Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Heuristic Virus detected -- Ati2dvag issue [Closed]


  • This topic is locked This topic is locked

#1
sdmarie

sdmarie

    Member

  • Member
  • PipPip
  • 23 posts
Heuristic Virus detected -- Ati2dvag issue

Downloaded Java update and it appears it came with several viruses.
PC takes approx 7 minutes to start windows and immediately crashes when several browsers are open.

I continue to receive msg: A problem with your PC has been detected and windows has been shut down
to prevent further damage to your computer.

Help seems needed!

Thank you in advance,
Marie
  • 0

Advertisements


#2
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello, sdmarie and :welcome:

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process! :)

Also, I ask that you please stay here through the entire malware removal process. Leaving midway can cause more complications as the malware will not be fully removed. Once agian, please stay here until the malware removal process is complete.


Here are some general steps to follow during the clean up procedure:


  • Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  • Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  • Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  • Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
    issues
    as this added information can shed even more light to the problems you are experiencing.

I have to get my first fix approved by my teacher. I will be back ASAP!
  • 0

#3
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi and, Thank you for replying Nathdep.

Is there anyway I can get someone that is not training? I ask for the sake of time.

I would really like to get this malware issue resolved as quickly as possible and I already see
that since you have to get your recommendations approved, we will have several time delays.

Please let me know what steps I have to take to get an expert that's not training to help me.

Thank you.
  • 0

#4
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Nathdep,

Or perhaps you can let me know the times you'd be available,
so that I can make myself available at or around that time-frame too.

Something sounds terribly wrong with my PC and I'm just concerned that
it might blow-up or something or perhaps just stop working... if it
takes to long to fix the malware issue.

Thank you.
Marie
  • 0

#5
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello sdmarie!

I will try my best to respond to your posts as soon as possible. It doesn't take long for my teacher to approve my fixes. :)

Please follow these instructions very carefully:

First, you need to run aswMBR:
  • Download aswMBR to your Desktop by clicking here
  • Double click aswMBR.exe to run it.
  • Click Scan:


    Posted Image

  • On completion of the scan click Save log, save it to your desktop and post in your next reply:


    Posted Image

Next, Download OTL to your Desktop by clicking here
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In your next post be sure to include:
  • OTL.txt
  • Extras.txt
  • The aswMBR log
  • A report if there were any issues following the above instructions

  • 0

#6
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi there!

Give me a few minutes. I will do this now.

Thank you
  • 0

#7
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Nathdep,

Here are the scans in the following order:

1) OTL

2) Extras

3) aswMBR


Thank you! Please let me know what I should do next.


1) OTL

OTL logfile created on: 7/9/2013 3:53:40 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 61.86% Memory free
3.60 Gb Paging File | 3.08 Gb Available in Paging File | 85.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 581.64 Gb Free Space | 83.26% Space Free | Partition Type: NTFS

Computer Name: USER-3E71C3E04B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2013/07/09 15:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/06/29 05:23:46 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 08:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/09 10:53:16 | 002,090,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13070902\algo.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/03/15 05:18:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2013/06/29 05:23:46 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/25 22:27:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 14:13:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/01/08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/07/08 16:10:59 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/07/08 16:10:56 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/08 16:10:56 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/26 15:10:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/03 17:28:54 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/06 05:10:22 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/05/25 03:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 17:25:06 | 003,732,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/02/09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/10/11 09:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes,DefaultScope = {175826B7-A928-4CFF-87FA-441D583DFFEE}
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes\{175826B7-A928-4CFF-87FA-441D583DFFEE}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/07/08 16:08:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/04 17:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/01/27 05:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
[2013/06/25 22:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/25 22:27:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/08 16:08:56 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ghostery = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\
CHR - Extension: SEO for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/22 13:43:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEE01FC6-7841-4928-A310-FDC74D7139C3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/23 12:13:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 360 Days ==========

[2013/07/09 15:42:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/07/09 14:33:24 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2013/07/08 16:10:49 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/07/08 16:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/07/08 16:10:48 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/07/08 16:10:46 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/07/08 16:10:46 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/07/08 16:10:45 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/07/08 16:10:43 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/07/08 16:08:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/07/08 15:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Misc
[2013/07/08 15:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\7-2013
[2013/07/08 15:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Word Files
[2013/07/04 12:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Ves
[2013/07/03 22:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Chris Audio
[2013/07/01 14:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Joy Implementation
[2013/06/29 15:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Info
[2013/06/29 05:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/29 05:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/29 05:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/29 05:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/29 05:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/06/29 05:25:45 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/29 05:25:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/29 05:25:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/29 05:25:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/25 22:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/25 10:08:59 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/06/25 10:08:59 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/06/25 10:06:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/05/01 03:59:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/05/01 03:59:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/04/08 20:54:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/08 19:12:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/04/08 19:09:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/04/08 19:09:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/04/08 19:09:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/04/08 19:09:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/04/08 19:09:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/29 10:16:19 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2013/03/26 15:10:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/03/23 18:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/03/23 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/23 18:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/03/22 18:57:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013/03/22 13:35:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/21 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\NPE
[2013/03/21 12:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/03/21 12:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2013/02/18 14:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/02/18 11:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/29 14:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/29 14:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/29 14:21:07 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/12/30 11:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2012/12/30 11:00:32 | 000,000,000 | ---D | C] -- C:\Brother
[2012/12/30 11:00:31 | 000,081,920 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll
[2012/12/30 11:00:31 | 000,065,536 | ---- | C] (brother) -- C:\WINDOWS\System32\Brwebup.exe
[2012/12/30 11:00:30 | 000,176,128 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2012/12/30 11:00:27 | 000,032,768 | ---- | C] (Brother Industries,LTD) -- C:\WINDOWS\System32\brfxdial.dll
[2012/12/30 11:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012/12/16 16:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/12/11 20:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ExtraPutty
[2012/12/11 20:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\ExtraPutty 0.22
[2012/11/09 03:05:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\Dropbox
[2012/11/09 03:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/11/09 03:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dropbox
[2012/11/09 03:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Dropbox
[2012/11/01 22:02:42 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2012/10/28 23:02:56 | 008,883,640 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\User\Desktop\flashplayer11-5_sa_win_32.exe
[2012/10/21 13:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\SUPERAntiSpyware
[2012/10/21 13:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/14 13:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/10/14 13:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/14 13:38:48 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/14 10:27:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/12 23:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TrojanHunter
[2012/10/12 13:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2012/10/07 03:03:04 | 000,000,000 | ---D | C] -- C:\0396cf120094a7cc4d05a6c8
[2012/10/03 03:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/10/02 14:04:21 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
[2012/09/10 19:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentControl_v2
[2012/09/08 13:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\CRE
[2012/08/14 10:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals

========== Files - Modified Within 360 Days ==========

[2013/07/09 15:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/07/09 15:41:22 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/07/09 15:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/09 15:07:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/09 14:33:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2013/07/09 14:07:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/09 08:42:04 | 000,217,797 | ---- | M] () -- C:\Documents and Settings\User\Desktop\fwdid491headercreation (1).zip
[2013/07/09 08:38:56 | 000,215,165 | ---- | M] () -- C:\Documents and Settings\User\Desktop\fwdid491headercreation (2).zip
[2013/07/09 08:38:56 | 000,163,686 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 1.jpg
[2013/07/09 08:38:56 | 000,162,055 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 2.jpg
[2013/07/09 08:38:50 | 000,165,016 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 3.jpg
[2013/07/09 08:38:50 | 000,163,463 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 4.jpg
[2013/07/09 08:27:00 | 000,162,055 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 2-b.jpg
[2013/07/09 08:26:56 | 000,163,686 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 1-b.jpg
[2013/07/09 08:26:48 | 000,163,463 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 2-a.jpg
[2013/07/09 08:26:36 | 000,165,016 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 1-a.jpg
[2013/07/09 08:06:27 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/07/09 08:05:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/09 08:05:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/07/09 08:04:11 | 000,002,161 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2013/07/09 08:03:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/09 07:44:22 | 000,008,188 | ---- | M] () -- C:\Documents and Settings\User\Desktop\derrick.jpeg
[2013/07/09 04:35:32 | 000,617,773 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 2 a-b.jpg
[2013/07/09 03:25:33 | 001,973,918 | ---- | M] () -- C:\Documents and Settings\User\Desktop\IMG_0946.JPG
[2013/07/08 16:10:59 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/07/08 16:10:59 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/08 16:10:59 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/08 16:10:56 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/07/08 16:10:56 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/07/08 16:10:56 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/08 16:10:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/07/08 16:10:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/08 16:01:53 | 117,478,104 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avast_free_antivirus_setup(1).exe
[2013/07/04 18:15:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/29 05:23:53 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/29 05:23:35 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/29 05:23:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/29 05:23:35 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/06/29 05:23:34 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/29 05:23:33 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/06/27 00:32:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/06/25 14:32:46 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/25 14:13:56 | 000,527,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/25 14:13:56 | 000,097,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/25 13:35:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/24 15:08:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/12 14:13:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 14:13:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/17 18:07:22 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/09 04:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/09 04:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/08 03:23:32 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/05/08 03:23:32 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/05/07 18:30:06 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/05/07 18:30:06 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/05/07 18:30:06 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/05/07 18:30:05 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/05/07 18:30:05 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/05/07 18:30:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/05/07 18:30:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/05/07 18:30:05 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/05/07 18:30:05 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/05/07 18:30:05 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/05/07 18:30:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/05/07 18:30:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/05/07 18:30:05 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/05/07 18:30:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/05/07 18:30:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/05/07 18:30:05 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/05/07 18:30:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/05/07 18:30:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/05/07 18:30:05 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/05/07 18:30:05 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/05/07 18:30:05 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/05/07 18:30:05 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/05/07 18:30:05 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/05/07 18:30:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/05/07 18:30:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/05/07 18:30:05 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/05/07 18:30:05 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/05/07 17:53:29 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/05/01 03:59:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/05/01 03:59:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/04/09 21:31:19 | 001,876,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013/04/09 21:31:19 | 001,876,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2013/04/08 19:12:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/04/03 23:04:51 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/29 11:09:45 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2013/03/29 10:16:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2013/03/26 15:10:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/03/22 13:43:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/19 13:43:33 | 000,000,267 | ---- | M] () -- C:\WINDOWS\Brpcfx.ini
[2013/03/19 13:43:33 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\m8220def.dat
[2013/03/08 04:36:22 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2013/03/08 04:36:22 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2013/03/06 21:32:25 | 002,149,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2013/03/06 21:32:25 | 002,149,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013/03/06 21:28:24 | 002,193,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013/03/06 20:50:30 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013/03/06 20:50:30 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2013/03/06 20:50:28 | 002,070,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013/03/05 14:47:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/27 03:56:51 | 002,067,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2013/02/18 11:28:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/18 11:28:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/02/11 20:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/02/11 20:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2013/02/11 20:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/01/25 23:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2013/01/02 02:49:10 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2013/01/02 02:49:10 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012/12/30 11:03:17 | 000,173,382 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Web Coupons.pdf
[2012/12/16 08:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 08:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/11 20:34:18 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ExtraPutty.lnk
[2012/11/05 22:01:39 | 001,371,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/11/01 22:02:42 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2012/11/01 22:02:42 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2012/10/28 23:03:01 | 008,883,640 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\User\Desktop\flashplayer11-5_sa_win_32.exe
[2012/10/21 13:28:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/12 14:16:42 | 000,216,303 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012/10/12 14:16:20 | 000,157,445 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012/10/12 13:32:20 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012/10/12 10:37:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 14:14:22 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/03 00:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2012/10/02 14:04:21 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\synceng.dll
[2012/10/02 14:04:21 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
[2012/09/19 20:34:23 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\S3 Ripper.lnk
[2012/09/10 15:35:54 | 000,642,415 | ---- | M] () -- C:\Documents and Settings\User\.spyglass.properties
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/24 09:53:22 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll

========== Files Created - No Company Name ==========

[2013/07/09 15:41:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/07/09 08:42:08 | 000,163,463 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 4.jpg
[2013/07/09 08:42:06 | 000,165,016 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 3.jpg
[2013/07/09 08:40:13 | 000,162,055 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 2.jpg
[2013/07/09 08:40:08 | 000,163,686 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 1.jpg
[2013/07/09 08:38:55 | 000,215,165 | ---- | C] () -- C:\Documents and Settings\User\Desktop\fwdid491headercreation (2).zip
[2013/07/09 08:38:49 | 000,217,797 | ---- | C] () -- C:\Documents and Settings\User\Desktop\fwdid491headercreation (1).zip
[2013/07/09 08:27:00 | 000,162,055 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 2-b.jpg
[2013/07/09 08:26:56 | 000,163,686 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 1-b.jpg
[2013/07/09 08:26:48 | 000,163,463 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 2-a.jpg
[2013/07/09 08:26:34 | 000,165,016 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 1-a.jpg
[2013/07/09 07:44:19 | 000,008,188 | ---- | C] () -- C:\Documents and Settings\User\Desktop\derrick.jpeg
[2013/07/09 04:34:41 | 000,617,773 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 2 a-b.jpg
[2013/07/09 03:25:08 | 001,973,918 | ---- | C] () -- C:\Documents and Settings\User\Desktop\IMG_0946.JPG
[2013/07/08 16:11:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/08 16:11:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/08 16:11:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/08 16:10:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/07/08 16:10:45 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/07/08 16:10:44 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/07/08 16:10:44 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/07/08 16:00:29 | 117,478,104 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avast_free_antivirus_setup(1).exe
[2013/06/29 05:31:44 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/06/27 00:32:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/27 00:32:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/06/25 11:17:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/05/02 14:57:16 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/02 14:57:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 08:17:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/08 19:09:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/08 19:09:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/08 19:09:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/08 19:09:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/08 19:09:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/22 13:37:25 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2013/03/22 13:37:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/20 15:12:55 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/26 13:52:04 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/26 13:52:03 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/18 11:28:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/18 11:28:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/18 11:28:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/29 14:21:09 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/01/02 02:49:10 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012/12/30 11:03:17 | 000,173,382 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Web Coupons.pdf
[2012/12/30 11:00:32 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
[2012/12/11 20:34:18 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ExtraPutty.lnk
[2012/10/21 13:28:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/12 14:16:42 | 000,216,303 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012/10/12 14:16:20 | 000,157,445 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012/10/12 13:32:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012/10/12 10:37:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 14:14:42 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/09/19 20:34:23 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\S3 Ripper.lnk
[2012/03/27 22:41:51 | 002,744,116 | ---- | C] () -- C:\Documents and Settings\User\.websiteauditor.properties
[2012/03/27 22:36:53 | 000,453,990 | ---- | C] () -- C:\Documents and Settings\User\.linkassistant.properties
[2012/02/21 09:53:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 08:53:04 | 000,642,415 | ---- | C] () -- C:\Documents and Settings\User\.spyglass.properties
[2012/01/27 05:27:15 | 000,409,412 | ---- | C] () -- C:\Documents and Settings\User\.ranktracker.properties
[2011/11/10 12:59:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2011/10/24 01:54:01 | 000,235,057 | ---- | C] () -- C:\Documents and Settings\User\.spyglass.properties.bak
[2011/08/13 18:59:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/07/19 10:02:39 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2011/07/19 10:02:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/07/19 10:02:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8220def.dat
[2011/07/19 10:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/07/07 10:46:23 | 000,832,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1659004503-839522115-1003-0.dat
[2011/07/07 10:46:21 | 000,282,938 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/06 13:36:41 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\TheBestSpinner_Export.dat
[2011/02/05 00:00:24 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 22:12:39 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\User\default.pls

========== ZeroAccess Check ==========

[2009/10/23 12:26:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 01:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >




2) EXTRAS


OTL Extras logfile created on: 7/9/2013 3:53:41 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 61.86% Memory free
3.60 Gb Paging File | 3.08 Gb Available in Paging File | 85.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 581.64 Gb Free Space | 83.26% Space Free | Partition Type: NTFS

Computer Name: USER-3E71C3E04B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\User\Local Settings\temp\7zS180.tmp\SymNRT.exe" = C:\Documents and Settings\User\Local Settings\temp\7zS180.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\User\Local Settings\temp\7zS184.tmp\SymNRT.exe" = C:\Documents and Settings\User\Local Settings\temp\7zS184.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\User\Local Settings\temp\7zS307.tmp\SymNRT.exe" = C:\Documents and Settings\User\Local Settings\temp\7zS307.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023C9E50-C216-4E7A-A8A5-3457DE58106C}" = Catalyst Control Center - Branding
"{03D8A0D6-8455-B550-A808-391C82127447}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09756AF6-AFAD-EF82-AB78-3297FD81E821}" = CCC Help Japanese
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10CD9AF7-5D3A-2772-F617-8BD9D82EC3A3}" = CCC Help Dutch
"{1447E6D2-1015-AE95-5976-E15EF8684347}" = CCC Help Portuguese
"{14C76057-E495-47E1-BDF0-1A1CC1752ADF}" = ExtraPutty 0.22
"{17B4113F-D6AA-3970-127A-C09D10886EB0}" = CCC Help German
"{187DC7F2-3C76-62C6-575B-03EC8B9B0BC8}" = Catalyst Control Center Graphics Full Existing
"{1A4B2698-683C-769B-7E67-339F23858DEB}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200BFFBD-3B5F-47C7-F6DB-3162EF559880}" = Skins
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A6F0B6-E6F3-46AE-BB7E-81D6AFA6E926}" = ATI AVIVO Codecs
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337A4845-48F0-3363-4424-5047FD6AB456}" = CCC Help Hungarian
"{34E9641A-7DB3-4F08-961E-5069F533A0C1}" = Brother MFL-Pro Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{511CD3D6-8A90-8D4F-B16B-DA80BD0E0FBE}" = CCC Help Turkish
"{53C06EDE-6FB0-643E-7193-7053F9C7190A}" = ccc-utility
"{5C9C1AD9-CBA2-8EBD-8252-D39F40C29F4B}" = CCC Help Thai
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63717D97-103F-4310-E8E9-22F26F9E2C38}" = CCC Help Korean
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A13436F-4D18-D4B5-181E-B6AC603BFED7}" = CCC Help Czech
"{6C878433-FDDC-6C9E-2E6C-55F979761B30}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E0696CF-2869-578B-F8AB-C82B80F9EF12}" = CCC Help Italian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A8E958-F3F9-CE7C-B084-F90B8F40F3C3}" = Catalyst Control Center Graphics Light
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A51026AB-F833-413F-5BB3-AE1B3CF3F539}" = ccc-core-static
"{A879106A-9275-0397-CA14-76B24943ACE3}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 2.0
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B22C04E5-C923-94E2-A33A-25B988686934}" = CCC Help Finnish
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BB6BB891-CA30-060D-5D63-860F59DBD29D}" = CCC Help Spanish
"{BFB91468-460B-68B6-C666-BB5CC09BC93B}" = Catalyst Control Center Localization All
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF287D73-E32C-19C1-E895-2EC4BC7334AE}" = CCC Help Chinese Traditional
"{D85D835B-E26E-99E0-CB4E-9DEA34EC19FD}" = CCC Help Russian
"{DA57EFCC-90DA-A202-9AC8-A1278918F481}" = CCC Help Polish
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DD97597E-7AB9-8A67-5C18-31015D91B337}" = ccc-core-preinstall
"{E2958428-E345-CB5E-239D-FE031BDA3A89}" = CCC Help Chinese Standard
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA36EFF1-DFB9-E5A7-29C0-9DBAF7EBAEF6}" = CCC Help English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A4A3DA-D7E8-C3CD-966D-9B57762739FF}" = CCC Help French
"{F8C3DA4D-3837-50E7-10B2-0EE0D656B63C}" = CCC Help Danish
"{FFB7426F-1531-6AB4-BFB9-3CC1336FE406}" = CCC Help Norwegian
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Presenter 7" = Adobe Presenter 7
"All ATI Software" = ATI - Software Uninstall Utility
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiPony" = MiPony 1.5.3
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.92
"seopowersuite" = SEO SpyGlass
"TheBestSpinner" = TheBestSpinner
"thinkorswim" = thinkorswim
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/23/2013 5:22:52 PM | Computer Name = USER-3E71C3E04B | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 6/23/2013 7:02:32 PM | Computer Name = USER-3E71C3E04B | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 6/23/2013 8:52:12 PM | Computer Name = USER-3E71C3E04B | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 6/23/2013 10:51:52 PM | Computer Name = USER-3E71C3E04B | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 6/25/2013 2:34:10 PM | Computer Name = USER-3E71C3E04B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 7/1/2013 10:24:58 AM | Computer Name = USER-3E71C3E04B | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.1.60.129, faulting module
mshtml.dll, version 8.0.6001.23501, fault address 0x002b96c0.

Error - 7/8/2013 4:02:13 PM | Computer Name = USER-3E71C3E04B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/8/2013 4:02:13 PM | Computer Name = USER-3E71C3E04B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/8/2013 4:02:13 PM | Computer Name = USER-3E71C3E04B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/8/2013 6:16:38 PM | Computer Name = USER-3E71C3E04B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ OSession Events ]
Error - 10/9/2010 9:06:13 PM | Computer Name = USER-3E71C3E04B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27741
seconds with 14820 seconds of active time. This session ended with a crash.

Error - 10/24/2010 8:49:31 PM | Computer Name = USER-3E71C3E04B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 116996
seconds with 7320 seconds of active time. This session ended with a crash.

Error - 10/24/2010 9:37:02 PM | Computer Name = USER-3E71C3E04B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2518
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 9/24/2011 10:55:09 AM | Computer Name = USER-3E71C3E04B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 155
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/28/2012 4:57:41 AM | Computer Name = USER-3E71C3E04B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48973
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/8/2013 2:05:44 PM | Computer Name = USER-3E71C3E04B | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/8/2013 2:05:48 PM | Computer Name = USER-3E71C3E04B | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/8/2013 2:05:52 PM | Computer Name = USER-3E71C3E04B | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/8/2013 2:05:55 PM | Computer Name = USER-3E71C3E04B | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/8/2013 2:05:59 PM | Computer Name = USER-3E71C3E04B | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/8/2013 2:06:03 PM | Computer Name = USER-3E71C3E04B | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/9/2013 8:05:10 AM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 7/9/2013 3:29:25 PM | Computer Name = USER-3E71C3E04B | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/9/2013 3:29:50 PM | Computer Name = USER-3E71C3E04B | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/9/2013 3:30:49 PM | Computer Name = USER-3E71C3E04B | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >



3) aswMBR


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-09 14:34:13
-----------------------------
14:34:13.531 OS Version: Windows 5.1.2600 Service Pack 3
14:34:13.531 Number of processors: 2 586 0x602
14:34:13.531 ComputerName: USER-3E71C3E04B UserName: User
14:34:33.921 Initialize success
14:34:34.046 AVAST engine defs: 13070902
14:34:59.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:34:59.015 Disk 0 Vendor: ST3750640AS 3.AAD Size: 715404MB BusType: 3
14:34:59.187 Disk 0 MBR read successfully
14:34:59.187 Disk 0 MBR scan
14:34:59.187 Disk 0 Windows XP default MBR code
14:34:59.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715394 MB offset 63
14:34:59.203 Disk 0 scanning sectors +1465128000
14:34:59.406 Disk 0 scanning C:\WINDOWS\system32\drivers
14:35:33.687 Service scanning
14:35:58.562 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
14:36:16.265 Modules scanning
14:36:48.843 Disk 0 trace - called modules:
14:36:48.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys
14:36:48.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a457ab8]
14:36:49.140 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a4631e0]
14:36:49.140 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a46dd98]
14:37:05.109 AVAST engine scan C:\WINDOWS
14:37:43.328 AVAST engine scan C:\WINDOWS\system32
14:49:30.593 AVAST engine scan C:\WINDOWS\system32\drivers
14:50:50.625 AVAST engine scan C:\Documents and Settings\User
15:38:08.843 AVAST engine scan C:\Documents and Settings\All Users
15:40:46.296 Scan finished successfully
15:41:22.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
15:41:22.625 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
  • 0

#8
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello sdmarie! :)

Please follow these instructions very carefully:

First, Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    
    [CLEARALLRESTOREPOINTS]
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done. A resulting Fix log should open.
  • Post this Fix log in your next response.

Next, you need to defrag your C: drive

  • Open My Computer
  • Right-click on the C: drive, and then click Properties
  • On the Tools tab, click Defragment Now
  • Click Defragment
  • Allow the process to run unhindered. Do not run any programs while degragmenting. Note: This might be a lengthy process.

Next, we are going to run System File Checker to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:

My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.

Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:

My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

Next, please navigate to your Desktop
  • Right click on a blank area on the desktop
  • Point to New and click Compressed (zipped) Folder
  • Name the folder Minidumps and press enter
  • Navigate to C:\windows\minidumps
  • Highlight the three most recent files in this folder
  • Drag these files onto the Minidumps Compressed Folder that you created earlier
  • Attach this folder in your next reply

In your next response, be sure to include
  • The Fix log from OTL
  • A report on if the defrag process completed successfully
  • A report on the outcome of running System File Checker
  • The Minidumps zipped folder attachment
  • A report on if any new problems were created by following the above instructions or if any prior problems have been resolved

  • 0

#9
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi! Defrag is going to take a very long time. May I ask you the purposes of defragmenting my C:/ drive.

I use my PC daily -- so the delay would be quite an interruption.

Thank you!
  • 0

#10
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello!

Defragmenting your C: drive can improve the efficiency of your computer and may help with the problem you're having with your system crashing. A fragmented drive can contribute to a computer being slow.

Here is an illustration of how defragmenting works:

Posted Image

As you can see, defragmenting takes all of the fragments on your C: drive (represented by the colored blocks) and rearranges them so that they are organized. This allows your computer to run more efficiently.

Here is some more information on defragmentation: What is disk defragmentation?

I would definitely recommend defragmenting your C: drive. Have you considered leaving your computer on at night and allowing it to run then while you are sleeping?
  • 0

Advertisements


#11
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Nathdep,

I am not 100% certain that you're understanding me correctly.

My PC is running SLOWER then NORMAL. Therefore, if I run a defragmentation, it will likely take 3-4 days to complete.

I don't know why it's running so slow -- I've already communicated this to you. I know that it has viruses, bugs on it, etc.
I have a total space of 698 GB, with free space of 586 GB, however it's still running SLOW.

I started the defragmenting yesterday morning at 10:00am. It's now 7:29am. Well, the process is only 41% complete. As I've communicated,
I need to use my PC; this process with all my bugs will take forever; therefore I'd rather get my PC and the viruses cleaned first so
that it's operating fast -- like it's suppose to. And then try and defrag later.

Next, the Systems File Check is not giving me anything. It's asking for the Windows CD and I have zero ideas where it's at.

Next, the "Point to New and click Compressed (zipped) Folder" is not working for me because I do not see Compressed (zipped) Folder.


I'd like to forego all of the aforementioned steps you've sent me and ask that you please provide me real solutions to help me clean my PC
of it existing viruses in efforts to get it clean and help speed it up.

Attached below is the OTL generated report. Thank You!

All processes killed
========== COMMANDS ==========
Error creating restore point.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 979389 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 666539 bytes

User: User
->Temp folder emptied: 1377864193 bytes
->Temporary Internet Files folder emptied: 19804378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 188649372 bytes
->Google Chrome cache emptied: 192263881 bytes
->Flash cache emptied: 83543 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98484147 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 17082 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22912385 bytes

Total Files Cleaned = 1,814.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07112013_090758

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts

I've already communicated this to you. I know that it has viruses, bugs on it, etc.


I don't believe there is much if any malware on your system. We can double check to see if there is actually malware present or not.

NOTE: This scan can be lengthy.

Download Dr.Web CureIt to your Desktop by clicking here.
  • Double click the drweb-cureit.exe file to open it.
  • A window will open offerring a choice of EPM or Standard Mode
  • Chose EPM
  • A license and updates window will appear. If necessary update, otherwise check the box "I agree to participate..." and click Continue
  • You will not be able to use your computer until the scan is finished.
  • Dr Web will scan your computer. When finished a report is saved to C:\users\....\Doctor Web named cureit.log. Copy and paste the contents back here.

  • 0

#13
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi There...


What do I need to do in order to speak with a representative that is not training still.

I would prefer to that. Thank You! Please let me know what I need to do, whether it's create a new ticket or what,
but that is my request.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will take over from my student. Could you relate to me the exact problem you are experiencing and how long you are able to put your system offline to check various elements out
  • 0

#15
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Essexboy,

The exact problem I am experiencing is as follows:

1) My PC recently began taking longer then normal to boot up and run programs
- Boot time now takes up to 7 minutes now verses seconds (which is what I'm accustomed to)

- After boot and after all start-up processes are done loading etc. programs such
as Chrome, Firefox, MSWord, etc can take 47 seconds up to 1 minute+ just to open after I double click.

- If I open up more then 8 browsers, after a few hours I typically receive a Blue screen that says
"A problem has been detected and Windows has been shut down to prevent damage to your computer"

On the same screen it says technical info and lists *** Ati3duag.dll ***

- My virus detector detected a Heuristic infection. Sometime CPU usage would spike extremely high
(80+ %) all while no browsers or applications are open.


At the request of Nathdep, I did finally complete a Defrag, however I has to use a 3rd party program.
My Windows program was had taken approx 2 days and was only at 48%. I can attach the defrag results if
you wish.

I also checked the volume for errors. This process took about 2 days.


Thank you for your assistance.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP