[sue dinym]

greetings geeks!

i feel like i was just in here and got some great help, but my computer is slowing, noticeably, again. which is to say that upon start up, it takes more than 5 minutes for the computer to start responding to my clicks, and frequently when browsing online the screens will be unresponsive for a minute or two.

also MBAM has crashed twice in the last couple days.

also this may be related since i've installed avast and online armor, i'm consistently getting an error message in my autoCAD program (autoCAD LT 2004 if that matters) that says: FATAL ERROR Unhandled Access Violation Reading 0x0054 Exception at 72cbc4h. just added autocad to my trusted folder in avast, but don't know if i'll have to restart for that to take affect?

two things seems related:

1. i'd been running the trend micro pc-cillin firewall for years, and then their "platinum" version came out and just made everything move increeeeeeeedibly slow. so i disabled it for awhile, thinking i would go back to using some freeware. but it took me about a month to make time to do that, so in the meantime i was online basically unprotected except for the windows firewall and malwarebytes' anti-malware. i figure i must have accumulated some malware in that time, but the MBAM quick scan has been coming up clean.

2. then i downloaded online armor and avast, and i'm guessing that they're doing good things. but the computer's been crashing more than before. so i don't know if i've got malware that's ruining everything, or if i don't have the three programs well-configured to work together.

i also have spywareblaster. do i need to turn that on when i start up? sorry if that's a dumb question. i'm perpetually behind the times on this stuff.

oh! final thing: i always see a double-underlined link on my sign-in page to geeks-to-go. is that a paid ad, or is that adware on my computer? i'm not seeing them elsewhere when i browse.


thanks so much everybody.

best -- sue

**********
OTL LOG


OTL logfile created on: 4/5/2013 4:53:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Meddle\Desktop\fight club
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 308.22 Mb Available Physical Memory | 30.39% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 7.28 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 403.41 Gb Free Space | 43.31% Space Free | Partition Type: NTFS

Computer Name: CASCADE | User Name: Meddle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Meddle\Desktop\fight club\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Online Armor\oasrv.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\13040501\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_shn.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_linein.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files\Winamp\System\playlist.w5s ()
MOD - C:\Program Files\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files\Winamp\System\watcher.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_local.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_nowplaying.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_wire.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Program Files\Winamp\System\jnetlib.w5s ()
MOD - C:\Program Files\Winamp\System\aacPlusDecoder.w5s ()
MOD - C:\Program Files\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_history.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files\Winamp\System\tagz.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_online.dll ()
MOD - C:\Program Files\Winamp\System\xml.w5s ()
MOD - C:\Program Files\Winamp\System\png.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Program Files\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Winamp\nde.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_xpdxs.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Winamp\Plugins\read_file.dll ()
MOD - C:\Program Files\Winamp\Plugins\freeform\wacs\jpgload\jpgload.wac ()
MOD - C:\Program Files\Winamp\Plugins\in_mpc.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flac.dll ()
MOD - C:\WINDOWS\system32\ngprtserv.dll ()


========== Services (SafeList) ==========

SRV - (getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Sentinel RMS License Manager) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe (SafeNet, Inc.)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (bckd) -- C:\WINDOWS\system32\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (echo1394) -- C:\WINDOWS\system32\drivers\echo1394.sys (Echo Digital Audio Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS ()
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 F4 EA 33 ED AC CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F BD FE 10 ED B9 29 4C A8 69 03 9F 26 C0 31 67 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2AC18CD2-D729-498D-AB8C-79683DB8FFBA}
IE - HKCU\..\SearchScopes\{2AC18CD2-D729-498D-AB8C-79683DB8FFBA}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/23 16:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ [2013/02/21 17:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/02 12:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/02 13:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/02 13:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/10/11 17:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Extensions
[2011/02/16 17:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/12/09 13:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\b8sfkssw.default\extensions
[2013/01/31 13:08:25 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\b8sfkssw.default\searchplugins\youtube.xml
[2013/03/10 21:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/02 12:27:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/10 21:09:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/26 21:50:40 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/14 14:54:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148501628630 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D286BE99-4C0C-4FDE-9DF9-42F3978FEDC0}: DhcpNameServer = 208.67.222.222 208.67.220.220 8.8.4.4
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Meddle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meddle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/26 09:23:22 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/05 16:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Desktop\fight club
[2013/04/02 13:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/04/02 13:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/04/02 13:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/04/02 12:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/04/02 12:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/04/02 12:28:25 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/04/02 12:28:24 | 000,368,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/04/02 12:28:21 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/04/02 12:28:20 | 000,062,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/04/02 12:28:19 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/04/02 12:28:13 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/04/02 12:28:12 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/04/02 12:26:48 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/04/02 12:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/04/02 12:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/04/02 12:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/04/02 12:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/04/02 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/04/02 12:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Application Data\OnlineArmor
[2013/04/02 12:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013/04/02 12:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2013/04/02 12:08:44 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2013/04/02 12:08:44 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2013/04/02 12:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2013/04/01 16:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/10 21:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/04/05 17:05:09 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/05 16:48:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/05 16:33:24 | 000,000,109 | ---- | M] () -- C:\WINDOWS\System32\prsrvk.tgz
[2013/04/05 16:33:24 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\prsrvk.dll
[2013/04/05 16:33:21 | 000,000,086 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2013/04/05 16:33:20 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\nsprs.dll
[2013/04/05 16:32:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/05 16:32:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 16:32:12 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 10:57:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/04 14:19:46 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Meddle\My Documents\aclt.err
[2013/04/04 14:19:45 | 000,006,039 | ---- | M] () -- C:\Documents and Settings\Meddle\My Documents\acltstk.dmp
[2013/04/02 12:28:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/04/02 12:28:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/02 12:15:21 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/04/02 12:09:10 | 000,477,306 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/02 12:09:10 | 000,078,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/02 12:08:45 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\Online Armor.lnk
[2013/04/02 11:27:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/01 16:52:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/23 12:34:42 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\burnaware.ini
[2013/03/18 19:47:47 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer.lnk
[2013/03/18 19:42:46 | 000,097,943 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\winter's come and gone.jpg
[2013/03/13 17:54:36 | 000,198,311 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\734444_168484869969208_2141781502_n.jpg
[2013/03/12 09:34:07 | 000,026,129 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\rka VoiceDetails.csv
[2013/03/12 09:33:43 | 000,022,788 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\VoiceDetails.csv
[2013/03/12 09:32:40 | 000,114,071 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\verizon statement.pdf

========== Files Created - No Company Name ==========

[2013/04/02 12:28:27 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/04/02 12:28:18 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/02 12:28:18 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/02 12:28:17 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/02 12:15:21 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/04/02 12:08:45 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\Online Armor.lnk
[2013/04/02 12:08:44 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2013/04/02 12:08:43 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2013/04/01 16:52:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/18 19:42:44 | 000,097,943 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\winter's come and gone.jpg
[2013/03/13 17:54:33 | 000,198,311 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\734444_168484869969208_2141781502_n.jpg
[2013/03/12 09:34:06 | 000,026,129 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\rka VoiceDetails.csv
[2013/03/12 09:33:42 | 000,022,788 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\VoiceDetails.csv
[2013/03/12 09:32:38 | 000,114,071 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\verizon statement.pdf
[2013/02/19 14:46:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\w_madriver.dll
[2013/01/15 16:15:00 | 000,032,268 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2013/01/15 14:20:55 | 140,199,357 | ---- | C] () -- C:\Program Files\paperport.zip
[2013/01/02 15:20:54 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\burnaware.ini
[2012/11/09 11:42:13 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\poetsch.bat
[2012/10/14 16:32:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\System32\prsrvk.dll
[2012/10/14 16:32:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2012/10/14 14:58:31 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/10/12 19:41:56 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\store-pp.jbs
[2012/08/19 13:15:59 | 000,041,528 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/08/09 17:05:50 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/03/04 14:39:38 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012/03/04 14:38:52 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\rvkauth2.dll
[2012/03/04 14:38:51 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\rvkauth1.dll
[2012/02/15 11:23:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/20 16:21:46 | 025,552,579 | ---- | C] () -- C:\Program Files\cool backup info.zip
[2011/07/20 11:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/18 22:10:49 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/04/18 22:10:49 | 000,017,766 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2007/01/09 13:25:54 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/13 10:26:31 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/26 10:34:21 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\PFP120JPR.{PB
[2006/05/26 10:34:21 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\PFP120JCM.{PB
[2006/05/24 13:07:03 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\fusioncache.dat
[2006/05/21 13:55:19 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2005/08/16 02:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/11 13:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2006/05/24 15:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/04/02 12:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/04 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/02/27 11:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2013/04/02 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/04/03 12:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013/01/15 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/05 11:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/04/07 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/07 11:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2013/04/03 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/12 10:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracktion 2
[2010/09/05 11:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2013/01/15 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2010/09/28 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/04 17:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{55BB476E-39AF-4872-82A7-A1D535E12361}
[2010/03/04 11:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/21 14:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Amazon
[2011/11/23 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\AnvSoft
[2012/12/11 16:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Auslogics
[2006/05/24 15:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Autodesk
[2012/10/17 13:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Azureus
[2009/07/15 15:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Canneverbe_Limited
[2008/04/07 13:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Canon
[2012/09/13 15:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\dBpoweramp
[2011/11/23 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\DDMSettings
[2013/01/23 13:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Dropbox
[2008/06/06 11:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Echo AudioFire Console
[2012/12/09 14:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Foxit Software
[2013/01/17 14:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\freac
[2010/10/21 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\FreeAudioPack
[2008/07/18 07:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\iPodder
[2010/09/05 11:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Leadertech
[2006/06/13 10:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Mathsoft
[2013/04/02 12:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\OnlineArmor
[2011/02/17 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\QuickScan
[2013/01/15 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\ScanSoft
[2011/02/16 17:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Thunderbird
[2013/04/05 12:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\uTorrent
[2013/01/17 17:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\WinFF
[2013/01/15 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by sue dinym, 05 April 2013 - 08:54 PM.

[Advertisements]

Hi sue dinym and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:

• Please watch this topic.
• Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
• Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
• You must reply within 3 days or your topic will be closed

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

Step 1:

• Download GMER to your desktop.
• Run randomly named exe file
  
• Wait to finish pre-scan. If any rootkit activity has been detected:
  
• Click No
• Then press Copy button, open notepad, paste and save as pregmer.txt on your desktop. Don't try to fix it. They may be false positives! Do full scan.
• Unselect Quick scan.
• Select C:\
  
• Note: If your system partition is not C, select right partition.
• Press Scan button.
• This scan may take long, be patient and wait for finish:
  
• Then press Copy button, open notepad, paste and save as gmer.txt on your desktop.
• Post all gmer logs.

Step 2:
Please open in notepad C:\Documents and Settings\Meddle\Desktop\fight club\Extras.txt file. Copy (Edit->Select All, Edit->Copy) the content and paste into your reply.



Step 3:
Manually navigate and delete folowing files:
C:\Documents and Settings\Meddle\Desktop\fight club\OTL.exe
C:\Documents and Settings\Meddle\Desktop\fight club\OTL.txt
C:\Documents and Settings\Meddle\Desktop\fight club\Extras.txt
Then download OTL to your Desktop.

Step 4:
Check file online:

• Please go to Virus Total
• Click on the button Choose File
• Copy/paste this file and path into the white box beside File Name in the window that pops up:
  

  C:\WINDOWS\System32\prsrvk.tgz

• Press Scan it- this will submit the file for testing.
• Please wait for all the scanners to finish then copy and paste the results in your next response.

Step 5:
OTL looks very good, after I post next instruction, please try to make more free space on C drive. Windows needs at least 20% free space on system drive.

In your next post I want to see:

• Log from Extras.txt
• All GMER logs.
• VirusTotal check result

Edited by crooleeck, 07 April 2013 - 10:51 AM.

[crooleeck]

Hi sue dinym and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:

• Please watch this topic.
• Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
• Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
• You must reply within 3 days or your topic will be closed

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

Step 1:

• Download GMER to your desktop.
• Run randomly named exe file
  
• Wait to finish pre-scan. If any rootkit activity has been detected:
  
• Click No
• Then press Copy button, open notepad, paste and save as pregmer.txt on your desktop. Don't try to fix it. They may be false positives! Do full scan.
• Unselect Quick scan.
• Select C:\
  
• Note: If your system partition is not C, select right partition.
• Press Scan button.
• This scan may take long, be patient and wait for finish:
  
• Then press Copy button, open notepad, paste and save as gmer.txt on your desktop.
• Post all gmer logs.

Step 2:
Please open in notepad C:\Documents and Settings\Meddle\Desktop\fight club\Extras.txt file. Copy (Edit->Select All, Edit->Copy) the content and paste into your reply.



Step 3:
Manually navigate and delete folowing files:
C:\Documents and Settings\Meddle\Desktop\fight club\OTL.exe
C:\Documents and Settings\Meddle\Desktop\fight club\OTL.txt
C:\Documents and Settings\Meddle\Desktop\fight club\Extras.txt
Then download OTL to your Desktop.

Step 4:
Check file online:

• Please go to Virus Total
• Click on the button Choose File
• Copy/paste this file and path into the white box beside File Name in the window that pops up:
  

  C:\WINDOWS\System32\prsrvk.tgz

• Press Scan it- this will submit the file for testing.
• Please wait for all the scanners to finish then copy and paste the results in your next response.

Step 5:
OTL looks very good, after I post next instruction, please try to make more free space on C drive. Windows needs at least 20% free space on system drive.

In your next post I want to see:

• Log from Extras.txt
• All GMER logs.
• VirusTotal check result

Edited by crooleeck, 07 April 2013 - 10:51 AM.

[sue dinym]

hi!

thanks for taking up my case, i'm super happy that my problem can be used to help train someone in the geek arts.

so, i tried to run the GMER scan, and it got frozen on something that said something like "SOFTWARE/classes/CLSDI/{bunch of numbers}/"

and then some other stuff, but the screen went blank before i could write it all down. which is weird, because it had been stuck there for like 15 minutes. but i tried doing cntrl+alt+del to see if it was unresponsive, and maybe that's why it went blank on me?

anyway, is it unusual for GMER to crash a computer?

also, should i have disabled MBAM, avast and my firewall before running it?

finally, my laptop is a dell inspiron. and the battery light is now on a steady pattern of 4 quick orange flashes and then a longer flash of green. my battery hasn't carried a charge for years, i always have to have it plugged in, and it was plugged in when this started. any ideas on what that might mean? the computer still seems to run okay with that flashing going on.



thanks. once my computer is on again, i'll try running GMER again...best -- sue

[crooleeck]

GMER scan is long. However if it fail again, just go to step two. We have more tools

[sue dinym]

hi -

things have gotten waaaay worse since i ran GMER a second time.

in the middle of the scan the computer shut itself down, i got the blue screen with white letters. it said 'PEN_LIST_CORRUPT' and that it shut itself down to prevent damage to the computer.

and now the keyboard seems affected! if i type at my regular speed about 1/3 of the letters don't appear! ah!

for example, i'll type that last sentence again at a regular rate and you can see;
"ad no te keyborad sems afted! i i type ate regular spe abot 1/ f he ltes dno't apear1 ah1"

i have to type about 5 letters per second or else it doesn't show up.

finally, when i restarted, firefox couldn't get online until i shut-down Online Armor, even tho firefox is on its "allowed" list of programs.

...still nervous about my flashing battery light, any thought there?

OTL EXTRAS LOG
there was no extras log generated.

gmer log
it never ran to completion, i cannot find any logs to post.


virus count results
SHA256: 948a3aae85545ef29bec718116c6e61778e9328cb76630f60502496ebd3b6de5
SHA1: d35b749b3cd5c1000dd94bbb6b2e87f964ffbb58
MD5: ad00858a849b4f415dd609e44310ffc7
File size: 109 bytes ( 109 bytes )
File name: prsrvk.tgz
File type: unknown
Detection ratio: 0 / 46
Analysis date: 2013-04-09 21:44:10 UTC ( 0 minutes ago )

[crooleeck]

sue dinym, please try just turn off notebook and remove battery for few seconds.

Step 1:
OTL fix:
Please copy following script:

:commands
[createrestorepoint]
[emptytemp]

Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

Step 2:
Please try to make more free space on C drive. Windows needs at least 20% free space on system drive. If you have photos or movies, please transfer them to another disk or burn on DVD.

Step 3:
If you have at least 20% free space, please defrag all partitions:
Click Menu Start -> All Programs -> Accessories -> System tools -> Disk Defragmenter and click Defragment disk button. Repeat for all partitions.

[sue dinym]

My computer is now taking up to 20 minutes to start. Is there a way to start in safe mode that'll allow me to set the temp restore point quicker? Taking 40 minutes to set a restore point to a place where the computer is basically nonfunctional doesn't make any sense to me . When do we fix it?

From my phone...

[crooleeck]

sue dinym we will fix it a fast as possible

Please tell how about free space? Can you try do at least 20%? In safemode should be faster.

[sue dinym]

i now have 15 gigs of freespace, have not defragged yet.

ran the OTL thing in safe mode. when i restarted in regular mode it still took about 10 minutes for the computer to turn on. i've uninstalled online armor, avast! and deleted GMER in hopes that they were causing the problem. but everything is still rotten.

here's the OTL log:

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Meddle
->Temp folder emptied: 491060008 bytes
->Temporary Internet Files folder emptied: 9580145 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93414723 bytes
->Flash cache emptied: 69648 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169422521 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 241446501 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 959.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04102013_135608

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[crooleeck]

Step 1: To battery signalization:
Please try unplug AC, work on battery to the end. Then plug AC and it should be work properly.

Step 2:

• Please download aswClear on your desktop.
• Restart your computer in Safe Mode.
• Open (execute) the uninstall utility
• Note: If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
• Click REMOVE
• Restart your computer.

Step 3: Start the System Configuration Utility

1.Click Start, click Run, type msconfig, and then click OK.
2.The System Configuration Utility dialog box is displayed.

Step 4: Configure selective startup options

1.In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2.Click to clear the Process SYSTEM.INI File check box.
3.Click to clear the Process WIN.INI File check box.
4.Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5.Click the Services tab.
6.Click to select the Hide All Microsoft Services check box.
7.Click Disable All, and then click OK.
8.When you are prompted, click Restart to restart the computer.

Is computer working faster?

[sue dinym]

hello!

yes, the computer is definitely working faster now, and autocad is running without a problem.

what do we do next? should i pretty much stay offline except for this and gmail until we decide to reinstall a firewall and anti-virus?


curiously, the word "computers" is still double-underlined on this page with an adlink when i mouse over it:
http://www.geekstogo...l&section=login

no other double-underlines when i browse.

Edited by sue dinym, 11 April 2013 - 04:19 PM.

[crooleeck]

Step 1:
Install antivirus:
It's first line to keep system clean. Install only one of following:

• Avast
• Microsoft Security Essentials
• Comodo
• Avira free antivirus
• Panda Cloud Antivitus

I like the last one - different cloud technology, fast and light.

Step 2:
You're running Windows XP. Built-in firewall does't secure your system as well. I'm suggesting install Comodo or ZoneAlarm.

Step 3:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 / 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  
  
  
  
• Now click on:
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 4:
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Before you finished, on Completing the Malwarebytes Anti-Malware Setup Wizard tab untick Enable free trial of Malwarebytes Anti-Malware PRO

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&amp;Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

In your next post I want to see:

• ESET log
• MBAM log

[sue dinym]

okay, both scans came up clean, logs are below.

so, is it just time to get a new computer? things are still moving real slow, compared to a month ago. i can spend $350 and get a brand new laptop w/ 4x the RAM and all the rest from best buy and that wouldn't put me in the poorhouse.

if a new laptop is the way to go, should i hop to a different forum if i have questions about making the shift from windows XP to windows 8 (or whatever they come with now?). i've heard nightmares about microsoft's latest operating systems.

or maybe i could partition my drive, install windows xp home edition on part of it (i have the discs) and just never go online from there and only use it for autocad -- then it'd be virus-safe and i wouldn't need all these microsoft updates and firewalls etc, and run a linux system on the other portion? would that make sense?

anyway, the logs:

MBAM
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Meddle :: CASCADE [administrator]

Protection: Disabled

4/17/2013 11:15:11 AM
mbam-log-2013-04-17 (11-15-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234985
Time elapsed: 31 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET LOG
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c4075d056d9bac4787911cae4eee2f2d
# engine=13633
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-17 09:46:39
# local_time=2013-04-17 02:46:39 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1791 16777215 0 0 0 0 0 0
# compatibility_mode=3074 16777214 100 84 0 11695021 0 0
# scanned=185822
# found=0
# cleaned=0
# scan_time=25440

Edited by sue dinym, 17 April 2013 - 01:13 PM.

[crooleeck]

OK, I need to consult our options. I'll post as fast I can.

[crooleeck]

In middle time, could you post aswMBR log?

i feel like i was just in here and got some great help, but my computer is slowing, noticeably, again. which is to say that upon start up, it takes more than 5 minutes for the computer to start responding to my clicks, and frequently when browsing online the screens will be unresponsive for a minute or two.

How now? Worse/better?

also this may be related since i've installed avast and online armor, i'm consistently getting an error message in my autoCAD program (autoCAD LT 2004 if that matters) that says: FATAL ERROR Unhandled Access Violation Reading 0x0054 Exception at 72cbc4h. just added autocad to my trusted folder in avast, but don't know if i'll have to restart for that to take affect?

I believe we fixed it. Am I right?

yes, the computer is definitely working faster now, and autocad is running without a problem.

It's DELL inspiron. Please post model. You can use HWINFO32.