dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2231
share rss forum feed


Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

Please help computer speed issues, etc

Hello, I finally got a keyboard!

Please see logs in order: MBAM, OTL, extras, checkup, Online log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home_Comp :: HOME [limited]

12/26/2012 7:59:50 PM
mbam-log-2012-12-26 (19-59-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235237
Time elapsed: 2 day(s), 4 hour(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

OTL logfile created on: 12/26/2012 6:44:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home_Comp.HOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 70.51% Memory free
4.75 Gb Paging File | 4.22 Gb Available in Paging File | 88.84% Paging File free
Paging file location(s): C:\pagefile.sys 3006 4008 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.83 Gb Total Space | 102.24 Gb Free Space | 43.91% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: fix it | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/12/25 15:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home_Comp.HOME\Desktop\OTL.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/29 09:51:24 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
PRC - [2010/10/21 16:01:32 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
PRC - [2010/09/23 17:59:42 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/14 07:59:34 | 000,364,032 | ---- | M] (TrippLite) -- C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2008/06/30 16:36:35 | 001,422,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
PRC - [2008/06/30 16:36:35 | 000,484,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2003/05/05 18:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/11/19 16:57:43 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0284e2e0afcfd7ce09094b30c0486d46\System.ServiceProcess.ni.dll
MOD - [2012/11/18 18:18:45 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4209aa9559e29ce30e4e92f31ac3472f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 18:18:43 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 18:18:42 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll
MOD - [2012/11/18 16:34:16 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/18 16:34:01 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll
MOD - [2012/11/18 16:33:54 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/18 16:33:51 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/18 16:33:48 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/18 16:33:44 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/18 16:33:42 | 009,093,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/18 16:33:34 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/18 16:30:58 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/18 16:30:57 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/18 16:30:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll
MOD - [2012/11/18 16:30:32 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 16:29:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/18 16:27:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/18 16:26:26 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/18 16:25:22 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/18 16:25:12 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/18 16:23:40 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/18 16:23:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/18 16:23:28 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
MOD - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/06/30 16:36:35 | 000,169,304 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/12 20:58:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/29 09:51:24 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2010/10/21 16:01:32 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010/05/14 08:05:30 | 001,644,368 | ---- | M] (Tripp Lite) [Auto | Stopped] -- C:\Program Files\TrippLite\PowerAlert\engine\pal.exe -- (PowerAlert Agent)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2003/05/05 18:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/12/23 12:36:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/11/14 10:12:44 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121211.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/14 10:12:44 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121211.019\NAVENG.SYS -- (NAVENG)
DRV - [2012/11/06 16:43:20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2012/08/09 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/22 13:53:32 | 000,104,240 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/12/22 13:53:32 | 000,092,976 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/12/22 13:53:32 | 000,032,048 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/12/22 13:53:30 | 000,137,008 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011/07/28 17:20:10 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/05/08 14:09:15 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/08 12:47:43 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/18 16:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/08 21:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/12/08 21:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 17:34:13 | 000,000,000 | ---D | M]

[2012/06/24 23:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/08 18:55:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/10 12:53:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/04/19 22:33:40 | 000,442,662 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15212 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerAlert Status.lnk = C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe (TrippLite)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953454991-4214797768-3574777463-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304877065906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340598315531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 13:46:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/12/25 16:58:11 | 000,000,000 | ---D | C] -- C:\ce5fa38988458a88af18cdc4f9b5fb
[2012/12/25 16:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\ATI
[2012/12/25 16:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Application Data\ATI
[2012/12/25 16:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\Temp
[2012/12/25 16:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\Adobe
[2012/12/25 16:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Application Data\Adobe
[2012/12/23 12:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Desktop\Home_Comp
[2012/12/23 00:45:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/23 00:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Application Data\Malwarebytes
[2012/12/23 00:23:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fix it\Desktop\TFC.exe
[2012/12/22 23:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Application Data\Apple Computer
[2012/12/22 23:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\Ahead
[2012/12/22 23:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\Aimersoft
[2012/12/22 23:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Application Data\Identities
[2012/12/22 23:46:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\My Documents\My Music
[2012/12/22 23:45:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\My Documents\My Pictures
[2012/12/22 23:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\Symantec
[2012/12/22 23:45:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fix it\Application Data\Microsoft
[2012/12/22 23:45:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fix it\SendTo
[2012/12/22 23:45:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fix it\Recent
[2012/12/22 23:45:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fix it\Application Data
[2012/12/22 23:45:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\Start Menu\Programs\Startup
[2012/12/22 23:45:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\Start Menu
[2012/12/22 23:45:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\My Documents
[2012/12/22 23:45:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\Favorites
[2012/12/22 23:45:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fix it\Start Menu\Programs\Accessories
[2012/12/22 23:45:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\fix it\IETldCache
[2012/12/22 23:45:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\fix it\Cookies
[2012/12/22 23:45:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fix it\Templates
[2012/12/22 23:45:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fix it\PrintHood
[2012/12/22 23:45:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fix it\NetHood
[2012/12/22 23:45:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fix it\Local Settings
[2012/12/22 23:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Local Settings\Application Data\Microsoft
[2012/12/22 23:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fix it\Desktop
[2012/12/22 23:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/17 16:45:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/12/15 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2012/12/15 11:31:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/12/15 11:31:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/12/15 11:31:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/12/15 11:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/12/26 11:07:15 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1953454991-4214797768-3574777463-1007UA.job
[2012/12/26 10:57:13 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/25 22:39:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2012/12/25 20:08:11 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1953454991-4214797768-3574777463-1007Core.job
[2012/12/25 19:47:28 | 000,481,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/25 19:47:28 | 000,079,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/25 19:41:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/25 19:41:32 | 2111,422,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/25 16:48:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/23 12:36:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/22 23:46:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\fix it\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/22 23:46:09 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\fix it\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/12/22 23:46:04 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\fix it\Desktop\Windows Media Player.lnk
[2012/12/22 23:17:15 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 21:38:39 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/12 20:58:51 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 20:58:51 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/12/22 23:46:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\fix it\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/22 23:46:10 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\fix it\Start Menu\Programs\Internet Explorer.lnk
[2012/12/22 23:46:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\fix it\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/12/22 23:46:04 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\fix it\Start Menu\Programs\Windows Media Player.lnk
[2012/12/22 23:46:04 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\fix it\Desktop\Windows Media Player.lnk
[2012/12/22 23:45:54 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\fix it\Start Menu\Programs\Remote Assistance.lnk
[2012/12/22 23:17:14 | 2111,422,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/12 21:37:34 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/12 12:21:02 | 000,056,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/06 16:53:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/26 18:17:40 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/02/26 18:17:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2012/02/26 18:17:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/14 15:59:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 21:53:27 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/14 23:02:49 | 000,000,534 | ---- | C] () -- C:\WINDOWS\avpr.ini
[2011/09/17 18:32:53 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/09/14 19:45:34 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/09/14 19:45:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2011/09/13 21:19:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/13 21:18:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/09/13 21:18:55 | 000,234,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/09/13 21:18:55 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/07/04 17:30:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/01 19:25:33 | 002,155,089 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1953454991-4214797768-3574777463-1007-0.dat
[2011/07/01 19:25:31 | 000,266,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/08 18:56:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/07 10:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/06/07 10:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/06/07 10:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/06/07 10:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/05/28 21:07:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/05/28 18:09:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/05/28 18:09:04 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/05/28 18:09:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/05/28 18:09:04 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/05/28 18:09:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/05/28 18:09:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/05/28 18:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/05/12 20:06:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/05/08 14:37:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/08 14:34:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2011/05/08 14:23:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/05/08 13:24:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/08 12:42:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/04/29 13:58:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 08:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/12/25 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2012/04/19 20:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/21 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/19 20:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/17 18:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/09/21 20:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/05/12 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/18 07:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\Aventail
[2011/08/10 10:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\bsnes
[2012/02/06 22:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\calibre
[2012/07/20 16:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\ConnectPortal
[2012/04/19 22:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DAEMON Tools Lite
[2012/07/10 19:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DDMSettings
[2011/11/25 07:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DVDVideoSoft
[2011/11/25 07:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DVDVideoSoftIEHelpers
[2012/01/27 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\pdfforge
[2011/07/01 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\Samsung
[2011/09/11 17:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\SystemRequirementsLab
[2012/11/24 14:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\uTorrent
[2012/03/21 07:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\VSRevoGroup

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1
reply to Amoris692001

OTL Extras logfile created on: 12/26/2012 6:44:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home_Comp.HOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 70.51% Memory free
4.75 Gb Paging File | 4.22 Gb Available in Paging File | 88.84% Paging File free
Paging file location(s): C:\pagefile.sys 3006 4008 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.83 Gb Total Space | 102.24 Gb Free Space | 43.91% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: fix it | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup
"C:\Documents and Settings\Home_Comp\Desktop\tew-637apv3_utility\TEW-637APv3_Utility\Setup.exe" = C:\Documents and Settings\Home_Comp\Desktop\tew-637apv3_utility\TEW-637APv3_Utility\Setup.exe:*:Enabled:Setup
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe" = C:\Program Files\Oracle\VirtualBox\VirtualBox.exe:*:Enabled:VirtualBox GUI -- (Oracle Corporation)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{141EB687-5AFE-B981-0A01-A62F6B862712}" = CCC Help English
"{1990DE06-9769-46E7-8B9E-1631165F2859}" = TurboTax 2011 wneiper
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{284B8284-A557-F842-5A71-78B49BB56B6B}" = ccc-utility
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{31B25CCC-C459-4A7B-8059-0D9913D4FAA1}" = World Community Grid
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{46D1DF3A-F85D-4052-A244-5418289939B6}" = EPD_free-7.1-2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel(R) PRO Alerting Agent
"{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{68CB35F0-A8C6-4B2D-8AEF-2A0C83AE4151}" = Oracle VM VirtualBox 3.2.14
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80612765-75C0-274D-A7E7-D24F3C928A9B}" = Catalyst Control Center InstallProxy
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{88E7FC62-7948-4262-93E2-1D0B1E992C84}" = PowerAlert Local Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer
"{AC5F0006-B59B-EEB5-BAE2-02F53E6A484D}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}" = Python 3.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D11688-7A08-C8E6-BD36-67B88E3A245F}" = Catalyst Control Center
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D14AAC37-38FC-4454-9CEC-B3CD081632C4}" = calibre
"{D6698939-CAC9-479B-959E-B77D474FC8A9}" = Palm webOS SDK
"{DCED0AD4-784D-4667-B4A0-6FE953FAC4BB}" = TurboTax 2011 wnjiper
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7F2F97C-D65C-550D-FEBE-6B71ED9D241F}" = Catalyst Control Center Graphics Previews Common
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
"705BB4107F4B3FAEECCDB213EAD10359BBFF3BFA" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Kindle" = Amazon Kindle
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"DungeonSiege2" = Dungeon Siege 2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.9" = MiKTeX 2.9
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.700
"Picasa 3" = Picasa 3
"Protected Music Converter_is1" = Protected Music Converter 1.7
"TurboTax 2011" = TurboTax 2011
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/10/2012 11:45:37 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/23/2012 12:39:28 AM | Computer Name = HOME | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
Event
Info: Terminate Process Action Taken: Logged Actor Process: C:\WINDOWS\system32\taskmgr.exe
(PID 1164) Time: Saturday, December 22, 2012 11:39:28 PM

Error - 12/23/2012 12:39:35 AM | Computer Name = HOME | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/23/2012 12:39:45 AM | Computer Name = HOME | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\SescLU.exe Event Info: Terminate Process Action Taken: Logged
Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1164) Time: Saturday, December 22,
2012 11:39:45 PM

Error - 12/23/2012 1:27:17 AM | Computer Name = HOME | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\Smc.exe Event Info: Terminate Process Action Taken: Logged Actor
Process: C:\Documents and Settings\fix it\Desktop\TFC.exe (PID 1252) Time: Sunday,
December 23, 2012 12:27:17 AM

Error - 12/23/2012 1:31:50 AM | Computer Name = HOME | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/23/2012 1:32:05 AM | Computer Name = HOME | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application wdfme.exe, version 1.3.0.16, stamp 4be85141,
faulting module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0,
fault address 0x0010ad96.

Error - 12/23/2012 1:44:35 AM | Computer Name = HOME | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/25/2012 5:48:39 PM | Computer Name = HOME | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/25/2012 9:56:07 PM | Computer Name = HOME | Source = MsiInstaller | ID = 10005
Description = Product: Windows 7 Upgrade Advisor -- You need to be an administrator
on this machine to install this application.

[ System Events ]
Error - 12/25/2012 5:18:03 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:13 PM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 12/25/2012 5:18:15 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:18 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:20 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:23 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:25 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:34 PM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/25/2012 5:18:44 PM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 12/25/2012 5:18:54 PM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.


Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 31
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 0%
[u]````````````````````End of Log``````````````````````[/u]



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=b7a828d04ebe4542aec5f94c598bfc42
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-30 02:14:30
# local_time=2012-12-29 09:14:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=120891
# found=0
# cleaned=0
# scan_time=30026



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Amoris692001

There is no sign of malware in the logs. However, the Event log shows a bad block on your hard disk.

We need to confirm this, and then take corrective action.

First step is a scan to confirm/deny.....

From the Deskop:

Start -> Run -> chkdsk (then press enter)

In the Command Prompt window, enter 'chkdsk C:' (without the quotes) and press 'Enter'

When finished, close the Command Prompt window.

Next step is to get the chkdsk log and post it in this thread.

Open the Control Panel, double click on "Adminstrative Tools", double click on the "Event Viewer" icon, then click on "Application". In the "Source" column, look for the "Winlogon" item. Double click it and you should see the results of your Chkdsk.

Copy those results and paste them into this thread.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

Hi thanks LoPhatPhuud.

However, I did not see any log with Source of WINLOGON only WDFME.

I ran it again and copied the command prompt.

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
Deleting corrupt attribute record (128, "")
from file record segment 118627.
Deleting corrupt attribute record (128, "")
from file record segment 119678.
File verification completed.
Deleting orphan file record segment 119696.
Deleting orphan file record segment 119697.
Deleting orphan file record segment 119698.
Deleting orphan file record segment 119700.
Deleting orphan file record segment 119701.

Errors found. CHKDSK cannot continue in read-only mode.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Amoris692001

OK, time to fix the hard disk.

Again, from a Command Prompt window enter:
'chkdsk C: /R' (without the quotes) and press Enter.

You will receive a prompt that chkdsk cannot lock the disk (or words to that effect) and asks if you want to run chkdsk the next time you start the computer. Answer 'Yes' and then restart your computer.

Check for a chkdsk log in the Event Log, as before, and post if present.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

Thanks here is the log

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 1/1/2013
Time: 5:16:14 PM
User: N/A
Computer: HOME
Description:
Checking file system on \DosDevices\C:
The type of the file system is NTFS.
Cleaning up minor inconsistencies on the drive.
Cleaning up 10 unused index entries from index $SII of file 0x9.
Cleaning up 10 unused index entries from index $SDH of file 0x9.
Cleaning up 10 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x2fb2525000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2fb252f000 for 0x1000 bytes.
Windows replaced bad clusters in file 123604
of name \SYSTEM~1\_RESTO~1\RP334\A0037789.DLL.
Read failure with status 0xc000009c at offset 0x1387802000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x138780a000 for 0x1000 bytes.
Windows replaced bad clusters in file 141061
of name \DOCUME~1\HOME_C~1\MYDOCU~1\MYDOCU~1\My Music\iTunes\ITUNES~1\GWENST~1\LOVEAN~1.BAB\02RICH~1.MP3.
Read failure with status 0xc000009c at offset 0x212b56d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x212b577000 for 0x1000 bytes.
Read failure with status 0xc0000015 at offset 0x212b578000 for 0x10000 bytes.
Read failure with status 0xc0000015 at offset 0x212b578000 for 0x1000 bytes.
Windows replaced bad clusters in file 161789
of name \PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121216.007\VIRSCAN7.DAT.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Adding 6 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

244137983 KB total disk space.
133510052 KB in 127360 files.
49088 KB in 26603 indexes.
24 KB in bad sectors.
308815 KB in use by the system.
65536 KB occupied by the log file.
110270004 KB available on disk.

4096 bytes in each allocation unit.
61034495 total allocation units on disk.
27567501 allocation units available on disk.

Internal Info:
20 0f 03 00 76 59 02 00 3f 99 03 00 00 00 00 00 ...vY..?.......
16 13 00 00 05 00 00 00 bf 04 00 00 00 00 00 00 ................
a6 24 91 03 00 00 00 00 7e c6 44 76 00 00 00 00 .$......~.Dv....
d4 da 25 03 00 00 00 00 22 71 57 37 06 00 00 00 ..%....."qW7....
2a db 1b 76 04 00 00 00 3a b3 7a 2d 0b 00 00 00 *..v....:.z-....
99 9e 36 00 00 00 00 00 f8 38 07 00 80 f1 01 00 ..6......8......
00 00 00 00 00 90 ce d4 1f 00 00 00 eb 67 00 00 .............g..

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to Amoris692001

Thanks. How is the computer performing now?



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

Thank, its better. However, I was only able to run the chkdsk using the windows recovery console.

Is there a way to test performance? Nothing fancy.

Also whenever it restarts it tells me that the drive cannot be locked or opened when it tries to run chkdsk before windows loads. Know how to get it to work?



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to Amoris692001

Chkdsk should not be running at start. Run OTL again, and post the new log in this thread. Note that there will not be a new Extras log.



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

OTL logfile created on: 1/4/2013 8:04:40 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home_Comp.HOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 66.27% Memory free
4.75 Gb Paging File | 4.17 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): C:\pagefile.sys 3006 4008 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.83 Gb Total Space | 101.33 Gb Free Space | 43.52% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Home_Comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/12/25 15:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home_Comp.HOME\Desktop\OTL.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/29 09:51:24 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
PRC - [2010/10/21 16:01:32 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
PRC - [2010/09/23 17:59:44 | 004,543,232 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2010/09/23 17:59:42 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/09/23 17:59:40 | 000,537,344 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/14 07:59:34 | 000,364,032 | ---- | M] (TrippLite) -- C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/05/20 11:23:18 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
PRC - [2003/05/05 18:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/11/19 16:57:43 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0284e2e0afcfd7ce09094b30c0486d46\System.ServiceProcess.ni.dll
MOD - [2012/11/18 18:18:45 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4209aa9559e29ce30e4e92f31ac3472f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 18:18:43 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 18:18:42 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll
MOD - [2012/11/18 16:34:16 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/18 16:34:01 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll
MOD - [2012/11/18 16:33:54 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/18 16:33:51 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/18 16:33:48 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/18 16:33:44 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/18 16:33:42 | 009,093,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/18 16:33:34 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/18 16:30:58 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/18 16:30:57 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/18 16:30:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll
MOD - [2012/11/18 16:30:32 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 16:29:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/18 16:27:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/18 16:26:26 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/18 16:25:22 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/18 16:25:12 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/18 16:23:40 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/18 16:23:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/18 16:23:28 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
MOD - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/08/18 11:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2005/05/20 11:23:18 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
MOD - [2005/05/20 11:11:56 | 000,065,536 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\DevClass.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/12 20:58:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/29 09:51:24 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2010/10/21 16:01:32 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010/05/14 08:05:30 | 001,644,368 | ---- | M] (Tripp Lite) [Auto | Stopped] -- C:\Program Files\TrippLite\PowerAlert\engine\pal.exe -- (PowerAlert Agent)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2003/05/05 18:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/11/14 10:12:44 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130103.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/14 10:12:44 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/11/14 10:12:44 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130103.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/11/08 16:27:14 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2012/08/09 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/22 13:53:32 | 000,104,240 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/12/22 13:53:32 | 000,092,976 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/12/22 13:53:32 | 000,032,048 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/12/22 13:53:30 | 000,137,008 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 14:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011/07/28 17:20:10 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/05/08 14:09:15 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/08 12:47:43 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/18 16:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/08 21:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/12/08 21:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/02/23 08:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 56 5C 14 D7 E5 CD 01 [binary data]
IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 17:34:13 | 000,000,000 | ---D | M]

[2012/06/24 23:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/08 18:55:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/10 12:53:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/04/19 22:33:40 | 000,442,662 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15212 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerAlert Status.lnk = C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe (TrippLite)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953454991-4214797768-3574777463-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304877065906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340598315531 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C84417-9B36-4FC7-A976-2C9CE8F95D34}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 13:46:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/01/02 22:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2013/01/02 22:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Microsoft Corporation
[2013/01/02 22:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/01/01 23:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BounceBack Express
[2013/01/01 23:38:21 | 000,014,976 | ---- | C] (CMS Peripherals, Inc.) -- C:\WINDOWS\System32\drivers\portd2k.sys
[2013/01/01 23:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\CMS Peripherals
[2013/01/01 23:36:18 | 000,000,000 | ---D | C] -- C:\BounceBack
[2013/01/01 23:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Apple Computer
[2013/01/01 23:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Temp
[2013/01/01 23:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Adobe
[2013/01/01 17:21:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home_Comp.HOME\IECompatCache
[2013/01/01 15:41:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/01 15:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2013/01/01 15:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/12/29 11:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/29 10:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Macromedia
[2012/12/29 10:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Adobe
[2012/12/29 10:14:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home_Comp.HOME\PrivacIE
[2012/12/25 20:25:24 | 008,669,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Home_Comp.HOME\Desktop\Windows7UpgradeAdvisorSetup.exe
[2012/12/25 20:15:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home_Comp.HOME\Desktop\OTL.exe
[2012/12/25 16:58:11 | 000,000,000 | ---D | C] -- C:\ce5fa38988458a88af18cdc4f9b5fb
[2012/12/25 15:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Malwarebytes
[2012/12/25 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Ahead
[2012/12/25 15:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Apple Computer
[2012/12/25 15:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Aimersoft
[2012/12/25 15:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Symantec
[2012/12/25 15:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Identities
[2012/12/25 15:30:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\My Documents\My Music
[2012/12/25 15:30:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\My Documents\My Pictures
[2012/12/25 15:30:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Microsoft
[2012/12/25 15:30:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home_Comp.HOME\SendTo
[2012/12/25 15:30:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home_Comp.HOME\Recent
[2012/12/25 15:30:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home_Comp.HOME\Application Data
[2012/12/25 15:30:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\Start Menu\Programs\Startup
[2012/12/25 15:30:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\Start Menu
[2012/12/25 15:30:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\My Documents
[2012/12/25 15:30:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\Favorites
[2012/12/25 15:30:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home_Comp.HOME\Start Menu\Programs\Accessories
[2012/12/25 15:30:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home_Comp.HOME\IETldCache
[2012/12/25 15:30:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home_Comp.HOME\Cookies
[2012/12/25 15:30:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home_Comp.HOME\Templates
[2012/12/25 15:30:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home_Comp.HOME\PrintHood
[2012/12/25 15:30:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home_Comp.HOME\NetHood
[2012/12/25 15:30:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings
[2012/12/25 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Local Settings\Application Data\Microsoft
[2012/12/25 15:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home_Comp.HOME\Desktop
[2012/12/22 23:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/17 16:45:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/12/15 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2012/12/15 11:31:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/12/15 11:31:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/12/15 11:31:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/12/15 11:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/01/04 08:07:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1953454991-4214797768-3574777463-1007UA.job
[2013/01/04 07:57:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/04 05:55:43 | 000,481,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/04 05:55:43 | 000,079,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/04 05:52:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/04 05:49:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/04 05:48:06 | 2111,422,464 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/02 22:55:06 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/01/02 22:39:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2013/01/02 20:07:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1953454991-4214797768-3574777463-1007Core.job
[2013/01/01 23:38:20 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk
[2013/01/01 23:38:20 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BounceBack QuickRestore.lnk
[2013/01/01 23:18:11 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 17:52:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/01 15:42:22 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/12/30 09:27:35 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 16:47:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/25 20:19:44 | 008,669,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Home_Comp.HOME\Desktop\Windows7UpgradeAdvisorSetup.exe
[2012/12/25 15:32:37 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/25 15:32:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/12/25 15:31:17 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Home_Comp.HOME\Desktop\Windows Media Player.lnk
[2012/12/25 15:30:45 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Home_Comp.HOME\Desktop\SecurityCheck.exe
[2012/12/25 15:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home_Comp.HOME\Desktop\OTL.exe
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/12 20:58:51 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 20:58:51 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/01/02 22:55:06 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/01/02 22:55:05 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013/01/01 23:38:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe
[2013/01/01 23:38:20 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BounceBack QuickRestore.lnk
[2013/01/01 23:38:19 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk
[2013/01/01 15:42:21 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2013/01/01 15:42:13 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2012/12/25 20:15:06 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Desktop\SecurityCheck.exe
[2012/12/25 15:32:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/25 15:32:37 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Start Menu\Programs\Internet Explorer.lnk
[2012/12/25 15:32:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/12/25 15:31:17 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Start Menu\Programs\Windows Media Player.lnk
[2012/12/25 15:31:17 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Desktop\Windows Media Player.lnk
[2012/12/25 15:30:18 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Home_Comp.HOME\Start Menu\Programs\Remote Assistance.lnk
[2012/12/22 23:17:14 | 2111,422,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/12 21:37:34 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/12 12:21:02 | 000,056,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/06 16:53:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/26 18:17:40 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/02/26 18:17:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2012/02/26 18:17:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/14 15:59:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 21:53:27 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/14 23:02:49 | 000,000,534 | ---- | C] () -- C:\WINDOWS\avpr.ini
[2011/09/17 18:32:53 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/09/14 19:45:34 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/09/14 19:45:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2011/09/13 21:19:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/13 21:18:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/09/13 21:18:55 | 000,234,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/09/13 21:18:55 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/07/04 17:30:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/01 19:25:33 | 002,155,089 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1953454991-4214797768-3574777463-1007-0.dat
[2011/07/01 19:25:31 | 000,266,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/08 18:56:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/07 10:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/06/07 10:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/06/07 10:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/06/07 10:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/05/28 21:07:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/05/28 18:09:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/05/28 18:09:04 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/05/28 18:09:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/05/28 18:09:04 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/05/28 18:09:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/05/28 18:09:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/05/28 18:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/05/12 20:06:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/05/08 14:37:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/08 14:34:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2011/05/08 14:23:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/05/08 13:24:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/08 12:42:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/04/29 13:58:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 08:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/01/04 05:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2012/04/19 20:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/21 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/19 20:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/17 18:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/09/21 20:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/05/12 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/18 07:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\Aventail
[2011/08/10 10:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\bsnes
[2012/02/06 22:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\calibre
[2012/07/20 16:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\ConnectPortal
[2012/04/19 22:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DAEMON Tools Lite
[2012/07/10 19:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DDMSettings
[2011/11/25 07:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DVDVideoSoft
[2011/11/25 07:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\DVDVideoSoftIEHelpers
[2012/01/27 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\pdfforge
[2011/07/01 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\Samsung
[2011/09/11 17:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\SystemRequirementsLab
[2012/11/24 14:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\uTorrent
[2012/03/21 07:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home_Comp\Application Data\VSRevoGroup

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to Amoris692001

Are you still getting the warning notice re chkdsk on startup???



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

No longer. But it's still laggy. Much better performance.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Amoris692001

Let's check for rootkits as a safety measure before we continue..

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

Ok took me a while to find the log.

2013-01-05 22:52:37 Sophos Virus Removal Tool version 2.2
2013-01-05 22:52:37 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-01-05 22:52:37 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-01-05 22:52:37 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2013-01-05 22:52:37 Checking for updates...
2013-01-05 22:52:40 Update progress: proxy server not available
2013-01-05 22:52:46 Downloading updates...
2013-01-05 22:52:46 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-01-05 22:52:46 Update progress: [I49502] Found supplement SAVIW32 NEXT 4
2013-01-05 22:52:46 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-01-05 22:52:46 Update progress: [I19463] Syncing product SAVIW32 23
2013-01-05 22:52:46 Option all = no
2013-01-05 22:52:46 Option recurse = yes
2013-01-05 22:52:46 Option archive = no
2013-01-05 22:52:46 Option service = yes
2013-01-05 22:52:46 Option confirm = yes
2013-01-05 22:52:46 Option sxl = yes
2013-01-05 22:52:46 Option max-data-age = 35
2013-01-05 22:52:47 Component SVRTcli.exe version 2.2
2013-01-05 22:52:47 Component control.dll version 2.2
2013-01-05 22:52:47 Component SVRTservice.exe version 2.2
2013-01-05 22:52:47 Component engine\osdp.dll version 1.44.0.2031
2013-01-05 22:52:47 Component engine\veex.dll version 3.38.1.2031
2013-01-05 22:52:47 Component engine\savi.dll version 7.5.11.2031
2013-01-05 22:52:47 Component rkdisk.dll version 1.5.30.0
2013-01-05 22:52:47 Version info: Product version 2.2
2013-01-05 22:52:47 Version info: Detection engine 3.38.1
2013-01-05 22:52:47 Version info: Detection data 4.84
2013-01-05 22:52:47 Version info: Build date 12/10/2012
2013-01-05 22:52:47 Version info: Data files added 417
2013-01-05 22:52:47 Version info: Last successful update (not yet updated)
2013-01-05 22:53:04 Installing updates...
2013-01-05 22:53:25 Update successful
2013-01-05 22:53:37 Option all = no
2013-01-05 22:53:37 Option recurse = yes
2013-01-05 22:53:37 Option archive = no
2013-01-05 22:53:37 Option service = yes
2013-01-05 22:53:37 Option confirm = yes
2013-01-05 22:53:37 Option sxl = yes
2013-01-05 22:53:37 Option max-data-age = 35
2013-01-05 22:53:37 Component SVRTcli.exe version 2.2
2013-01-05 22:53:37 Component control.dll version 2.2
2013-01-05 22:53:37 Component SVRTservice.exe version 2.2
2013-01-05 22:53:37 Component engine\osdp.dll version 1.44.0.2040
2013-01-05 22:53:37 Component engine\veex.dll version 3.39.0.2040
2013-01-05 22:53:37 Component engine\savi.dll version 7.5.11.2040
2013-01-05 22:53:37 Component rkdisk.dll version 1.5.30.0
2013-01-05 22:53:37 Version info: Product version 2.2
2013-01-05 22:53:37 Version info: Detection engine 3.39.0
2013-01-05 22:53:37 Version info: Detection data 4.85G
2013-01-05 22:53:37 Version info: Build date 1/7/2013
2013-01-05 22:53:37 Version info: Data files added 0
2013-01-05 22:53:37 Version info: Last successful update 1/5/2013 10:53:25 PM

2013-01-05 23:18:20 Could not check C:\Documents and Settings\Home_Comp\My Documents\My Documents\nick\0 College Work\1 2007 Fall\Asian Business\Class Notes\AB17Sep.ppt (corrupt)
2013-01-05 23:20:14 Password protected file C:\Documents and Settings\Home_Comp\My Documents\My Documents\nick\JPM Work Related\Nick Files from comp\2009 Approved Overtime Log .xls
2013-01-06 00:06:55 Could not open C:\hiberfil.sys

2013-01-06 09:50:37 Scan completed.
2013-01-06 09:50:37

------------------------------------------------------------

2013-01-06 09:50:38 Sophos Virus Removal Tool version 2.2
2013-01-06 09:50:38 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-01-06 09:50:38 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-01-06 09:50:38 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2013-01-06 09:50:38 Checking for updates...
2013-01-06 09:50:45 Update progress: proxy server not available
2013-01-06 09:50:47 Update error: failed to read remote metadata (error 4)
Cannot locate server for »dci.sophosupd.com/update/5/92/59···e5a7.xml
2013-01-06 09:51:01 Option all = no
2013-01-06 09:51:01 Option recurse = yes
2013-01-06 09:51:01 Option archive = no
2013-01-06 09:51:01 Option service = yes
2013-01-06 09:51:01 Option confirm = yes
2013-01-06 09:51:01 Option sxl = yes
2013-01-06 09:51:01 Option max-data-age = 35
2013-01-06 09:51:01 Component SVRTcli.exe version 2.2
2013-01-06 09:51:01 Component control.dll version 2.2
2013-01-06 09:51:01 Component SVRTservice.exe version 2.2
2013-01-06 09:51:01 Component engine\osdp.dll version 1.44.0.2040
2013-01-06 09:51:01 Component engine\veex.dll version 3.39.0.2040
2013-01-06 09:51:01 Component engine\savi.dll version 7.5.11.2040
2013-01-06 09:51:01 Component rkdisk.dll version 1.5.30.0
2013-01-06 09:51:01 Version info: Product version 2.2
2013-01-06 09:51:01 Version info: Detection engine 3.39.0
2013-01-06 09:51:01 Version info: Detection data 4.85G
2013-01-06 09:51:01 Version info: Build date 1/7/2013
2013-01-06 09:51:01 Version info: Data files added 0
2013-01-06 09:51:01 Version info: Last successful update 1/5/2013 10:53:25 PM

2013-01-06 09:51:04 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2013-01-06 10:06:12 Could not check C:\Documents and Settings\Home_Comp\My Documents\My Documents\nick\0 College Work\1 2007 Fall\Asian Business\Class Notes\AB17Sep.ppt (corrupt)
2013-01-06 10:07:40 Password protected file C:\Documents and Settings\Home_Comp\My Documents\My Documents\nick\JPM Work Related\Nick Files from comp\2009 Approved Overtime Log .xls
2013-01-06 10:13:40 Could not open C:\hiberfil.sys

2013-01-06 12:57:04 Scan completed.
2013-01-06 12:57:04

------------------------------------------------------------

2013-01-06 13:06:40 Sophos Virus Removal Tool version 2.2
2013-01-06 13:06:40 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-01-06 13:06:40 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-01-06 13:06:40 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2013-01-06 13:06:40 Checking for updates...
2013-01-06 13:06:46 Update progress: proxy server not available
2013-01-06 13:07:04 Option all = no
2013-01-06 13:07:04 Option recurse = yes
2013-01-06 13:07:04 Option archive = no
2013-01-06 13:07:04 Option service = yes
2013-01-06 13:07:04 Option confirm = yes
2013-01-06 13:07:04 Option sxl = yes
2013-01-06 13:07:04 Option max-data-age = 35
2013-01-06 13:07:04 Component SVRTcli.exe version 2.2
2013-01-06 13:07:04 Component control.dll version 2.2
2013-01-06 13:07:04 Component SVRTservice.exe version 2.2
2013-01-06 13:07:04 Component engine\osdp.dll version 1.44.0.2040
2013-01-06 13:07:04 Component engine\veex.dll version 3.39.0.2040
2013-01-06 13:07:04 Component engine\savi.dll version 7.5.11.2040
2013-01-06 13:07:04 Component rkdisk.dll version 1.5.30.0
2013-01-06 13:07:04 Version info: Product version 2.2
2013-01-06 13:07:04 Version info: Detection engine 3.39.0
2013-01-06 13:07:04 Version info: Detection data 4.85G
2013-01-06 13:07:04 Version info: Build date 1/7/2013
2013-01-06 13:07:04 Version info: Data files added 0
2013-01-06 13:07:04 Version info: Last successful update 1/5/2013 10:53:25 PM
2013-01-06 13:07:12 Update not required



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Amoris692001

Thanks, the Sophos log shows no rootkits. We're done here as there are no signs of malware based on recent logs.

The lagging could be from many sources. If the computer is an older one, modern program structures (more services) consume more resources and older equipment will suffer. Not much you can do about it. You can defrag the hard disk to try and improve performance there.

Note that official Microsoft support for Windows XP ends April 1, 2014 so have over a year to make plans to transition to Windows 7 or 8.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Amoris692001

Cleaning Up:

To Delete TFC:
* Delete the TFC icon on your Desktop
Delete OTL:
* Double click the OTL icon on your Desktop
* Press the 'Cleanup' button
Delete Security Check:
* Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes:
* We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit
* If we asked you to install and run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs:
* If we asked you to install any other programs that are not removed by the OTL cleanup procesure, we will provide separate removal instructions.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Amoris692001
This thread is worthless without pics
Premium
join:2003-08-18
Brooklyn, NY
kudos:1

thanks for all of the help!