Jump to content

Change Mode

Hello my friends,,I'm back


MOMBO
 Share

Recommended Posts

I don't know if there is somthing up here,,I scaned my sys with 8 dif programs and they found nothing to report,,My internet connection is always active now even when my browser is off,,This usally happens when I get hit with either a virus or malware,,,I took a log and leave this for some experts to see maybe they can see somthing going on,,I took a HJ log scan and here are my results..Thanks for the past
help people..you always fixed this ol thing,,,

 

---------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:53 AM, on 9/22/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\FPrograms\avast\AvastSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
D:\FPrograms\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\GWMDMMSG.exe
D:\FPrograms\EasyCD\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
D:\FPrograms\avast\AvastUI.exe
C:\WINDOWS\system32\taskswitch.exe
D:\FPrograms\Power VCR II\Agent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
D:\FPrograms\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\fprograms\acrobatread\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\FPrograms\EasyCD\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GameDrive] D:\FPrograms\gamedrive\GDP\gdtask.exe /AutoRestore /Silence
O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AvastUI.exe] "D:\FPrograms\avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [Agent] D:\FPrograms\Power VCR II\Agent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\FPROGR~1\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\FPrograms\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - D:\FPrograms\avast\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS

--
End of file - 4741 bytes

Link to comment
Share on other sites

Hi and welcome back to PC Pitstop. :)

 

Firstly if not aware the XP Operating System is no longer supported by Microsoft:-

 

Windows XP support has ended

 

My friendly advise is you read the information in the above link and consider upgrading your machine, Vista would suffice though Windows 7 would be the better option. Rather than say Windows 8.1 giving the probable age of your machine.

 

However I am still prepared to assist you but give no guarantees about the on-going security of your machine in the future...

 

If you wish to proceed with a attempted malware removal process, merely let myself know, thank you.

Link to comment
Share on other sites

Hey There!!!Yes I know that about xp,,,,,and I have this computer that does all I need for now ,,I mean I just would like to know what is causing this network activity going on,,,I know somthing is transmitting and it ain't win updates cause it's all turned off,,I have another new computter with win 8.1 and I got a virus on it just after tweo weeks,,, hek!!!does;nt matter what sys you have it going to get infected anyway,,,no matter how new....I would like to keep this putter as long as I can so Iwould like to see if can fix this,,you da mann that can..Thanks my friend....I will try..

Link to comment
Share on other sites

Hello there,I cant beleive it ,,,everything looks good now,,,the trasmit has stopped and working normally now,,,,yesss,,,but maybe you should still take a look and let me know if anything going on......it was doing that for weeks now it stopped,,,I stopped a few services like,1. THE SHARE POINT TIMER,and 2.TASK SCHEDULER,,,Maybe some task running,but there should'nt be,

Link to comment
Share on other sites

Hi. :)

 

Your prior two posts are acknowledged and by all means I will still check your machine for you as follows...Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

 

Because of this, I advise you to backup any personal files and folders before you start.

 

Scan with aswMBR:

 

Please download aswMBR to your desktop.

 

Alternate downloads are here and here.

  • Double-click on aswMBR.exe to launch the application.
  • If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No <-- You already have Avast installed so pointless scanning with the same detection database etc.
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

 

Scan with Farbar Recovery Scan Tool:

 

Please download and save Farbar Recovery Scan Tool 32-Bit to your Desktop.

  • Double-click on FRST.exe to start FRST >> follow the prompt/click on Yes
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • awsMBR Log.
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.
Link to comment
Share on other sites

OK Will do,,I'm on my new computer right now so when I get back to the old tonight I will install theses programs,,,It's running really great now, I don't think anything is wrong anymore,,I have reformatted xp many times and it's no big deal for me...Thanks as always,,,,

Link to comment
Share on other sites

OK I'm back on my ol sys,,,here are the aswMBR:logs

----------------------------------------------------------------------------
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-23 10:28:52
-----------------------------
10:28:52.203 OS Version: Windows 5.1.2600 Service Pack 3
10:28:52.203 Number of processors: 1 586 0x204
10:28:52.203 ComputerName: MAD UserName:
10:28:53.171 Initialize success
10:28:53.171 VM: initialized successfully
10:28:53.187 VM: outdated driver version !
10:28:56.312 AVAST engine defs: 14031900
10:29:51.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:29:51.015 Disk 0 Vendor: WDC_WD400BB-00DEA0 05.03E05 Size: 38166MB BusType: 3
10:29:51.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:29:51.015 Disk 1 Vendor: WDC_WD800BB-75JHA0 05.01C05 Size: 76293MB BusType: 3
10:29:51.171 Disk 0 MBR read successfully
10:29:51.171 Disk 0 MBR scan
10:29:51.171 Disk 0 Windows XP default MBR code
10:29:51.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
10:29:51.171 Disk 0 unknown boot code
10:29:51.203 Scan finished successfully
10:30:18.171 Disk 0 MBR has been saved successfully to "D:\Doc\Software\xp\MBR.dat"
10:30:18.171 The log file has been saved successfully to "D:\Doc\Software\xp\aswMBR.txt"


Link to comment
Share on other sites

Dam thing is running again,,,won't let me dowload FRST.exe.keeps cutting off.dam s--t,,,freaking me out here,I had to down FRST.exe with my new putter to usb drive,I then tried to copy from usb to the ol putter and it won't even copy it,so I ran the tool from the usb drive,and it worked,,weird stuff,,

------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by Owner at 2014-09-23 11:14:29
Running from H:\xp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Agatha Christie - And Then There Were None (HKLM\...\{E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2}) (Version: 1.0 - )
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
Crimson Editor (remove only) (HKLM\...\Crimson Editor) (Version: - )
Do More (HKLM\...\{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}) (Version: 2.0 - Gateway Inc.)
DoMore (HKLM\...\PX: {34E29B52-7A91-4D77-A91F-1131E1697C16}) (Version: - )
DVD Player (HKLM\...\{C1939820-A945-11D4-86F6-0001031E5712}) (Version: - InterVideo Inc.)
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.1.0.1800 - Roxio Inc)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
GameDrive (HKLM\...\{D5BB0907-4BB2-46A3-AA68-0173D111058D}) (Version: 10.00 - FarStone Technology Inc.)
Gateway Desktop Manager (HKLM\...\Gateway Desktop Manager) (Version: - )
Gateway IE Customizations (HKLM\...\Gateway IE Customizations) (Version: - )
Gateway Power Management (HKLM\...\Gateway Power Management) (Version: - )
GTW V.92 Voice Modem (HKLM\...\GTW V.92 Voice Modem) (Version: - )
GTW V.92 Voicemodem (HKLM\...\GTW V.92 Voicemodem) (Version: - )
Hauppauge WinTV2000 (HKLM\...\Hauppauge WinTV2000) (Version: - )
HelpSpot (HKLM\...\{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}) (Version: 6.1 - Gateway Inc.)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Indeo® software (HKLM\...\Indeo® software) (Version: - )
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - )
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
MGI PhotoSuite (HKLM\...\{A11BF78C-D690-4663-8491-3101BC9ED243}) (Version: 5.0.829.0 - MGI Software Corp.)
Microsoft FrontPage Server Extensions 2002 (HKLM\...\{901D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version: - )
MusicMatch Update (HKLM\...\MusicMatch Update) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC-Doctor for Windows (HKLM\...\PCDoctor) (Version: - )
PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 3.05 - BVRP Software)
PHPTriad (remove only) (HKLM\...\PHPTriad) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PowerVCR II (HKLM\...\{F0BA5720-E189-11D4-9EA1-0050BAE317E1}) (Version: - )
Quake 4 (HKLM\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
Quake 4 (Version: 1.0 - Activision) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sound Blaster Live! Value (HKLM\...\Sound Blaster Live! Value) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Virtual Desktop Manager Powertoy for Windows XP (HKLM\...\{F251B999-08A9-4704-999C-9962F0DFD88E}) (Version: 1.00.0001 - Microsoft Corporation)
VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WinAce Archiver 2.0 (HKLM\...\WinAce Archiver 2.0) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\SYSTEM32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\System32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\System32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\System32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\System32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\System32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{E6ADCE1A-8DE6-41E3-9E17-DE3311CEB048}\InprocServer32 -> C:\Program Files\Gateway\Do More\DoMore.ocx (Gateway Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\System32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-1960408961-1993962763-725345543-1003_Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}\InprocServer32 -> blank No File

==================== Restore Points =========================

22-09-2014 06:04:57 System Checkpoint
22-09-2014 06:06:02 Restore
22-09-2014 06:41:33 avast! antivirus system restore point
22-09-2014 18:22:10 avast! antivirus system restore point
23-09-2014 17:36:17 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

1979-12-31 17:00 - 2001-08-30 03:30 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => D:\FPrograms\avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2002-03-19 15:30 - 2002-03-19 15:30 - 00141824 _____ () C:\WINDOWS\system32\msvdm.dll
2014-05-22 10:52 - 2001-03-02 10:02 - 00037808 ____N () d:\fprograms\acrobatread\Reader\ActiveX\AcroIEHelper.ocx
2006-10-22 10:22 - 2006-10-22 10:22 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2007-09-08 12:23 - 2003-05-15 14:43 - 00119808 _____ () D:\FPrograms\wrar320\rarext.dll
2006-07-12 04:16 - 2006-07-12 04:16 - 00049152 _____ () D:\FPrograms\gamedrive\DVDCreator\BurnInterFace.dll
2006-07-21 22:49 - 2006-07-21 22:49 - 00086016 _____ () D:\FPrograms\gamedrive\GDExt900.dll
2014-05-22 15:34 - 2014-05-22 15:34 - 02189312 _____ () D:\FPrograms\avast\defs\14031900\algo.dll
2006-10-22 10:22 - 2006-10-22 10:22 - 00212992 _____ () C:\WINDOWS\system32\nvapi.dll
2014-05-22 15:33 - 2014-05-22 15:33 - 19336120 _____ () D:\FPrograms\avast\libcef.dll
2002-03-19 15:30 - 2002-03-19 15:30 - 00045632 _____ () C:\WINDOWS\system32\taskswitch.exe
2007-07-16 16:22 - 2001-03-07 21:45 - 00032768 _____ () D:\FPrograms\Power VCR II\Language.dll
2007-07-16 16:22 - 2001-03-07 21:48 - 00036864 _____ () D:\FPrograms\Power VCR II\SysRecSchedule.dll
1979-12-31 17:00 - 2008-04-14 03:42 - 01288192 _____ () C:\WINDOWS\system32\QUARTZ.dll
1979-12-31 17:00 - 2008-04-14 03:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
1979-12-31 17:00 - 2008-04-14 03:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
1979-12-31 17:00 - 2008-04-14 03:42 - 00386048 _____ () C:\WINDOWS\System32\qdvd.dll
1979-12-31 17:00 - 2008-04-14 03:42 - 00192512 _____ () C:\WINDOWS\System32\qcap.dll
2014-05-22 22:21 - 2014-05-06 19:27 - 03839088 _____ () D:\FPrograms\Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 00:51:27 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:51:27 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:51:11 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:51:11 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:49:30 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:49:30 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:47:22 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:47:22 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:43:25 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:43:25 PM) (Source: ) (EventID: 0) (User: )
Description: 6


System errors:
=============
Error: (09/23/2014 10:25:07 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0

Error: (09/21/2014 10:48:57 PM) (Source: DCOM) (EventID: 10005) (User: MAD)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/21/2014 09:50:56 PM) (Source: DCOM) (EventID: 10005) (User: MAD)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/20/2014 09:29:13 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for D:\Games\S.T.A.L.K.E.R. Shadow of Chernobyl\Settings.exe.
Reference error message: The operation completed successfully.
.

Error: (08/20/2014 09:29:13 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (08/20/2014 09:29:13 AM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (08/20/2014 08:53:07 AM) (Source: DCOM) (EventID: 10005) (User: MAD)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/09/2014 04:59:39 PM) (Source: DCOM) (EventID: 10005) (User: MAD)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/02/2014 04:49:08 PM) (Source: DCOM) (EventID: 10005) (User: MAD)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/24/2014 02:12:51 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (07/17/2014 00:51:27 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:51:27 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:51:11 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:51:11 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:49:30 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:49:30 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:47:22 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:47:22 PM) (Source: ) (EventID: 0) (User: )
Description: 6

Error: (07/17/2014 00:43:25 PM) (Source: ) (EventID: 0) (User: )
Description: 7

Error: (07/17/2014 00:43:25 PM) (Source: ) (EventID: 0) (User: )
Description: 6


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 1023.3 MB
Available physical RAM: 616.28 MB
Total Pagefile: 1828.32 MB
Available Pagefile: 1424.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:31.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Disk) (Fixed) (Total:74.5 GB) (Free:32.86 GB) NTFS
Drive h: (HP v125w) (Removable) (Total:3.73 GB) (Free:1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: C415275A)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 79EC14BA)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================

=================================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Owner (administrator) on MAD on 23-09-2014 11:13:00
Running from H:\xp
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(AVAST Software) D:\FPrograms\avast\AvastSvc.exe
(SUPERAntiSpyware.com) D:\FPrograms\SUPERAntiSpyware\SASCORE.EXE
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\OWSTIMER.EXE
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Creative Technology Ltd.) C:\Program Files\Creative\SBLive\AudioHQ\Ahqtb.exe
(GTW) C:\WINDOWS\GWMDMMSG.exe
(Roxio) D:\FPrograms\EasyCD\DirectCD\Directcd.exe
(AVAST Software) D:\FPrograms\avast\AvastUI.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(CyberLink) D:\FPrograms\Power VCR II\agent.exe
(Hauppauge Computer Works) D:\FPrograms\WinTV\WinTV2K.EXE
(Mozilla Corporation) D:\FPrograms\Firefox\firefox.exe
(AVAST Software) D:\FPrograms\avast\setup\New\instup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [GWMDMMSG] => C:\WINDOWS\GWMDMMSG.exe [90112 2002-08-06] (GTW)
HKLM\...\Run: [AdaptecDirectCD] => D:\FPrograms\EasyCD\DirectCD\DirectCD.exe [659456 2001-09-27] (Roxio)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GameDrive] => D:\FPrograms\gamedrive\GDP\gdtask.exe [167936 2006-07-21] (FarStone Technology Inc.)
HKLM\...\Run: [speed racer] => C:\Program Files\Creative\PlayCenter\CTSRReg.exe [5632 1999-11-15] (Creative Technology Ltd.)
HKLM\...\Run: [AudioHQ] => C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE [180224 2001-08-17] (Creative Technology Ltd.)
HKLM\...\Run: [updReg] => C:\WINDOWS\Updreg.exe [86016 1999-11-11] (Creative Technology Ltd.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => D:\FPrograms\avast\AvastUI.exe [3854640 2014-05-22] (AVAST Software)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [GWMDMpi] => C:\WINDOWS\GWMDMpi.exe [53248 2002-08-06] ()
HKLM\...\Run: [Agent] => D:\FPrograms\Power VCR II\Agent.exe [94208 2001-03-07] (CyberLink)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-1960408961-1993962763-725345543-1003\...\MountPoints2: {72436902-e1f8-11e3-bf65-000347dc916f} - H:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\FPrograms\avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> d:\fprograms\acrobatread\Reader\ActiveX\AcroIEHelper.ocx ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\FPrograms\SUPERAntiSpyware\SASSEH.DLL [113024 2013-04-01] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{508261D3-ED76-4DAE-94C2-D803357F582B}: [NameServer] 69.19.190.116 66.81.1.252

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-07]
FF Extension: Bitdefender QuickScan - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-09-21]
FF Extension: Flagfox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\FPrograms\avast\WebRep\FF
FF Extension: avast! Online Security - D:\FPrograms\avast\WebRep\FF [2014-05-22]
FF StartMenuInternet: FIREFOX.EXE - D:\FPrograms\Firefox\firefox.exe

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; D:\FPrograms\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-21] (SUPERAntiSpyware.com)
R2 avast! Antivirus; D:\FPrograms\avast\AvastSvc.exe [50344 2014-05-22] (AVAST Software)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [14608 1999-12-07] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\System32\ImapiRox.exe [192512 2001-08-10] (Roxio Inc.) [File not signed]
S4 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2014-05-25] () [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 MySql; C:/apache/mysql/bin/mysqld-nt.exe [1089536 2001-01-22] () [File not signed]
S3 PictureTaker; C:\WINDOWS\System32\PCTKRNT.SYS [45056 2014-05-22] (LANovation) [File not signed]
R2 SPTimer; C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE [345504 2001-02-16] (Microsoft Corporation)
S3 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [14608 1999-12-07] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec) [File not signed]
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-22] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-05-22] ()
S3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [871388 2001-08-17] (BCM)
R3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [55216 2014-05-22] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [22713 2014-05-22] (Roxio) [File not signed]
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [233344 2001-09-24] (Roxio) [File not signed]
R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [17958 2001-09-24] (Roxio) [File not signed]
R3 emu10k; C:\WINDOWS\System32\drivers\emu10k1f.sys [777088 2001-09-13] (Creative Technology Ltd.)
R3 emu10k1; C:\WINDOWS\System32\drivers\ctlface.sys [6912 2001-07-11] (Creative Technology Ltd.)
R3 fgdxbus; C:\WINDOWS\System32\DRIVERS\fgdxbus.sys [11520 2006-07-12] (FarStone Inc.) [File not signed]
R0 FGXSCSI; C:\WINDOWS\System32\DRIVERS\fgxscsi.sys [71680 2006-08-05] (FarStone Inc.) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 GTWModem; C:\WINDOWS\System32\DRIVERS\GWMDM.sys [1107680 2002-08-06] (GTW)
R3 HCWBT8XX; C:\WINDOWS\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works) [File not signed]
S3 LwAdiHid; C:\WINDOWS\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [19158 2001-09-24] (Roxio) [File not signed]
R2 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [27924 2014-05-22] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [3994624 2006-10-22] (NVIDIA Corporation)
S3 PcdrNt; C:\WINDOWS\System32\drivers\PcdrNt.sys [31968 1999-09-01] (Watergate Software Inc.) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-16] (Creative Technology Ltd.) [File not signed]
R1 pwd_2K; C:\WINDOWS\system32\Drivers\pwd_2K.sys [78486 2001-09-24] (Roxio) [File not signed]
R1 SASDIFSV; D:\FPrograms\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-04-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\FPrograms\SUPERAntiSpyware\SASKUTIL.SYS [67664 2013-04-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sfman; C:\WINDOWS\System32\drivers\sfman.sys [36992 2001-08-31] (Creative Technology Ltd.)
S3 SmartCdx; C:\WINDOWS\System32\Drivers\SmartCdx.sys [6398 2006-07-12] () [File not signed]
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [205824 2001-09-24] (Roxio) [File not signed]
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [19336 2009-01-13] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [14728 2009-01-13] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [49160 2009-01-13] (Logitech Inc.)
S4 hpt3xx; No ImagePath
S3 iscFlash; \??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys [X]
S3 PCDRDRV; system32\drivers\PCDRDRV.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 aswMBR; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\system32\Drivers\Aspi32.sys 20D04091EBA710F6988F710507D85868
C:\WINDOWS\system32\drivers\aswMonFlt.sys B347D2FEAE2D063943F16EC98634AB89
C:\WINDOWS\system32\drivers\aswRdr.sys 71A7C3DB37ED3F6118AC7FEB50574C35
C:\WINDOWS\system32\Drivers\aswRvrt.sys 84B4C00AE8CDFC52CF68F322D821F34C
C:\WINDOWS\system32\drivers\aswSnx.sys 3A50AD6AE8D8A0F78F03316F5B93FE45
C:\WINDOWS\system32\drivers\aswSP.sys B6381B4DC603C558419641BA969930E0
C:\WINDOWS\system32\drivers\aswTdi.sys 4A90E597A9AF787C4CEA0DE95C1F74A7
C:\WINDOWS\system32\Drivers\aswVmm.sys 680448905E27BBC6587ADB28597640D6
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\System32\DRIVERS\BCMDM.sys 2D39D498108C4810EF8CC1103A2A5B73
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\system32\Drivers\Cdr4_xp.sys 4AC2E023B8BBEE458816D30DB0BF149A
C:\WINDOWS\system32\Drivers\Cdralw2k.sys 7E56D7AB50E08B393B640C0BE898C752
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\Drivers\cdudf_xp.sys 623423D9906126381817D0B1002A8666
C:\WINDOWS\System32\DRIVERS\ctljystk.sys 71007BD2E1E26927FE3E4EB00C0BEEDF
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\system32\Drivers\dvd_2K.sys 963D3907EFF66A95744740BF3D11CF5E
C:\WINDOWS\System32\DRIVERS\e100b325.sys 81459BD6D8FEAADF2848AE88B3D02EC3
C:\WINDOWS\System32\drivers\emu10k1f.sys AE4E46D96E9D33790C8617E36791B576
C:\WINDOWS\System32\drivers\ctlface.sys AADC81E967C25DD7C90E150FEC6EAB74
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\System32\DRIVERS\fgdxbus.sys AAE9DCB30DA4136FE3241B3088A46009
C:\WINDOWS\System32\DRIVERS\fgxscsi.sys D821735EF92F1091C942C894303B8D1E
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\GWMDM.sys 2B34E4AACB5734BFD663C803335B11EA
C:\WINDOWS\System32\drivers\HCWBT8XX.sys E4AEF0DAACBE59B048BE0224A6D0E601
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517
C:\WINDOWS\System32\DRIVERS\LwAdiHid.sys A8FE41A339CEB3B517321A7FF0ED67C5
C:\WINDOWS\system32\Drivers\mmc_2K.sys F2541EF0121E13A037FD22A3D3EFA81A
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 68755F0FF16070178B54674FE5B847B0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\system32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1
C:\WINDOWS\system32\Drivers\MxlW2k.sys 661D806EA4154B43C0A6FC2F916F69C1
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys BA1B732C1A70CFEA0C1B64F2850BF44F
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys BA1B732C1A70CFEA0C1B64F2850BF44F
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\drivers\PcdrNt.sys AB9CE7FCF5C4FB1A65D43B126DAD601E
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\system32\PfModNT.sys 2F5532F9B0F903B26847DA674B4F55B2
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\system32\Drivers\pwd_2K.sys 6F8B084C5405172FF7298FC68E8CC9DA
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\system32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
D:\FPrograms\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
D:\FPrograms\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\sfman.sys 28B740A66CB88BE3D0CD93D5664D7D88
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\Drivers\SmartCdx.sys C97613AAE8F5DE91699D1017D85958EC
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 5252605079810904E31C332E241CD59B
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys E53E0B834895B93325E77587CBF46253
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\drivers\WmBEnum.sys 59C90BC8317BD3F6E5559A4DEAF35090
C:\WINDOWS\System32\drivers\WmVirHid.sys 0B8C64B13776F17537F0705FE62799C6
C:\WINDOWS\System32\drivers\WmXlCore.sys 8D388AEB1A12C1192AA9B4EBCEABCBA6
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 11:11 - 2014-09-23 11:13 - 00000000 ____D () C:\FRST
2014-09-22 11:13 - 2014-09-22 11:13 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Sun
2014-09-21 23:57 - 2014-09-21 23:59 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\QuickScan
2014-09-21 22:48 - 2014-09-21 22:48 - 00000540 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2014-09-21 22:48 - 2014-09-21 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 11:13 - 2014-09-23 11:11 - 00000000 ____D () C:\FRST
2014-09-23 11:13 - 2014-05-22 09:56 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-09-23 10:28 - 2014-05-22 15:35 - 00000324 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-23 10:18 - 2014-05-22 04:41 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-09-23 10:16 - 2014-05-22 13:48 - 00089098 _____ () C:\WINDOWS\system32\nvapps.xml
2014-09-23 10:16 - 2014-05-22 10:21 - 00000005 _____ () C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
2014-09-23 10:16 - 2014-05-22 09:52 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-22 14:31 - 2014-07-01 21:42 - 00032708 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-22 14:31 - 2014-05-22 09:56 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-09-22 13:21 - 2014-05-22 09:56 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-22 11:13 - 2014-09-22 11:13 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Sun
2014-09-22 00:44 - 2014-05-22 09:56 - 00000000 ____D () C:\Documents and Settings\Owner
2014-09-22 00:42 - 2014-07-02 16:49 - 00059282 _____ () C:\WINDOWS\setupapi.log
2014-09-21 23:59 - 2014-09-21 23:57 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\QuickScan
2014-09-21 23:04 - 2014-05-22 09:51 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-21 22:48 - 2014-09-21 22:48 - 00000540 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2014-09-21 22:48 - 2014-09-21 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2014-09-21 21:59 - 2014-05-22 09:56 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-21 21:32 - 1979-12-31 17:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to comment
Share on other sites

Hi. :)

 

I had to down FRST.exe with my new putter to usb drive,I then tried to copy from usb to the ol putter and it won't even copy it,so I ran the tool from the usb drive,and it worked,,weird stuff,,

Actually not a prudent move on your behalf and you have now potentially compromised your other machine if you actually reconnected the aforementioned drive to your W8 machine to post the FRST logs. If I may refer you to what I advised in post #5 and you should have merely informed myself of the problem and awaited my advice.

 

Not to worry lets secure both the USB Drive and the W8 machine you were using to download etc as follows before proceeding any further to err on the side of caution...

 

Next:

 

Download MCShield to your desktop and install.

 

It will initially run a scan and show the result as a toaster by the system clock.

 

Then in the control centre select scanner and tick unhide items on flash drives.

 

mcshield%20unhide.JPG

 

Plug in the drive and McShield will start a scan.

 

Select logs and then copy/paste it to your next post/reply for my review.

Link to comment
Share on other sites

ur right,,I'm not thinking normal,,,anyway I downed the file onto win 8 1st then put the usb in xp,I did not switch back yet,but I'm glad you warned me about that cause now I won't plug it in my win 8 til I know what's up,,looks like avast is creating sys restore points which I never seen before,,I don't know if thats from avast settings or it's protecting itself,my win xp system stopped activity again and all is normal,,the machine is fast it's not bogged down at all,I hope it's just a setting somwhere..I will do it on xp 1st til I get the results and there good..

Link to comment
Share on other sites

Hi. :)

 

Why does FRST.exe keep disappearing off my drive,,I copied it from usb to my xp sys now it's gone...why? its the only file that does that

Hmmm not actually unheard of for malware to react in such a manner but no real evidence of such so far, unless Avast is being over zealous and deleting the executable for example. Anyway we will try a different approach in due course.

 

and I cant get to http://www.mcshield.net/,,,this putter won't go there,,,maybe the site is down,,I don't Know...can u check the link???or maybe somwhere else I can get the file..

I did mean for you to download and install this software on to your W8 machine, as if I understand correctly you are meaning a problem using the XP one. My apologies for not making this clearer...

 

So to recap download and install McShield onto your W8 machine, once the scan is complete attach your USB Drive and it in turn will automatically be vaccinated. Also post the McShield log for my review please.

 

Next:

 

On the XP machine please check if you are able to boot it into Safe Mode with Networking or not. How to do so:-

 

Start-up you computer and during the POST(Power On Self Test) sequence continually depress Function Key 8(F8) to bring up the Windows Advanced Options Menu screen.

 

Note: If unable to reach the Windows Advanced Options Menu, merely perform a cold shut down and up on the next start up the machine should automatically enter the aforementioned menu.

 

Use the arrow keys to scroll down and select Safe Mode with Networking and hit the Enter/Return key.

 

If you machine is able to boot into this particular mode, then:-

  • Launch Malwarebytes' Anti-Malware as it appears to be installed >> once the GUI(graphical user interface) has loaded >> click on Dashboard >> Update Now
  • Then click on Scan >> ensure Threat Scan is selected >> Scan Now
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click on Quarantine All
  • When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Next:

 

When completed the above, please post back the following in the order asked for:

  • McShield Log.
  • Malwarebytes Anti-Malware Log.
Link to comment
Share on other sites

Yep found out that Avast deleted FRST.exe on xp system,it's all in Avast quarantine,,,Is this file safe???I find there are tools to remove it from your system...will just downloading that file do any changes to a system??I downloaded with my win 8 system and I hope it did not do any damage to it,,I did not run it I just downed it,,I really don't want to mess around with the win 8 sys since my sister uses it all the time...now I'm doing a file search with xp to locate FRST.exe and it's found in my windows prefetch folder...I'm downloading MB Now so I will run this tonight....

Link to comment
Share on other sites

Hi. :)

 

Yep found out that Avast deleted FRST.exe on xp system,it's all in Avast quarantine,,,Is this file safe???I find there are tools to remove it from your system...will just downloading that file do any changes to a system??I downloaded with my win 8 system and I hope it did not do any damage to it,,I did not run it I just downed it,,I really don't want to mess around with the win 8 sys since my sister uses it all the time...now I'm doing a file search with xp to locate FRST.exe and it's found in my windows prefetch folder...I'm downloading MB Now so I will run this tonight....

Anything I do advise you to download and or carry out is perfectly safe if may refer to a portion of what I posted prior:-

 

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

If the need we will either temp' disable Avast and or consider uninstalling then re-installing later on.

 

Anyway post the requested logs when ready and we will then go from there, thank you.

Edited by Dakeyras
Update.
Link to comment
Share on other sites

Hello again Dakeyras!!!,,I done the scan,,,did not find anything,,the xp sys is running really great,,the transmitting has stopped also,I had some running task and I stopped them,,, I think that's all it was,,,anyway please take a look at the log file...and thanks again for all your time.

----------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2014
Scan Time: 10:17:56 AM
Logfile: MBLOG.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245785
Time Elapsed: 9 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[38117e81ec8ee94d857c8f9be71d7090]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[60e997682a504ee840c264c63ec66799]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[b099f807295141f50bf83cee48bcde22]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by MOMBO
Link to comment
Share on other sites

Hi. :)

 

I am surmising you opted not to install McShield on your sisters W8 machine for the reasons stated prior. Fair play, what I propose is we vaccinate your USB/Flash Drive via another methodology(see below).

 

I done the scan,,,did not find anything

OK, though some Security Center settings were flagged. It may be you set these yourself and if so fair play if not either rerun a scan with Malwarebytes Anti-Malware and have it reset the below:-

 

Registry Data: 3

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[38117e81ec8e e94d857c8f9be71d7090]

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[60e997682a504ee840c264c63ec66799]

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[b099f807295141f50bf83cee48bcde22]

Or I can provide advise on how to adjust etc.

 

the transmitting has stopped also,I had some running task and I stopped them,,, I think that's all it was

Good, I have a rough idea which particular process's you are referring to and we can actually target those more permanently in due course. Then afterwards utilise a custom OTL script if the need etc.

 

thanks again for all your time.

You're welcome! All of the below is to be carried out on your XP machine, any problems merely stop what you are doing and inform myself.

 

Flash Disinfector:

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

 

StartUpLite:

 

Please download this small application from here.

 

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed. Reboot your machine after use.

 

Scan with OTL:

 

Please download OTL and save it to your Desktop.

  • Double-click on OTL.exe to start the application.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two notepad files in your next reply.
Next:

 

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered ?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
Link to comment
Share on other sites

Hello Dakeyras!!Yes I did disable those in Security Center settings,,I ran all 3 programs...did what you said,,,here are the OTL logs reports ,,found 3 startup programs I disabled,,,I still get some transmit going on somtimes,but everything runs great,,internet is fast for a 56 14yr old modem,,I looked at my networking utillzation processes and I see still something is using up 30%,,but not all the time,Thanks for your help on this.

-------------------------------------------------------------------------------------------------

OTL logfile created on: 9/24/2014 8:38:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloaded
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 711.70 Mb Available Physical Memory | 69.55% Memory free
1.79 Gb Paging File | 1.57 Gb Available in Paging File | 87.78% Paging File free
Paging file location(s): C:\pagefile.sys 900 1834 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 31.41 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 32.73 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: MAD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/24 20:25:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloaded\OTL.exe
PRC - [2014/09/21 21:46:56 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- D:\FPrograms\SUPERAntiSpyware\SASCORE.EXE
PRC - [2014/08/20 09:12:16 | 000,198,200 | ---- | M] (AVAST Software) -- D:\FPrograms\avast\setup\instup.exe
PRC - [2014/05/22 15:33:51 | 003,854,640 | ---- | M] (AVAST Software) -- D:\FPrograms\avast\AvastUI.exe
PRC - [2014/05/22 15:33:51 | 000,050,344 | ---- | M] (AVAST Software) -- D:\FPrograms\avast\AvastSvc.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/06 13:24:14 | 000,090,112 | ---- | M] (GTW) -- C:\WINDOWS\GWMDMMSG.exe
PRC - [2002/03/19 15:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/09/27 14:33:38 | 000,659,456 | ---- | M] (Roxio) -- D:\FPrograms\EasyCD\DirectCD\Directcd.exe
PRC - [2001/08/31 14:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2001/08/17 11:52:06 | 000,180,224 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\SBLive\AudioHQ\Ahqtb.exe
PRC - [2001/03/07 21:58:54 | 000,094,208 | ---- | M] (CyberLink) -- D:\FPrograms\Power VCR II\agent.exe
PRC - [1999/12/07 06:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/22 15:34:03 | 002,189,312 | ---- | M] () -- D:\FPrograms\avast\defs\14031900\algo.dll
MOD - [2014/05/22 15:33:53 | 019,336,120 | ---- | M] () -- D:\FPrograms\avast\libcef.dll
MOD - [2006/10/22 10:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2002/03/19 15:30:00 | 000,141,824 | ---- | M] () -- C:\WINDOWS\system32\msvdm.dll
MOD - [2002/03/19 15:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/08/10 11:14:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\ImapiRoxPS.dll
MOD - [2001/03/07 21:48:34 | 000,036,864 | ---- | M] () -- D:\FPrograms\Power VCR II\SysRecSchedule.dll
MOD - [2001/03/07 21:45:12 | 000,032,768 | ---- | M] () -- D:\FPrograms\Power VCR II\Language.dll
MOD - [2001/03/02 10:02:04 | 000,037,808 | ---- | M] () -- d:\FPrograms\AcrobatRead\Reader\ActiveX\AcroIEHelper.ocx


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/21 21:46:56 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\FPrograms\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2014/05/25 11:13:04 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2014/05/22 15:33:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- D:\FPrograms\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/05/22 10:00:35 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2014/05/06 19:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2001/08/10 11:14:14 | 000,192,512 | ---- | M] (Roxio Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ImapiRox.exe -- (ImapiService)
SRV - [2001/01/22 15:20:54 | 001,089,536 | ---- | M] () [On_Demand | Stopped] -- C:/apache/mysql/bin/mysqld-nt.exe -- (MySql)
SRV - [1999/12/07 06:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [1999/12/07 06:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys -- (iscFlash)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/05/22 15:33:54 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/05/22 15:33:54 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/05/22 15:33:54 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/22 15:33:54 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/22 15:33:54 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/22 15:33:54 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/05/22 15:33:54 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/22 10:41:40 | 000,027,924 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2014/05/22 10:19:56 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2014/05/22 10:19:56 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2013/04/01 15:42:14 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\FPrograms\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2013/04/01 15:42:08 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\FPrograms\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/01/13 17:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 17:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 17:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/04/13 22:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/08/05 04:20:36 | 000,071,680 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fgxscsi.sys -- (FGXSCSI)
DRV - [2006/07/12 04:17:24 | 000,006,398 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SmartCdx.sys -- (SmartCdx)
DRV - [2006/07/12 04:17:06 | 000,011,520 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fgdxbus.sys -- (fgdxbus)
DRV - [2006/01/25 16:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2004/08/03 20:39:32 | 000,020,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LwAdiHid.sys -- (LwAdiHid)
DRV - [2002/08/06 13:24:16 | 001,107,680 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/09/24 09:29:36 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/24 09:27:58 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/24 09:25:38 | 000,017,958 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/24 09:25:30 | 000,019,158 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/24 09:25:18 | 000,078,486 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/09/13 16:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1f.sys -- (emu10k)
DRV - [2001/08/31 11:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfman.sys -- (sfman)
DRV - [2001/08/17 06:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 05:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/07/11 09:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlface.sys -- (emu10k1)
DRV - [1999/12/16 23:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1999/09/01 11:55:24 | 000,031,968 | ---- | M] (Watergate Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1997/12/22 18:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1960408961-1993962763-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2016.82
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.142
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\FPrograms\avast\WebRep\FF [2014/05/22 15:33:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: D:\FPrograms\Firefox\plugins [2014/04/27 16:46:29 | 000,000,000 | ---D | M]

[2014/05/22 20:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2014/09/21 23:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\extensions
[2014/06/07 12:06:36 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/09/21 23:56:47 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2014/06/07 12:17:15 | 000,695,649 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dkildpmx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2014/05/22 15:33:56 | 000,000,000 | ---D | M] (avast! Online Security) -- D:\FPROGRAMS\AVAST\WEBREP\FF

O1 HOSTS File: ([2001/08/30 03:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\FPrograms\AcrobatRead\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] D:\FPrograms\EasyCD\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Agent] D:\FPrograms\Power VCR II\agent.exe (CyberLink)
O4 - HKLM..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\Ahqtb.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AvastUI.exe] D:\FPrograms\avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [GameDrive] D:\FPrograms\gamedrive\GDP\gdtask.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINDOWS\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1993962763-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1960408961-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\FPrograms\OFFICE\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{508261D3-ED76-4DAE-94C2-D803357F582B}: NameServer = 69.19.190.116 66.81.1.252
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\FPrograms\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/05/22 09:53:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/09/24 20:30:14 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/09/24 20:30:14 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{72436902-e1f8-11e3-bf65-000347dc916f}\Shell - "" = AutoRun
O33 - MountPoints2\{72436902-e1f8-11e3-bf65-000347dc916f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72436902-e1f8-11e3-bf65-000347dc916f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/24 20:30:14 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2014/09/24 10:17:34 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/24 10:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/24 10:10:16 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/09/24 10:10:16 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/09/24 10:09:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/09/23 11:11:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/22 11:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2014/09/21 23:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2014/09/21 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2014/06/26 09:33:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/24 20:15:32 | 000,089,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/09/24 20:15:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/24 20:15:10 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/24 10:17:34 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/24 10:10:25 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/23 22:31:27 | 000,000,324 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/09/23 21:48:13 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\javacpl.lnk
[2014/09/21 22:48:31 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/09/21 21:32:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/09/24 11:11:54 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2014/09/24 10:10:25 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/23 21:48:13 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\javacpl.lnk
[2014/09/21 22:48:31 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/07/17 12:21:26 | 000,000,280 | ---- | C] () -- C:\WINDOWS\game.ini
[2014/06/26 09:33:45 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2014/06/26 09:33:45 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2014/06/26 09:33:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2014/06/01 05:01:28 | 000,000,480 | ---- | C] () -- C:\WINDOWS\my.ini
[2014/05/27 06:52:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2014/05/24 21:03:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2014/05/24 19:53:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014/05/24 19:21:03 | 000,038,523 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2014/05/24 19:21:02 | 000,009,584 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2014/05/24 19:20:53 | 000,011,355 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2014/05/23 20:58:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\GWMDMpi.exe
[2014/05/22 15:34:00 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/05/22 15:33:59 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/05/22 12:42:17 | 000,000,168 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2014/05/22 12:42:17 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTDiskID.INI
[2014/05/22 12:41:43 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\Sfman.dat
[2014/05/22 12:41:43 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Ac3api.ini
[2014/05/22 11:39:09 | 000,000,309 | ---- | C] () -- C:\WINDOWS\System32\config.ini
[2014/05/22 11:38:43 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Owner\UpdateLog.GDZ
[2014/05/22 11:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2014/05/22 11:17:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDPersns.dat
[2014/05/22 11:16:38 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\GDI08X.dat
[2014/05/22 11:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RemFarStone.exe
[2014/05/22 11:10:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2014/05/22 10:19:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2014/05/22 10:09:45 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2014/05/22 10:09:45 | 000,109,056 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE
[2014/05/22 10:09:45 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2014/05/22 10:09:45 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise32.ini
[2014/05/22 10:09:45 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2014/05/22 10:09:44 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2014/05/22 10:03:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2014/05/22 09:58:14 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2014/05/22 09:57:46 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2014/05/22 09:57:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2014/05/22 09:54:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/05/22 09:51:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2014/05/22 04:45:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014/05/22 04:44:17 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 03:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2008/04/14 03:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

=================================================================================

OTL Extras logfile created on: 9/24/2014 8:38:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloaded
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 711.70 Mb Available Physical Memory | 69.55% Memory free
1.79 Gb Paging File | 1.57 Gb Available in Paging File | 87.78% Paging File free
Paging file location(s): C:\pagefile.sys 900 1834 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 31.41 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 32.73 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: MAD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1960408961-1993962763-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\FPrograms\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\FPrograms\OFFICE\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\FPrograms\OFFICE\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More
"{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}" = HelpSpot
"{901D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage Server Extensions 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A11BF78C-D690-4663-8491-3101BC9ED243}" = MGI PhotoSuite
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{C1939820-A945-11D4-86F6-0001031E5712}" = DVD Player
"{D5BB0907-4BB2-46A3-AA68-0173D111058D}" = GameDrive
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2}" = Agatha Christie - And Then There Were None
"{F0BA5720-E189-11D4-9EA1-0050BAE317E1}" = PowerVCR II
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"Crimson Editor" = Crimson Editor (remove only)
"ERUNT_is1" = ERUNT 1.1j
"Gateway Desktop Manager" = Gateway Desktop Manager
"Gateway IE Customizations" = Gateway IE Customizations
"Gateway Power Management" = Gateway Power Management
"GTW V.92 Voice Modem" = GTW V.92 Voice Modem
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Indeo® software" = Indeo® software
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"MusicMatch Update" = MusicMatch Update
"NVIDIA Drivers" = NVIDIA Drivers
"PCDoctor" = PC-Doctor for Windows
"PHPTriad" = PHPTriad (remove only)
"PROSet" = Intel® PRO Ethernet Adapter and Software
"PX: {34E29B52-7A91-4D77-A91F-1131E1697C16}" = DoMore
"Revo Uninstaller" = Revo Uninstaller 1.95
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"Speccy" = Speccy
"VSO Inspector_is1" = VSO Inspector 2.0.2
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2014 9:44:16 PM | Computer Name = MAD | Source = Application Error | ID = 1000
Description = Faulting application ac.exe, version 0.0.0.0, faulting module ac.exe,
version 0.0.0.0, fault address 0x0002d480.

Error - 5/31/2014 9:53:13 PM | Computer Name = MAD | Source = Application Error | ID = 1000
Description = Faulting application ac.exe, version 0.0.0.0, faulting module ac.exe,
version 0.0.0.0, fault address 0x0002d480.

Error - 5/31/2014 9:58:23 PM | Computer Name = MAD | Source = Application Error | ID = 1000
Description = Faulting application ac.exe, version 0.0.0.0, faulting module ac.exe,
version 0.0.0.0, fault address 0x0002d480.

Error - 6/2/2014 9:06:15 PM | Computer Name = MAD | Source = Application Error | ID = 1000
Description = Faulting application porsche.exe, version 0.0.0.0, faulting module
dx7z.dll, version 8192.3.1.6482, fault address 0x000147c4.

[ System Events ]
Error - 8/20/2014 12:29:13 PM | Computer Name = MAD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for D:\Games\S.T.A.L.K.E.R. Shadow
of Chernobyl\Settings.exe. Reference error message: The operation completed successfully.
.

Error - 9/22/2014 12:50:56 AM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 9/22/2014 1:48:57 AM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 9/23/2014 1:25:07 PM | Computer Name = MAD | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/24/2014 1:02:56 AM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 9/24/2014 1:02:58 AM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 9/24/2014 1:03:00 AM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 9/24/2014 1:17:06 PM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/24/2014 1:18:35 PM | Computer Name = MAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswRvrt aswSnx aswSP aswTdi aswVmm Fips intelppm SASDIFSV SASKUTIL

Error - 9/24/2014 2:11:19 PM | Computer Name = MAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

===========================================================================

Link to comment
Share on other sites

I notice that after I connect to the internet after about a min or so my pointer changes to the hour glass and then transmit starts on my modem,I see the activity kick on the taskbar modem icon...somthing starts up after a min when I connect....usally it would be Avast updating itself but that usally stops after a few min...do you notice anything it can be?somtimes it stops but it's been on more then it's off,,this happens with no browser open yet...

Link to comment
Share on other sites

Hi. :)

 

Yes I did disable those in Security Center settings,,

OK.

 

found 3 startup programs I disabled,,,I still get some transmit going on somtimes,but everything runs great,,internet is fast for a 56 14yr old modem,,I looked at my networking utillzation processes and I see still something is using up 30%,,but not all the time

Good and regarding the latter you mentioned, we will address shortly(custom otl script).

 

I notice that after I connect to the internet after about a min or so my pointer changes to the hour glass and then transmit starts on my modem,I see the activity kick on the taskbar modem icon...somthing starts up after a min when I connect....usally it would be Avast updating itself but that usally stops after a few min...do you notice anything it can be?somtimes it stops but it's been on more then it's off,,this happens with no browser open yet...

Acknowledged, lets proceed as follows shall we...

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

 

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\pcp-backup
and click on OK.

 

Custom OTL Script:

  • Double-click on OTL.exe to start the program.
  • Copy the lines from the code-box to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]

:OTL
O4 - HKLM..\Run: []  File not found
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
2014/09/22 11:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2014/09/23 21:48:13 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\javacpl.lnk

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"=-
"Agent"=-
"AudioHQ"=-
"GWMDMMSG"=-
"GWMDMpi"=-
"Speed racer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"=-
"2869:TCP"=-

:Commands
[ResetHosts]
[EmptyTemp]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

Check Hard Disk For Errors:

 

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and copy and paste in:

 

 

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
and click on OK.

 

A blank command window will open on your desktop, then close in a few minutes. This is normal.

 

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this Notepad file in your next reply.

 

Next:

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Check Hard Disk For Errors Log.
Link to comment
Share on other sites

Hello Dakeyras! Ok I done all that,starts much faster now, here are the log files,,I still get the transmit going,,I notice my tv taskbutton is not there anymore,,I'm sure I can set it up again though..no big deal...

=========================================================

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\Owner\Desktop\javacpl.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Downloaded\cmd.bat deleted successfully.
D:\Downloaded\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\AD-AWARE.EXE-15250E75.pf moved successfully.
C:\WINDOWS\prefetch\AD-WATCH.EXE-1005298B.pf moved successfully.
C:\WINDOWS\prefetch\AHQTB.EXE-11C1B32B.pf moved successfully.
C:\WINDOWS\prefetch\ASWMBR.EXE-09F6B212.pf moved successfully.
C:\WINDOWS\prefetch\ASWOFFERTOOL.EXE-089FC482.pf moved successfully.
C:\WINDOWS\prefetch\ATTRIB.EXE-39EAFB02.pf moved successfully.
C:\WINDOWS\prefetch\AUDIOHQ.EXE-2D225521.pf moved successfully.
C:\WINDOWS\prefetch\AVASTEMUPDATE.EXE-123481D4.pf moved successfully.
C:\WINDOWS\prefetch\AVBUGREPORT.EXE-23C2E521.pf moved successfully.
C:\WINDOWS\prefetch\BROWSERCLEANUP.EXE-2112F3B5.pf moved successfully.
C:\WINDOWS\prefetch\CCLEANER.EXE-0BA487C6.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\CONTROL.EXE-013DBFB5.pf moved successfully.
C:\WINDOWS\prefetch\CSCRIPT.EXE-1C26180C.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DEVLDR32.EXE-2CF621DF.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DMADMIN.EXE-00BCB146.pf moved successfully.
C:\WINDOWS\prefetch\DMREMOTE.EXE-2F82CB90.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-25E12BCC.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-29380680.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FIND.EXE-0EC32F1E.pf moved successfully.
C:\WINDOWS\prefetch\FINDSTR.EXE-0CA6274B.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-1E53C0C9.pf moved successfully.
C:\WINDOWS\prefetch\FLASH_DISINFECTOR.EXE-1F98D2B5.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IISRESET.EXE-21AD4665.pf moved successfully.
C:\WINDOWS\prefetch\IISRSTAS.EXE-002B9FFB.pf moved successfully.
C:\WINDOWS\prefetch\IMAPIROX.EXE-118350FC.pf moved successfully.
C:\WINDOWS\prefetch\INETINFO.EXE-04CDB6D9.pf moved successfully.
C:\WINDOWS\prefetch\INSTUP.EXE-060519B0.pf moved successfully.
C:\WINDOWS\prefetch\INSTUP.EXE-08704004.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.
C:\WINDOWS\prefetch\JAVASETUP7U67[1].EXE-2F106392.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MBAM-SETUP-2.0.2.1012.EXE-00775277.pf moved successfully.
C:\WINDOWS\prefetch\MBAM-SETUP-2.0.2.1012.TMP-0AD67CB0.pf moved successfully.
C:\WINDOWS\prefetch\MBAM.EXE-0DC44F5F.pf moved successfully.
C:\WINDOWS\prefetch\MBAMGUI.EXE-2F858ADD.pf moved successfully.
C:\WINDOWS\prefetch\MMC.EXE-0A5AF4A1.pf moved successfully.
C:\WINDOWS\prefetch\NET.EXE-01A53C2F.pf moved successfully.
C:\WINDOWS\prefetch\NET1.EXE-029B9DB4.pf moved successfully.
C:\WINDOWS\prefetch\NIRCMD.EXE-2BFC178F.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-189578DA.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-059F9016.pf moved successfully.
C:\WINDOWS\prefetch\OWSTIMER.EXE-1DD192C8.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-031B8F87.pf moved successfully.
C:\WINDOWS\prefetch\PV.EXE-00B81E71.pf moved successfully.
C:\WINDOWS\prefetch\RASAUTOU.EXE-18B88A68.pf moved successfully.
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\prefetch\RSTRUI.EXE-03C49A96.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-12261B41.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-155CD7BB.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-157EC615.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-16CCC206.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1831A4F3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-188DF14E.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2341BBC5.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2576181F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-294157D4.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2A94BB85.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2CD85FD3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2E5AF1D7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-309D7837.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-311943EE.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-37BEE96E.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-42AB1A81.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-44A0B4BC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\SASCORE.EXE-07AC0F57.pf moved successfully.
C:\WINDOWS\prefetch\SPECCY.EXE-327EBD68.pf moved successfully.
C:\WINDOWS\prefetch\SSUPDATE.EXE-08B3DB60.pf moved successfully.
C:\WINDOWS\prefetch\STARTUPLITE-SETUP-1.07.EXE-071200D9.pf moved successfully.
C:\WINDOWS\prefetch\SUPERANTISPYWARE.EXE-31212173.pf moved successfully.
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-0CE235B0.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VS7JIT.EXE-283CD9D2.pf moved successfully.
C:\WINDOWS\prefetch\WINPATROL.EXE-056F184F.pf moved successfully.
C:\WINDOWS\prefetch\WINPATROLEX.EXE-2E1DF9F2.pf moved successfully.
C:\WINDOWS\prefetch\WINTV2K.EXE-05A3F73F.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2N.TMP-05E5CB2B.pf moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdaptecDirectCD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Agent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AudioHQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GWMDMMSG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GWMDMpi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Speed racer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.MAD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 268 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 164940866 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 460982064 bytes
->Flash cache emptied: 1131 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1676385 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 974537 bytes

Total Files Cleaned = 600.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09252014_122951

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

====================================================================================

 

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Repairing Usn Journal file record segment.
Usn Journal verification completed.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

39078080 KB total disk space.
5303354 KB in 21740 files.
6220 KB in 1823 indexes.
0 KB in bad sectors.
260957 KB in use by the system.
65536 KB occupied by the log file.
33507548 KB available on disk.

512 bytes in each allocation unit.
78156161 total allocation units on disk.
67015097 allocation units available on disk.

=============================================================================

Link to comment
Share on other sites

Found my problem,,,A.V.A.S.T.....(((instup.exe))),,,this starts up when i connect to the internet after a min,,i watched my task mgr when i connected a this thing starts up ....i goog this and im not the only 1 with problems with it...i might hav2 change my av soon...

Link to comment
Share on other sites

Hi. :)

 

starts much faster now

Good.

 

I notice my tv taskbutton is not there anymore,,I'm sure I can set it up again though..no big deal...

No real need for this to become active/present with every system start-up and merely keep as on-demand. However if you wish for it to be so again merely create and run the custom batch file below...

 

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@echo off
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\pcp-backup2
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Agent" /t REG_SZ /d "D:\FPrograms\Power VCR II\Agent.exe" /f
shutdown -r -t 1
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Dakeyras.jpg
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed and your machine will automatically reboot.

 

Next:

 

Found the fix for this ,,,had to disable self defense in avast,then stop the running task,,,all is good now.....

Ok fair play and good to know re Avast. With regard to alternative anti-virus software, I'm afraid practically nothing else freeware that is still XP compatible far as I am aware so best stick with Avast for now.

 

Your hard drive could do with some in-depth maintenance:-

 

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

Which we will address shortly, plus I would like for your good self to run one last scan as final check to err on the side of caution.

 

Hard-Drive Maintenance/Repair:

 

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process

Would you like to schedule this volume to be checked next time the system

restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

 

You should see a screen like this just after the Post(power on self test) screen:

 

ChkDsk01.png

 

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

 

Scan with Panda Cloud Cleaner:

 

Please download Panda Cloud Cleaner and save to your desktop.

 

Alternate downloads are here and here.

 

Note: You will need to disable your current installed Anti-Virus, how to do so can be read here and close all open applications/windows.

  • Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
  • Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
  • Please be patient as the scan may take some time to complete depending on your system's specifications.
  • Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
  • Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
  • Save this to your desktop and post the contents in your next reply.
  • Then click on Back >> Exit
Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish. Plus do not forget to re-enable your Anti-Virus application after running the above scan!

 

Next:

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Panda Cloud Cleaner Log.
Edited by Dakeyras
Forum software/BB-Code issuies.
Link to comment
Share on other sites

Hello!!!!OK Will try it all out,,,Ur a real surgeon,,my xp sys is doing great now,,freed up 44% cpu,and networking ,,,I see the results on my c drive now,I did'nt even know this ,,maybe it;s time to get some new drives for it,,,there pretty old....Thx my friend!!!!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...