Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple virus or malware

Started by dolface755 , Sep 13 2013 07:18 PM

  • Please log in to reply

#1
dolface755
Posted 13 September 2013 - 07:18 PM

dolface755

    Member

  • Member
  • PipPipPip
  • 249 posts
Going to try and be as useful as possible about the problems I've been having.
Couple days ago I tried turning my computer on and it said something about press F5 to run some sort of memory test, or F1 to continue loading windows normally. I hit F5 and it ran through this big long test, apparently checking CUP status, memory status and a video something..when it was finished it said I could reboot. When I rebooted I had massive errors, for 1. the clock said it was May 16, 2006 and the time was way off. So i reset the time and tried running me ccleaner, both cleaning the cache and running registry test, and they were both fine. When I went to log onto Yahoo.ca, it said they couldn't find the page and there were a bunch of other errors, but not in the normal format that yahoo uses when issuing alerts to site or whatever. So I decided to run my malware bytes... I updated that and unplugged the internet and ran a full scan of malware bytes and it came back with 18 errors, so I repaired those and rebooted, go the same F5 or F1 problems and after running those again it loaded widows fine except the date was still wrong but this time it was Sept 29, 2007. So I fixed that one again and ran AVG antivirus, it came back with 32 errors, which I repaired or if not possible I put them in vault. I rebooted to computer this time it was ok rebooting but the time is still out of wack and now it was telling me I had 5143 unread messages, which I don't use email on this computer so that baffled me....this time I ran malware and got back that the computer was clean, rebooted and still getting the F5 error






OTL logfile created on: 9/13/2013 5:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.37 Mb Total Physical Memory | 98.98 Mb Available Physical Memory | 19.70% Memory free
1.92 Gb Paging File | 1.30 Gb Available in Paging File | 67.61% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.80 Gb Free Space | 25.23% Space Free | Partition Type: NTFS

Computer Name: JAMES | User Name: James Dean Randall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/13 17:32:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2013/08/16 18:08:39 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/15 11:51:36 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:04:35 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/27 13:27:03 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 03:58:51 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/16 18:08:34 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2009/09/29 04:38:24 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\sss3ml3.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/11 03:58:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 18:08:36 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/27 13:27:03 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/26 19:23:04 | 000,019,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2013/06/26 19:23:02 | 000,023,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2013/06/26 19:23:00 | 000,213,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2013/06/26 19:22:58 | 000,587,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2013/03/10 13:32:25 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/16 01:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/19 18:34:50 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/12/08 14:01:08 | 000,154,752 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3)
DRV - [2009/08/12 15:50:44 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2009/03/05 18:50:53 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/04/09 22:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms}
IE - HKCU\..\SearchScopes\{98F558C2-F7BE-4813-A503-032B96906DA5}: "URL" = http://search.avg.co...}&ychte=ca&nt=1
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.ca"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\TELUS\TELUS security advisor\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/12 14:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/12 14:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 18:08:07 | 000,000,000 | ---D | M]

[2008/08/29 07:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James Dean Randall\Application Data\Mozilla\Extensions
[2013/08/16 18:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 18:08:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/12 14:04:57 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Oberon com adapter (Disabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Disabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files\LivingPlay Games\nplplaypop.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Disabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealDownloader = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: AT_Delbuck = C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neghaibmbjedngldjldidfoobmkkfkle\2_0\

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files\FreePriceAlerts\vbobho.dll (FreePriceAlerts.com)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Copy to &Lightning Note - F:\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta File not found
O8 - Extra context menu item: Open with WordPerfect - f:\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220015542281 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.150.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAB0711E-396F-44A7-89AF-0D26365CD28B}: DhcpNameServer = 64.59.144.16 64.59.150.132
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\James Dean Randall\My Documents\My Pictures\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Dean Randall\My Documents\My Pictures\Windows Live Photo Gallery Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/25 18:01:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 23:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dean Randall\Application Data\FreePriceAlerts
[2013/09/02 23:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\Game Mill Files
[2013/08/16 18:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/13 17:37:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FF96C9A-327F-4195-BC43-57E7748F7963}.job
[2013/09/13 17:26:05 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1035525444-725345543-1004UA.job
[2013/09/13 16:58:42 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/12 13:57:01 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/09 14:26:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1035525444-725345543-1004Core.job
[2013/09/07 13:33:11 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\James Dean Randall\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/06 21:13:16 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Easy DVD Creator.INI
[2013/09/05 18:56:09 | 000,000,026 | ---- | M] () -- C:\WINDOWS\dvdSanta.INI
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/02 23:33:38 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/09/02 17:29:28 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/06 03:23:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2013/02/15 20:07:06 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2012/11/13 14:12:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2012/11/12 20:51:49 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2012/11/12 20:51:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2012/11/12 20:51:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2012/11/12 20:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2012/10/16 01:03:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/10/08 11:53:25 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/09/08 14:06:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2012/09/08 13:54:10 | 000,000,336 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2012/08/29 10:37:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/08/11 22:57:23 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/07/14 10:24:29 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/02/14 16:54:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/11 01:26:59 | 000,000,501 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/09/30 20:11:46 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/30 20:11:46 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/23 10:45:35 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4E3C33B276.sys
[2011/03/23 10:44:31 | 000,003,558 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/03/11 14:29:32 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\fusioncache.dat
[2009/10/28 16:36:29 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\James Dean Randall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/04/04 14:31:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 01:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/01 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2008/09/18 20:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2012/07/10 13:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avalon-Legends-Solitaire
[2012/10/14 11:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/28 12:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/10/23 21:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/15 17:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/09/29 03:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2010/12/28 19:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/08/22 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/03/23 10:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2012/06/17 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2012/06/17 11:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/02/13 02:34:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/23 20:49:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/12/28 21:30:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/11/14 05:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Gaming
[2010/12/28 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/03/12 16:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2012/04/29 23:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2010/03/31 22:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2013/07/12 13:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/10/05 20:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/09/01 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/23 15:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006/09/29 02:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/03/12 23:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2012/04/29 17:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2012/05/01 11:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/24 23:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/02/07 21:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCapv1006
[2011/05/06 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/04/18 08:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2012/06/27 12:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS
[2013/03/08 00:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/14 11:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
[2012/09/08 14:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/04/02 08:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2013/03/10 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2011/03/08 17:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/09/06 14:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X5
[2011/02/07 05:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/14 11:18:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/09/30 22:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Ancient Quest of Saqqarah__city
[2012/04/29 10:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Auslogics
[2012/10/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\AVG
[2013/02/12 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\AVG2013
[2012/07/13 13:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Big Fish Games
[2013/03/06 16:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Blue Tea Games
[2011/03/23 20:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Canon
[2013/02/27 02:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\cerasus.media
[2011/05/06 21:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/07 13:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\DarkParablesBriarRose_BFG
[2012/07/14 11:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\DikobrazGames
[2013/03/07 23:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\ERS Game Studios
[2010/04/18 02:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\F-Secure
[2013/05/28 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Foxit Software
[2013/09/02 23:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\FreePriceAlerts
[2012/04/29 17:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\GameHouse
[2013/03/22 21:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\GameMill Entertainment
[2013/03/06 03:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Ghost Ship Studios
[2013/01/07 15:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Go2PCsoft
[2012/11/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\InterVideo
[2008/08/26 23:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Leadertech
[2008/09/01 18:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\MSNInstaller
[2012/04/29 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Oberon Media
[2012/06/27 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Oracle
[2013/02/05 22:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\PopCap Games
[2011/05/19 11:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\PySolFC
[2012/11/12 00:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Rainbow
[2011/03/08 17:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\RegistryKeys
[2013/02/27 02:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Rumbic Studio
[2013/01/13 11:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Shareaza
[2010/08/07 20:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Sierra Wireless
[2012/08/11 13:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Skip-Bo
[2013/07/16 15:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\SoftGrid Client
[2013/02/06 14:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\SpinTop Games
[2011/04/18 09:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Teleca
[2012/06/27 12:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\TELUS
[2011/03/12 21:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\TP
[2012/10/08 11:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\TuneUp Software
[2012/09/08 14:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\Ulead Systems
[2013/09/05 19:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\uTorrent
[2008/08/28 15:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\VCOM
[2013/03/10 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dean Randall\Application Data\VSO

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\James Dean Randall\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\DMmusic:Shareaza.GUID
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14B2E0BD
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC3A9923
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80BFDE16
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3331ADB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F16D671
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C71A42B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CACEF61

< End of report >

I'm going to attach the results file from Malware bytes that I did just today..this is the latest date shown on malware and yet I've run Malware 2 times today


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
James Dean Randall :: JAMES [administrator]

7/23/2013 11:12:15 AM
mbam-log-2013-07-23 (11-12-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236631
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end



not sure where to go from here.....it is a friends computer that I"m borrowing and I honestly have never dealt with a computer that has a spare drive for recovery or for that matter how I would go about using it....she doesn't have the disk because the company she got it from preloads windows and gives you a registration code but no CD

Thank you for your help
  • 0

Advertisements

#2
nathdep
Posted 15 September 2013 - 08:01 AM

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello, dolface755 and :welcome:

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process! :)


Here are some general steps to follow during the malware removal process:

  • Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  • Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  • Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  • Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
    issues     as this added information can shed even more light to the problems you are experiencing.

I have to get my first fix approved by my teacher. I will be back ASAP!
  • 0

#3
dolface755
Posted 15 September 2013 - 09:14 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
nice to meet you and thank you for your help

as of rebooting this afternoon time and date seems fine....and i'm not getting the blue screen upon start up saying i need to check memory

I've re updated Malware and am going to run again and see if anything comes up
  • 0

#4
dolface755
Posted 16 September 2013 - 07:34 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
I want to thank you for your interest in helping me with my errant computer...I have figured out that the problem is a faulty battery that doesn't stay charged therefor the bios always resets the date and time and from there the problems spiral....at least that's what I'm hoping... I have kept the machine plugged in and have yet to see the same errors until I unplug it again.....if there's something in the logs that I did send that you think I missed please email me and let me know and I will review them
  • 0

#5
nathdep
Posted 17 September 2013 - 09:15 PM

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again! :)

I suspect that the CMOS battery is giving you issues as well. Have you repaired it yet?

I did notice some adware that was installed on your system so why don't we take care of that since you are already here.

Please follow these instructions very carefully:

First, you will need to run AdwCleaner:
  • Download AdwCleaner from here to your Desktop.
  • Open AdwCleaner
  • Click the Scan button:
    Posted Image
  • Allow the scan to complete unhindered.
  • After the scan has completed, click the Report button.
  • Copy and paste the contents of the resulting log in your next reply

In your next post, be sure to include:
  • The AdwCleaner log
  • A report on if you experienced any problems while following the above instructions

  • 0

#6
dolface755
Posted 22 September 2013 - 12:49 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
I've tried downloading that program 3 different times in all 3 of my internet programs and it still comes up and says there's a virus in the dowmload, so I'm sorry but I am not going to be installing that particular program. I haven't encountered any more problems other then like I said the battery in the laptop is completely dead and will no longer hold a charge, so the minute I unplug it I have to reset the bios time. Other then that I haven't encountered any problems other then constant slow running in facebook along with some script errors when on the net.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP