Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Heuristic Virus detected -- Ati2dvag issue [Closed]


  • This topic is locked This topic is locked

#16
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
To you additional inquiry, I am able to put my system offline to check any/all elements that you need me to.

Thank you!
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I run Avast and the heuristic detection is just an indication that it does not like the file for some reason .. So lets see what the reason is

First I will run a quick analysis scan


Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Allow the programme to run
After a short wjhile an analysis zip file will be created
Attach that to your next post please
The analysis folder is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#18
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Oh wow... for some reason I did not receive an email notification that you responded?

I'm just now seeing your notes. I will do as instructed now. Thank you.
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, is Avast still giving a heuristic alert ?
  • 0

#20
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello there.

Please see the attached Kaspersky report:

Gathering system information: completed 4 minutes ago (events: 337, time: 00:05:12)
7/18/2013 5:31:02 PM Task started Gathering system information
7/18/2013 5:31:04 PM Main script of analysis
7/18/2013 5:31:04 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
7/18/2013 5:31:04 PM System Restore: enabled
7/18/2013 5:31:07 PM 1.1 Searching for user-mode API hooks
7/18/2013 5:31:08 PM Analysis: kernel32.dll, export table found in section .text
7/18/2013 5:31:08 PM IAT modification detected: CreateProcessA - 00BE0010<>7C80236B
7/18/2013 5:31:08 PM IAT modification detected: GetModuleFileNameA - 00BE0080<>7C80B56F
7/18/2013 5:31:08 PM IAT modification detected: FreeLibrary - 00BE00F0<>7C80AC7E
7/18/2013 5:31:08 PM IAT modification detected: GetModuleFileNameW - 00BE0160<>7C80B475
7/18/2013 5:31:08 PM IAT modification detected: CreateProcessW - 00BE01D0<>7C802336
7/18/2013 5:31:08 PM IAT modification detected: LoadLibraryW - 00BE02B0<>7C80AEEB
7/18/2013 5:31:08 PM IAT modification detected: LoadLibraryA - 00BE0320<>7C801D7B
7/18/2013 5:31:08 PM IAT modification detected: GetProcAddress - 00BE0390<>7C80AE40
7/18/2013 5:31:08 PM Analysis: ntdll.dll, export table found in section .text
7/18/2013 5:31:08 PM Function ntdll.dll:LdrLoadDll (70) intercepted, method APICodeHijack.JmpTo[003901EE]
7/18/2013 5:31:08 PM Function ntdll.dll:LdrUnloadDll (80) intercepted, method APICodeHijack.JmpTo[003903F2]
7/18/2013 5:31:09 PM Analysis: user32.dll, export table found in section .text
7/18/2013 5:31:09 PM Function user32.dll:SetWinEventHook (639) intercepted, method APICodeHijack.JmpTo[003D01EE]
7/18/2013 5:31:09 PM Function user32.dll:SetWindowsHookExA (651) intercepted, method APICodeHijack.JmpTo[003D05F6]
7/18/2013 5:31:09 PM Function user32.dll:SetWindowsHookExW (652) intercepted, method APICodeHijack.JmpTo[003D07FA]
7/18/2013 5:31:09 PM Function user32.dll:UnhookWinEvent (685) intercepted, method APICodeHijack.JmpTo[003D03F2]
7/18/2013 5:31:09 PM Function user32.dll:UnhookWindowsHookEx (687) intercepted, method APICodeHijack.JmpTo[003D09FE]
7/18/2013 5:31:10 PM Analysis: advapi32.dll, export table found in section .text
7/18/2013 5:31:10 PM Function advapi32.dll:ChangeServiceConfig2A (54) intercepted, method APICodeHijack.JmpTo[003C0C02]
7/18/2013 5:31:10 PM Function advapi32.dll:ChangeServiceConfig2W (55) intercepted, method APICodeHijack.JmpTo[003C0E06]
7/18/2013 5:31:10 PM Function advapi32.dll:ChangeServiceConfigA (56) intercepted, method APICodeHijack.JmpTo[003C07FA]
7/18/2013 5:31:10 PM Function advapi32.dll:ChangeServiceConfigW (57) intercepted, method APICodeHijack.JmpTo[003C09FE]
7/18/2013 5:31:10 PM Function advapi32.dll:CreateServiceA (102) intercepted, method APICodeHijack.JmpTo[003C01EE]
7/18/2013 5:31:10 PM Function advapi32.dll:CreateServiceW (103) intercepted, method APICodeHijack.JmpTo[003C03F2]
7/18/2013 5:31:10 PM Function advapi32.dll:DeleteService (177) intercepted, method APICodeHijack.JmpTo[003C05F6]
7/18/2013 5:31:10 PM Function advapi32.dll:SetServiceObjectSecurity (572) intercepted, method APICodeHijack.JmpTo[003C100A]
7/18/2013 5:31:10 PM Analysis: ws2_32.dll, export table found in section .text
7/18/2013 5:31:11 PM Analysis: wininet.dll, export table found in section .text
7/18/2013 5:31:11 PM Analysis: rasapi32.dll, export table found in section .text
7/18/2013 5:31:12 PM Analysis: urlmon.dll, export table found in section .text
7/18/2013 5:31:12 PM Analysis: netapi32.dll, export table found in section .text
7/18/2013 5:31:13 PM 1.2 Searching for kernel-mode API hooks
7/18/2013 5:31:15 PM Driver loaded successfully
7/18/2013 5:31:15 PM SDT found (RVA=085700)
7/18/2013 5:31:15 PM Kernel ntkrnlpa.exe found in memory at address 804D7000
7/18/2013 5:31:15 PM SDT = 8055C700
7/18/2013 5:31:15 PM KiST = 805044C4 (284)
7/18/2013 5:31:22 PM Function NtAddBootEntry (09) intercepted (806170B4->A6A3D610), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtAdjustPrivilegesToken (0B) intercepted (805EC410->A19E1690), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtAllocateVirtualMemory (11) intercepted (805A8AC2->A6AF15FA), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtAssignProcessToJobObject (13) intercepted (805D66A0->A6A3E0E6), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtClose (19) intercepted (805BC538->A19E1F94), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtConnectPort (1F) intercepted (805A45D8->A19E2DC8), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateEvent (23) intercepted (8060F0B0->A19E3312), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateEventPair (24) intercepted (806173FA->A6A49F64), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateFile (25) intercepted (805790A2->A19E2270), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateIoCompletion (26) intercepted (80578A80->A6A4A0FE), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateKey (29) intercepted (8062423A->A19E0500), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateMutant (2B) intercepted (806177F2->A19E31F8), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateNamedPipeFile (2C) intercepted (805790DC->A19E127E), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreatePort (2E) intercepted (805A50F4->A19E30CC), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateProcessEx (30) - machine code modification Method of JmpTo. jmp A6B0AE04\SystemRoot\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM Function NtCreateSection (32) intercepted (805AB3D0->A19E1426), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateSemaphore (33) intercepted (806151B0->A19E3432), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateThread (35) intercepted (805D1038->A19E1C1C), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateTimer (36) intercepted (806170C2->A6A4A0B8), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtCreateWaitablePort (38) intercepted (805A5118->A19E3162), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtDebugActiveProcess (39) intercepted (80643C82->A19E4B1A), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:22 PM >>> Function restored successfully !
7/18/2013 5:31:22 PM >>> Hook code blocked
7/18/2013 5:31:22 PM Function NtDeleteBootEntry (3D) intercepted (805C8678->A6A3D676), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtDeleteKey (3F) intercepted (806246D6->A19E0B0A), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtDeleteValueKey (41) intercepted (806248A6->A19E0EBE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtDeviceIoControlFile (42) intercepted (80579268->A19E26F2), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtDuplicateObject (44) intercepted (805BE010->A19E5D26), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtEnumerateKey (47) intercepted (80624A86->A19E100A), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtEnumerateValueKey (49) intercepted (80624CF0->A19E10A2), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtFreeVirtualMemory (53) intercepted (805B2FBA->A6AF16C2), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtFsControlFile (54) intercepted (8057929C->A19E2500), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtLoadDriver (61) intercepted (80584172->A19E4C0C), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtLoadKey (62) intercepted (8062645E->A19E04DC), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtLoadKey2 (63) intercepted (8062606A->A19E04EE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtMapViewOfSection (6C) intercepted (805B2042->A19E5374), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtModifyBootEntry (6D) intercepted (805C8678->A6A3D6DC), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtNotifyChangeKey (6F) intercepted (80626428->A19E11CE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtNotifyChangeMultipleKeys (70) intercepted (8062505C->A6A3F92C), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenEvent (72) intercepted (8060F1B0->A19E33A8), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenEventPair (73) intercepted (806174D2->A6A49F86), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenFile (74) intercepted (8057A1A0->A19E2016), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenIoCompletion (75) intercepted (80578B58->A6A4A122), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenKey (77) intercepted (80625618->A19E06C0), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenMutant (78) intercepted (806178CA->A19E3288), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenProcess (7A) intercepted (805CB456->A19E18CC), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenSection (7D) intercepted (805AA3F4->A19E510E), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenSemaphore (7E) intercepted (806152AA->A19E34C8), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenThread (80) intercepted (805CB6E2->A19E17BE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtOpenTimer (83) intercepted (806171E4->A6A4A0DC), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtProtectVirtualMemory (89) intercepted (805B8426->A6AF1822), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtQueryKey (A0) intercepted (8062595A->A19E113A), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtQueryMultipleValueKey (A1) intercepted (80623388->A19E0D72), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtQueryObject (A3) intercepted (805C52D4->A6A3F7F8), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtQuerySection (A7) intercepted (805B85E8->A19E56AE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtQueryValueKey (B1) intercepted (8062245E->A19E099C), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtQueueApcThread (B4) intercepted (805D2756->A19E4FA0), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtRenameKey (C0) intercepted (80623C5C->A19E0C2C), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtReplaceKey (C1) intercepted (8062630E->A19DFF16), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtReplyPort (C2) intercepted (805A54F4->A19E382C), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtReplyWaitReceivePort (C3) intercepted (805A64BC->A19E36F2), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtRequestWaitReplyPort (C8) intercepted (805A2D7E->A19E48B4), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtRestoreKey (CC) intercepted (80625C1A->A19E028E), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtResumeThread (CE) intercepted (805D4A18->A19E5BC8), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSaveKey (CF) intercepted (80625D16->A19DFEAE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSecureConnectPort (D2) intercepted (805A3D6C->A19E2B0E), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetBootEntryOrder (D3) intercepted (806170B4->A6A3D742), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetBootOptions (D4) intercepted (806170B4->A6A3D7A8), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetContextThread (D5) intercepted (805D2C1A->A19E1E38), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetInformationToken (E6) intercepted (805FA760->A19E4154), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetSecurityObject (ED) intercepted (805C0636->A19E4DAA), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetSystemInformation (F0) intercepted (8060FE68->A19E57FE), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetSystemPowerState (F1) intercepted (80653E18->A6A3D4CE), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSetValueKey (F7) intercepted (806227AC->A19E0816), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtShutdownSystem (F9) intercepted (806130F2->A6A3D45C), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSuspendProcess (FD) intercepted (805D4AE0->A19E58F0), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSuspendThread (FE) intercepted (805D4952->A19E5A2A), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtSystemDebugControl (FF) intercepted (8061820E->A19E4A3E), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtTerminateProcess (101) intercepted (805D22D8->A19E1A68), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtTerminateThread (102) intercepted (805D24D2->A19E19C8), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtUnloadDriver (106) intercepted (80584306->A6AEFC42), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtUnmapViewOfSection (10B) intercepted (805B2E50->A19E5552), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtVdmControl (10C) intercepted (805FBB18->A6A3D80E), hook C:\WINDOWS\System32\Drivers\aswSnx.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function NtWriteVirtualMemory (115) intercepted (805B43D4->A19E1B52), hook C:\WINDOWS\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM >>> Hook code blocked
7/18/2013 5:31:23 PM Function FsRtlCheckLockForReadAccess (804EAFDE) - machine code modification Method of JmpTo. jmp A19D3FD0 \SystemRoot\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM Function IoIsOperationSynchronous (804EF97C) - machine code modification Method of JmpTo. jmp A19D43AC \SystemRoot\system32\DRIVERS\6386257drv.sys, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:23 PM Function ObInsertObject (805C2FE2) - machine code modification Method of JmpTo. jmp A6B097B4 \SystemRoot\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:23 PM >>> Function restored successfully !
7/18/2013 5:31:24 PM Function ObMakeTemporaryObject (805BC55E) - machine code modification Method of JmpTo. jmp A6B07C9A \SystemRoot\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:24 PM >>> Function restored successfully !
7/18/2013 5:31:24 PM Functions checked: 284, intercepted: 81, restored: 86
7/18/2013 5:31:24 PM 1.3 Checking IDT and SYSENTER
7/18/2013 5:31:24 PM Analysis for CPU 1
7/18/2013 5:31:24 PM Analysis for CPU 2
7/18/2013 5:31:24 PM CmpCallCallBacks = 00093D84
7/18/2013 5:31:24 PM Disable callback OK
7/18/2013 5:31:24 PM Checking IDT and SYSENTER - complete
7/18/2013 5:31:24 PM 1.4 Searching for masking processes and drivers
7/18/2013 5:31:24 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
7/18/2013 5:31:24 PM 1.5 Checking of IRP handlers
7/18/2013 5:31:24 PM Driver loaded successfully
7/18/2013 5:31:24 PM \FileSystem\ntfs[IRP_MJ_CREATE] = A6B0A918 -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:25 PM \FileSystem\ntfs[IRP_MJ_CLOSE] = A6B0A958 -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:25 PM \FileSystem\ntfs[IRP_MJ_WRITE] = A6B0AA20 -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:25 PM \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = A6B0AA60 -> C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
7/18/2013 5:31:25 PM Checking - complete
7/18/2013 5:31:25 PM LSP NameSpace error: "mdnsNSP" --> file is missing C:\Program Files\Bonjour\mdnsNSP.dll
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
7/18/2013 5:31:54 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
7/18/2013 5:31:54 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
7/18/2013 5:31:54 PM >> Security: disk drives' autorun is enabled
7/18/2013 5:31:54 PM >> Security: administrative shares (C$, D$ ...) are enabled
7/18/2013 5:31:54 PM >> Security: anonymous user access is enabled
7/18/2013 5:31:54 PM >> Security: sending Remote Assistant queries is enabled
7/18/2013 5:31:56 PM >> Disable HDD autorun
7/18/2013 5:31:56 PM >> Disable autorun from network drives
7/18/2013 5:31:56 PM >> Disable CD/DVD autorun
7/18/2013 5:31:56 PM >> Disable removable media autorun
7/18/2013 5:31:57 PM System Analysis in progress
7/18/2013 5:36:14 PM System Analysis - complete
7/18/2013 5:36:14 PM Deleting service/driver: uti4odmx
7/18/2013 5:36:14 PM [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti4odmx
7/18/2013 5:36:14 PM Delete file:C:\WINDOWS\system32\Drivers\uti4odmx.sys
7/18/2013 5:36:14 PM Deleting service/driver: uji4odmx
7/18/2013 5:36:14 PM Main script of analysis
7/18/2013 5:36:14 PM Task completed Gathering system information
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the entire zip file please

C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
  • 0

#22
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi I'm having a difficult time locating that file.

I also don't know what to place for "your computer" - or where to find that info :(

Can you provide me more detailed instructions please. Thank you.
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is there a folder on your desktop called Virus Removal Tool the logs should be in there as avptool_sysinfo.zip Please attach the entire zip file
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just re-run on my system and they have changed the programme :blush:

Open AVP
Select Manual disinfection
Select step 2 Report Sending
Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
Posted Image
  • 0

#25
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK! I'll do it right now. Thank you
  • 0

Advertisements


#26
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
File attached. Pardon it taking me so long :)

Thank you.

Edited by sdmarie, 20 July 2013 - 02:49 PM.

  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks good, we will need to reset your lsp stack. I will use OTL to do that

Once done could you let me know if the speed has improved

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
netsh winsock reset catalog /c
:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#28
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL logfile created on: 7/20/2013 4:36:54 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 70.64% Memory free
3.60 Gb Paging File | 3.18 Gb Available in Paging File | 88.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 585.96 Gb Free Space | 83.87% Space Free | Partition Type: NTFS

Computer Name: USER-3E71C3E04B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/20 15:30:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/06/29 05:23:46 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 08:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/20 03:59:46 | 002,093,056 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13072000\algo.dll
MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/03/15 05:18:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll


========== Services (SafeList) ==========

SRV - [2013/06/29 05:23:46 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/25 22:27:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 14:13:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/01/08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/08 16:10:59 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/07/08 16:10:56 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/08 16:10:56 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/26 15:10:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/03 17:28:54 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/06 05:10:22 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/05/25 03:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 17:25:06 | 003,732,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/02/09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/10/11 09:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\..\SearchScopes,DefaultScope = {175826B7-A928-4CFF-87FA-441D583DFFEE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{175826B7-A928-4CFF-87FA-441D583DFFEE}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/07/08 16:08:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/04 17:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/01/27 05:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
[2013/06/25 22:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/25 22:27:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/08 16:08:56 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ghostery = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\
CHR - Extension: SEO for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/20 15:34:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEE01FC6-7841-4928-A310-FDC74D7139C3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/23 12:13:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/20 15:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/07/12 12:36:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/07/12 07:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/07/12 07:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/07/12 07:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/07/11 18:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2013/07/11 09:07:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/08 16:10:49 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/07/08 16:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/07/08 16:10:48 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/07/08 16:10:46 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/07/08 16:10:46 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/07/08 16:10:45 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/07/08 16:10:43 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/07/08 16:08:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/07/08 15:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Misc
[2013/07/08 15:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\7-2013
[2013/07/08 15:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Word Files
[2013/07/01 14:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Joy Implementation
[2013/06/29 05:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/29 05:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/29 05:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/29 05:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/29 05:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/06/25 22:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/20 16:22:11 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/07/20 16:14:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/20 16:14:03 | 000,002,161 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2013/07/20 16:13:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/20 16:13:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/20 15:34:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/07/20 15:30:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/07/20 15:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/20 15:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/20 01:03:43 | 000,016,993 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avptool_sysinfo.zip
[2013/07/20 01:03:42 | 000,097,465 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avz_sysinfo.htm
[2013/07/20 01:03:42 | 000,028,057 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avz_sysinfo.xml
[2013/07/19 22:19:53 | 000,068,913 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSC_0109.JPG
[2013/07/19 22:19:46 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\User\Desktop\marie.jpg
[2013/07/19 09:42:23 | 000,011,835 | ---- | M] () -- C:\Documents and Settings\User\Desktop\special-bonus.jpg
[2013/07/19 09:34:26 | 000,022,577 | ---- | M] () -- C:\Documents and Settings\User\Desktop\addtocart-style1.png
[2013/07/19 00:28:11 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/07/18 18:36:55 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Joy image.jpg
[2013/07/18 18:15:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/18 17:24:28 | 176,751,688 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setup_11.0.0.1245.x01_2013_07_19_00_16.exe
[2013/07/18 00:49:26 | 000,062,294 | ---- | M] () -- C:\Documents and Settings\User\Desktop\7 Website Pages.zip
[2013/07/18 00:21:24 | 000,051,971 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AddtoCart1.jpg
[2013/07/17 23:49:13 | 002,747,847 | ---- | M] () -- C:\Documents and Settings\User\Desktop\3D book slanted.jpg
[2013/07/17 16:26:56 | 007,499,539 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Joy Implementation.zip
[2013/07/17 12:13:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/15 08:56:50 | 000,971,260 | ---- | M] () -- C:\Documents and Settings\User\Desktop\rpp business card 3.jpg
[2013/07/13 10:27:31 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/12 07:14:17 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Auslogics Disk Defrag.lnk
[2013/07/10 03:46:38 | 000,165,103 | ---- | M] () -- C:\Documents and Settings\User\Desktop\logo 0.jpg
[2013/07/09 15:41:22 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/07/08 16:10:59 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/07/08 16:10:59 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/08 16:10:59 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/08 16:10:56 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/07/08 16:10:56 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/07/08 16:10:56 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/08 16:10:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/07/08 16:10:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/08 16:01:53 | 117,478,104 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avast_free_antivirus_setup(1).exe
[2013/06/27 00:32:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/06/25 14:32:46 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/25 14:13:56 | 000,527,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/25 14:13:56 | 000,097,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/20 09:44:09 | 000,016,993 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avptool_sysinfo.zip
[2013/07/20 01:39:26 | 000,097,465 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avz_sysinfo.htm
[2013/07/20 01:39:21 | 000,028,057 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avz_sysinfo.xml
[2013/07/19 22:19:52 | 000,068,913 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSC_0109.JPG
[2013/07/19 22:19:40 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\User\Desktop\marie.jpg
[2013/07/19 09:42:21 | 000,011,835 | ---- | C] () -- C:\Documents and Settings\User\Desktop\special-bonus.jpg
[2013/07/19 09:34:22 | 000,022,577 | ---- | C] () -- C:\Documents and Settings\User\Desktop\addtocart-style1.png
[2013/07/18 18:36:51 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Joy image.jpg
[2013/07/18 17:21:46 | 176,751,688 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setup_11.0.0.1245.x01_2013_07_19_00_16.exe
[2013/07/18 00:49:25 | 000,062,294 | ---- | C] () -- C:\Documents and Settings\User\Desktop\7 Website Pages.zip
[2013/07/18 00:21:22 | 000,051,971 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AddtoCart1.jpg
[2013/07/17 23:49:09 | 002,747,847 | ---- | C] () -- C:\Documents and Settings\User\Desktop\3D book slanted.jpg
[2013/07/17 16:26:47 | 007,499,539 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Joy Implementation.zip
[2013/07/17 12:12:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/15 08:56:40 | 000,971,260 | ---- | C] () -- C:\Documents and Settings\User\Desktop\rpp business card 3.jpg
[2013/07/12 07:14:17 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Auslogics Disk Defrag.lnk
[2013/07/10 03:46:24 | 000,165,103 | ---- | C] () -- C:\Documents and Settings\User\Desktop\logo 0.jpg
[2013/07/09 15:41:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2013/07/08 16:11:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/08 16:11:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/08 16:11:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/08 16:10:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/07/08 16:10:45 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/07/08 16:10:44 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/07/08 16:10:44 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/07/08 16:00:29 | 117,478,104 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avast_free_antivirus_setup(1).exe
[2013/06/29 05:31:44 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/06/27 00:32:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/27 00:32:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/04/08 19:09:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/08 19:09:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/08 19:09:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/08 19:09:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/08 19:09:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/12 14:16:42 | 000,216,303 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012/10/12 14:16:20 | 000,157,445 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012/10/12 13:32:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012/10/07 14:14:42 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/27 22:41:51 | 002,744,116 | ---- | C] () -- C:\Documents and Settings\User\.websiteauditor.properties
[2012/03/27 22:36:53 | 000,453,990 | ---- | C] () -- C:\Documents and Settings\User\.linkassistant.properties
[2012/02/21 09:53:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 08:53:04 | 000,642,415 | ---- | C] () -- C:\Documents and Settings\User\.spyglass.properties
[2012/01/27 05:27:15 | 000,409,412 | ---- | C] () -- C:\Documents and Settings\User\.ranktracker.properties
[2011/11/10 12:59:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2011/10/24 01:54:01 | 000,235,057 | ---- | C] () -- C:\Documents and Settings\User\.spyglass.properties.bak
[2011/08/13 18:59:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/07/07 10:46:23 | 000,832,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1659004503-839522115-1003-0.dat
[2011/07/07 10:46:21 | 000,282,938 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/06 13:36:41 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\TheBestSpinner_Export.dat
[2011/02/05 00:00:24 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 22:12:39 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\User\default.pls

========== ZeroAccess Check ==========

[2009/10/23 12:26:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 01:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/05 18:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/19 18:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2013/07/08 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/08 22:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/07/09 21:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideIPEasy
[2011/08/15 14:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/12/05 17:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/05/11 07:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/05/09 14:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/07/12 07:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2011/07/19 18:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AutoHideIP
[2011/09/21 10:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CherryPickerLive
[2011/12/30 23:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\C__Documents and Settings_User_Desktop_8-16-11_Desktop 7-21_Desktop_Crack_HideIPEasy.exe
[2011/12/30 20:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DDMSettings
[2013/02/22 18:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2010/08/27 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Elluminate
[2011/06/05 13:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EurekaLog
[2011/06/07 14:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2011/07/09 21:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HideIPEasy
[2010/11/02 23:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterTrust
[2012/05/09 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\KeywordOptimizerPro
[2012/05/09 14:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/10/11 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/12/05 17:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2011/05/06 18:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PingKaching.B9E8871763D65D83BA417D8F2D7388AAE4B52F99.1
[2012/10/13 08:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TrojanHunter
[2010/12/08 21:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\webex
[2012/07/31 14:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WikiBomber

========== Purity Check ==========



< End of report >
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it still slow ?

Roughly how long does it take to start ?
  • 0

#30
sdmarie

sdmarie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi - yeah, it's still slow at start-up. I counted 6 mins 59 seconds for windows to start.

Once it started and processes finished loading, I had the following load times:

Firefox 47 seconds

Chrome 49 seconds

MSWord 42 seconds
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP