99
Posted 30 July 2012 - 05:40 AM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
thanks for your time. Here are the aswMBR files that I can find

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 20:35:29
-----------------------------
20:35:29.566 OS Version: Windows 6.0.6002 Service Pack 2
20:35:29.566 Number of processors: 2 586 0x1706
20:35:29.566 ComputerName: XPS-PC UserName: xps
20:35:31.110 Initialize success
20:37:19.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:37:19.490 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
20:37:19.505 Disk 0 MBR read successfully
20:37:19.505 Disk 0 MBR scan
20:37:19.521 Disk 0 unknown MBR code
20:37:19.537 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81925 MB offset 96390
20:37:19.568 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 3074 MB offset 482094648
20:37:19.583 Disk 0 scanning sectors +488392065
20:37:19.630 Disk 0 scanning C:\Windows\system32\drivers
20:37:26.369 Service scanning
20:37:38.272 Service MpKsle30aa457 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79E23E32-CFE4-4BBC-BA3A-6E55D62F4F49}\MpKsle30aa457.sys **LOCKED** 32
20:38:14.823 Modules scanning
20:38:28.567 Disk 0 trace - called modules:
20:38:28.613 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
20:38:28.613 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857d3a30]
20:38:28.629 3 CLASSPNP.SYS[833c18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85278b98]
20:38:28.629 Scan finished successfully
20:39:53.633 Disk 0 MBR has been saved successfully to "C:\Users\xps\Documents\MBR.dat"
20:39:53.665 The log file has been saved successfully to "C:\Users\xps\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 14:06:39
-----------------------------
14:06:39.168 OS Version: Windows 6.0.6002 Service Pack 2
14:06:39.168 Number of processors: 2 586 0x1706
14:06:39.168 ComputerName: XPS-PC UserName: xps
14:06:41.664 Initialize success
14:07:12.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:07:12.341 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
14:07:12.357 Disk 0 MBR read successfully
14:07:12.357 Disk 0 MBR scan
14:07:12.373 Disk 0 unknown MBR code
14:07:12.373 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81925 MB offset 96390
14:07:12.419 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 3074 MB offset 482094648
14:07:12.419 Disk 0 scanning sectors +488392065
14:07:12.497 Disk 0 scanning C:\Windows\system32\drivers
14:07:18.784 Service scanning
14:07:24.541 Service MpKsl381041f3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED454381-4E4F-4B2B-AE31-FC8784D65BD4}\MpKsl381041f3.sys **LOCKED** 32
14:07:32.372 Modules scanning
14:07:37.894 Disk 0 trace - called modules:
14:07:37.925 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
14:07:37.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857c9498]
14:07:37.941 3 CLASSPNP.SYS[833c48b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85278b98]
14:07:37.941 Scan finished successfully
14:09:23.366 Disk 0 MBR has been saved successfully to "C:\Users\xps\Documents\MBR.dat"
14:09:23.381 The log file has been saved successfully to "C:\Users\xps\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 21:25:29
-----------------------------
21:25:29.462 OS Version: Windows 6.0.6002 Service Pack 2
21:25:29.462 Number of processors: 2 586 0x1706
21:25:29.462 ComputerName: XPS-PC UserName: xps
21:25:33.222 Initialize success
21:25:43.713 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:25:43.713 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
21:25:43.776 Disk 0 MBR read successfully
21:25:43.776 Disk 0 MBR scan
21:25:43.776 Disk 0 unknown MBR code
21:25:43.838 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81925 MB offset 96390
21:25:43.932 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 3074 MB offset 482094648
21:25:43.947 Disk 0 scanning sectors +488392065
21:25:44.119 Disk 0 scanning C:\Windows\system32\drivers
21:25:54.508 Service scanning
21:26:06.271 Service MpKsl6e1993c6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED454381-4E4F-4B2B-AE31-FC8784D65BD4}\MpKsl6e1993c6.sys **LOCKED** 32
21:26:19.687 Modules scanning
21:26:39.704 Disk 0 trace - called modules:
21:26:39.735 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:26:39.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858d8ac8]
21:26:39.750 3 CLASSPNP.SYS[833cb8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85276b98]
21:26:39.766 Scan finished successfully
21:31:08.837 Disk 0 MBR has been saved successfully to "C:\Users\xps\Documents\MBR.dat"
21:31:09.133 The log file has been saved successfully to "C:\Users\xps\Documents\aswMBR.txt"

Attached Files

  • Attached File  MBR.dat   512bytes   159 downloads

  • 0

#10
CompCav
Posted 30 July 2012 - 07:11 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

Advertisements

#11
Dolly99
Posted 31 July 2012 - 10:10 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ran MBRCheck

Here is the report

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82001000 \SystemRoot\system32\ntkrnlpa.exe
0x823BB000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\intelide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\msahci.sys
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x82603000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8262B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8269D000 \SystemRoot\system32\drivers\ndis.sys
0x827A8000 \SystemRoot\system32\drivers\msrpc.sys
0x8300E000 \SystemRoot\system32\drivers\NETIO.SYS
0x83049000 \SystemRoot\System32\drivers\tcpip.sys
0x83136000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x83200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83310000 \SystemRoot\system32\drivers\volsnap.sys
0x83349000 \SystemRoot\System32\Drivers\spldr.sys
0x83351000 \SystemRoot\System32\Drivers\mup.sys
0x83360000 \SystemRoot\System32\drivers\ecache.sys
0x83387000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x833AB000 \SystemRoot\system32\drivers\disk.sys
0x833BC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833DD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8316C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83177000 \SystemRoot\system32\DRIVERS\tunmp.sys
  • 0

#12
CompCav
Posted 01 August 2012 - 05:18 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
The whole file is not here. Please re post the whole report. :)
  • 0

#13
Dolly99
Posted 02 August 2012 - 02:17 AM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ran it again got an infection (did N) here is the report

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82001000 \SystemRoot\system32\ntkrnlpa.exe
0x823BB000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\intelide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\msahci.sys
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x82603000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8262B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8269D000 \SystemRoot\system32\drivers\ndis.sys
0x827A8000 \SystemRoot\system32\drivers\msrpc.sys
0x8300E000 \SystemRoot\system32\drivers\NETIO.SYS
0x83049000 \SystemRoot\System32\drivers\tcpip.sys
0x83136000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x83200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83310000 \SystemRoot\system32\drivers\volsnap.sys
0x83349000 \SystemRoot\System32\Drivers\spldr.sys
0x83351000 \SystemRoot\System32\Drivers\mup.sys
0x83360000 \SystemRoot\System32\drivers\ecache.sys
0x83387000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x833AB000 \SystemRoot\system32\drivers\disk.sys
0x833BC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833DD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8316C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83177000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83180000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C751000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C753000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7F3000 \SystemRoot\System32\drivers\watchdog.sys
0x8318F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8319A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x831D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C804000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA0F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CC3E000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8CC6D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CC7D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CC8B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8CCA5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CCF6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CD09000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CD14000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CD1F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD37000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CD3D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CD41000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8CD4A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CD79000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CDBA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CDC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CDDC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C891000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CDE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C8B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C8C8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C8DD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8C966000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C976000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9A0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C9AD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE0D000 \SystemRoot\system32\drivers\HdAudio.sys
0x8DE4C000 \SystemRoot\system32\drivers\portcls.sys
0x8DE79000 \SystemRoot\system32\drivers\drmk.sys
0x8DE9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DEA7000 \SystemRoot\System32\Drivers\Null.SYS
0x8DEAE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DEBE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DEC5000 \SystemRoot\System32\drivers\vga.sys
0x8DED1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DEF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DEFA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DF02000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DF0D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DF1B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DF24000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DF3A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DF4E000 \SystemRoot\system32\drivers\afd.sys
0x8DF96000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DFC8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DFDE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DFEC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E208000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E244000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E24E000 \SystemRoot\system32\drivers\csc.sys
0x8E2A9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E2C0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8E375000 \SystemRoot\System32\Drivers\USBD.SYS
0x8E377000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E38E000 \SystemRoot\system32\DRIVERS\OEM04Vid.sys
0x8E3C8000 \SystemRoot\system32\DRIVERS\OEM04Vfx.sys
0x8DE00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C9F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E3F6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x831E7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x968B0000 \SystemRoot\System32\win32k.sys
0x83000000 \SystemRoot\System32\drivers\Dxapi.sys
0x83151000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AD0000 \SystemRoot\System32\TSDDD.dll
0x96AF0000 \SystemRoot\System32\cdd.dll
0x807E5000 \SystemRoot\system32\drivers\luafv.sys
0x9C207000 \SystemRoot\system32\drivers\spsys.sys
0x9C2B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C2FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C30E000 \SystemRoot\system32\drivers\HTTP.sys
0x9C37B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C398000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x9CE0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CE2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CE64000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CE7C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CEA4000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CF0B000 \SystemRoot\system32\drivers\peauth.sys
0x9CFE9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CFF3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CEF3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C3F0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8E2E8000 \SystemRoot\System32\Drivers\bthport.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9CE00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x833E6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9C3E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x827E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E368000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x779B0000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
564 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
948 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1036 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1200 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\SLsvc.exe
1296 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\winlogon.exe
1476 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\spoolsv.exe
1676 C:\Windows\System32\svchost.exe
1896 C:\Windows\System32\nvvsvc.exe
1992 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
268 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
612 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1704 C:\Windows\System32\svchost.exe
360 C:\Windows\System32\SearchIndexer.exe
2856 C:\Windows\System32\taskeng.exe
3272 C:\Windows\System32\taskeng.exe
3464 C:\Windows\System32\dwm.exe
3472 C:\Windows\explorer.exe
3660 C:\Windows\System32\rundll32.exe
3668 C:\Windows\OEM04Mon.exe
3716 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3732 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3740 C:\Program Files\Microsoft Security Client\msseces.exe
3748 C:\Program Files\iTunes\iTunesHelper.exe
3780 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3820 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3828 C:\Windows\ehome\ehtray.exe
3836 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
3868 C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
3884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3892 C:\Program Files\WinZip\WZQKPICK32.EXE
1964 C:\Windows\ehome\ehmsas.exe
2056 C:\Windows\System32\svchost.exe
2648 C:\Program Files\iPod\bin\iPodService.exe
2948 C:\Program Files\Internet Explorer\iexplore.exe
3808 C:\Program Files\Internet Explorer\iexplore.exe
3572 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2748 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
2556 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
1748 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
5380 C:\Windows\System32\taskeng.exe
4248 C:\Windows\System32\sdclt.exe
5828 C:\Windows\System32\svchost.exe
5104 taskeng.exe
5260 C:\Users\xps\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`785c7000 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: AF4022D5E24AABC6D45E0C2AB56D54318790FD53


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#14
CompCav
Posted 02 August 2012 - 06:07 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice

:


Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

The following dialog will be presented:


Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>3<< and press Enter

The following dialog will be presented:


Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...


Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#15
Dolly99
Posted 03 August 2012 - 01:21 AM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82001000 \SystemRoot\system32\ntkrnlpa.exe
0x823BB000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\intelide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\msahci.sys
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x82603000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8262B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8269D000 \SystemRoot\system32\drivers\ndis.sys
0x827A8000 \SystemRoot\system32\drivers\msrpc.sys
0x8300E000 \SystemRoot\system32\drivers\NETIO.SYS
0x83049000 \SystemRoot\System32\drivers\tcpip.sys
0x83136000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x83200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83310000 \SystemRoot\system32\drivers\volsnap.sys
0x83349000 \SystemRoot\System32\Drivers\spldr.sys
0x83351000 \SystemRoot\System32\Drivers\mup.sys
0x83360000 \SystemRoot\System32\drivers\ecache.sys
0x83387000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x833AB000 \SystemRoot\system32\drivers\disk.sys
0x833BC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833DD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8316C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83177000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83180000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C751000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C753000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7F3000 \SystemRoot\System32\drivers\watchdog.sys
0x8318F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8319A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x831D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C804000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA0F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CC3E000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8CC6D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CC7D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CC8B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8CCA5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CCF6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CD09000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CD14000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CD1F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD37000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CD3D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CD41000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8CD4A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CD79000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CDBA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CDC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CDDC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C891000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CDE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C8B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C8C8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C8DD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8C966000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C976000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9A0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C9AD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE0D000 \SystemRoot\system32\drivers\HdAudio.sys
0x8DE4C000 \SystemRoot\system32\drivers\portcls.sys
0x8DE79000 \SystemRoot\system32\drivers\drmk.sys
0x8DE9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DEA7000 \SystemRoot\System32\Drivers\Null.SYS
0x8DEAE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DEBE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DEC5000 \SystemRoot\System32\drivers\vga.sys
0x8DED1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DEF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DEFA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DF02000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DF0D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DF1B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DF24000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DF3A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DF4E000 \SystemRoot\system32\drivers\afd.sys
0x8DF96000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DFC8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DFDE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DFEC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E208000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E244000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E24E000 \SystemRoot\system32\drivers\csc.sys
0x8E2A9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E2C0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8E375000 \SystemRoot\System32\Drivers\USBD.SYS
0x8E377000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E38E000 \SystemRoot\system32\DRIVERS\OEM04Vid.sys
0x8E3C8000 \SystemRoot\system32\DRIVERS\OEM04Vfx.sys
0x8DE00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C9F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E3F6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x831E7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x968B0000 \SystemRoot\System32\win32k.sys
0x83000000 \SystemRoot\System32\drivers\Dxapi.sys
0x83151000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AD0000 \SystemRoot\System32\TSDDD.dll
0x96AF0000 \SystemRoot\System32\cdd.dll
0x807E5000 \SystemRoot\system32\drivers\luafv.sys
0x9C207000 \SystemRoot\system32\drivers\spsys.sys
0x9C2B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C2FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C30E000 \SystemRoot\system32\drivers\HTTP.sys
0x9C37B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C398000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x9CE0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CE2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CE64000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CE7C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CEA4000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CF0B000 \SystemRoot\system32\drivers\peauth.sys
0x9CFE9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CFF3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CEF3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C3F0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8E2E8000 \SystemRoot\System32\Drivers\bthport.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9CE00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x833E6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9C3E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x827E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E368000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x779B0000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
564 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
948 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1036 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1200 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\SLsvc.exe
1296 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\winlogon.exe
1476 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\spoolsv.exe
1676 C:\Windows\System32\svchost.exe
1896 C:\Windows\System32\nvvsvc.exe
1992 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
268 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
612 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1704 C:\Windows\System32\svchost.exe
360 C:\Windows\System32\SearchIndexer.exe
2856 C:\Windows\System32\taskeng.exe
3272 C:\Windows\System32\taskeng.exe
3464 C:\Windows\System32\dwm.exe
3472 C:\Windows\explorer.exe
3660 C:\Windows\System32\rundll32.exe
3668 C:\Windows\OEM04Mon.exe
3716 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3732 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3740 C:\Program Files\Microsoft Security Client\msseces.exe
3748 C:\Program Files\iTunes\iTunesHelper.exe
3780 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3820 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3828 C:\Windows\ehome\ehtray.exe
3836 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
3868 C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
3884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3892 C:\Program Files\WinZip\WZQKPICK32.EXE
1964 C:\Windows\ehome\ehmsas.exe
2056 C:\Windows\System32\svchost.exe
2648 C:\Program Files\iPod\bin\iPodService.exe
2948 C:\Program Files\Internet Explorer\iexplore.exe
3808 C:\Program Files\Internet Explorer\iexplore.exe
3572 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2748 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
2556 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
1748 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
5380 C:\Windows\System32\taskeng.exe
4248 C:\Windows\System32\sdclt.exe
5828 C:\Windows\System32\svchost.exe
5104 taskeng.exe
5260 C:\Users\xps\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`785c7000 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: AF4022D5E24AABC6D45E0C2AB56D54318790FD53


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82001000 \SystemRoot\system32\ntkrnlpa.exe
0x823BB000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\intelide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\msahci.sys
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x82603000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8262B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8269D000 \SystemRoot\system32\drivers\ndis.sys
0x827A8000 \SystemRoot\system32\drivers\msrpc.sys
0x8300E000 \SystemRoot\system32\drivers\NETIO.SYS
0x83049000 \SystemRoot\System32\drivers\tcpip.sys
0x83136000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x83200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83310000 \SystemRoot\system32\drivers\volsnap.sys
0x83349000 \SystemRoot\System32\Drivers\spldr.sys
0x83351000 \SystemRoot\System32\Drivers\mup.sys
0x83360000 \SystemRoot\System32\drivers\ecache.sys
0x83387000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x833AB000 \SystemRoot\system32\drivers\disk.sys
0x833BC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833DD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8316C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83177000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83180000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C751000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C753000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7F3000 \SystemRoot\System32\drivers\watchdog.sys
0x8318F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8319A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x831D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C804000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA0F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CC3E000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8CC6D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CC7D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CC8B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8CCA5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CCF6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CD09000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CD14000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CD1F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD37000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CD3D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CD41000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8CD4A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CD79000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CDBA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CDC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CDDC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C891000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CDE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C8B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C8C8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C8DD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8C966000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C976000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9A0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C9AD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE0D000 \SystemRoot\system32\drivers\HdAudio.sys
0x8DE4C000 \SystemRoot\system32\drivers\portcls.sys
0x8DE79000 \SystemRoot\system32\drivers\drmk.sys
0x8DE9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DEA7000 \SystemRoot\System32\Drivers\Null.SYS
0x8DEAE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DEBE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DEC5000 \SystemRoot\System32\drivers\vga.sys
0x8DED1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DEF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DEFA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DF02000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DF0D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DF1B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DF24000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DF3A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DF4E000 \SystemRoot\system32\drivers\afd.sys
0x8DF96000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DFC8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DFDE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DFEC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E208000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E244000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E24E000 \SystemRoot\system32\drivers\csc.sys
0x8E2A9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E2C0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8E375000 \SystemRoot\System32\Drivers\USBD.SYS
0x8E377000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E38E000 \SystemRoot\system32\DRIVERS\OEM04Vid.sys
0x8E3C8000 \SystemRoot\system32\DRIVERS\OEM04Vfx.sys
0x8DE00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C9F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E3F6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x831E7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x968B0000 \SystemRoot\System32\win32k.sys
0x83000000 \SystemRoot\System32\drivers\Dxapi.sys
0x83151000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AD0000 \SystemRoot\System32\TSDDD.dll
0x96AF0000 \SystemRoot\System32\cdd.dll
0x807E5000 \SystemRoot\system32\drivers\luafv.sys
0x9C207000 \SystemRoot\system32\drivers\spsys.sys
0x9C2B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C2FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C30E000 \SystemRoot\system32\drivers\HTTP.sys
0x9C37B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C398000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x9CE0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CE2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CE64000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CE7C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CEA4000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CF0B000 \SystemRoot\system32\drivers\peauth.sys
0x9CFE9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CFF3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CEF3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C3F0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8E2E8000 \SystemRoot\System32\Drivers\bthport.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9CE00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x833E6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9C3E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x827D3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E368000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x779B0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
564 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
948 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1036 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1200 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\SLsvc.exe
1296 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\winlogon.exe
1476 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\spoolsv.exe
1676 C:\Windows\System32\svchost.exe
1896 C:\Windows\System32\nvvsvc.exe
1992 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
268 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
612 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1704 C:\Windows\System32\svchost.exe
360 C:\Windows\System32\SearchIndexer.exe
2856 C:\Windows\System32\taskeng.exe
3272 C:\Windows\System32\taskeng.exe
3464 C:\Windows\System32\dwm.exe
3472 C:\Windows\explorer.exe
3660 C:\Windows\System32\rundll32.exe
3668 C:\Windows\OEM04Mon.exe
3716 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3732 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3740 C:\Program Files\Microsoft Security Client\msseces.exe
3748 C:\Program Files\iTunes\iTunesHelper.exe
3780 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3820 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3828 C:\Windows\ehome\ehtray.exe
3836 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
3868 C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
3884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3892 C:\Program Files\WinZip\WZQKPICK32.EXE
1964 C:\Windows\ehome\ehmsas.exe
2056 C:\Windows\System32\svchost.exe
2648 C:\Program Files\iPod\bin\iPodService.exe
2748 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
2556 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
1748 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
5380 C:\Windows\System32\taskeng.exe
4248 C:\Windows\System32\sdclt.exe
5828 C:\Windows\System32\svchost.exe
4988 taskeng.exe
3880 MpCmdRun.exe
2928 C:\Windows\System32\SearchProtocolHost.exe
212 C:\Windows\System32\SearchFilterHost.exe
4872 C:\Windows\System32\msfeedssync.exe
5756 C:\Users\xps\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`785c7000 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: AF4022D5E24AABC6D45E0C2AB56D54318790FD53


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

There is also a file called MBRCheck_MBR_Backup_08-03-12_17-06-00.bak

Windows can not open this file
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP