TechSpot

Laptop running slow

Solved
By familyman14
Jan 6, 2013
  1. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-1999489102-630139991-3584140911-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1999489102-630139991-3584140911-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\ProgramData\e5xj34e0cb2pjt moved successfully.
    C:\ProgramData\cupibp5b3wqn8vij3aox8y410e1b moved successfully.
    C:\ProgramData\p01466yq787g02dkm22q moved successfully.
    C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\@ moved successfully.
    C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\L folder moved successfully.
    C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\U folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gramps
    ->Temp folder emptied: 22505647 bytes
    ->Temporary Internet Files folder emptied: 107509568 bytes
    ->Java cache emptied: 54421 bytes
    ->Google Chrome cache emptied: 7168501 bytes
    ->Flash cache emptied: 4342 bytes

    User: Mumbles2x
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 670079481 bytes
    ->Java cache emptied: 8871324 bytes
    ->Flash cache emptied: 509 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13100 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 778.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Gramps
    ->Java cache emptied: 0 bytes

    User: Mumbles2x
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gramps
    ->Flash cache emptied: 0 bytes

    User: Mumbles2x
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01122013_121254
    Files\Folders moved on Reboot...
    C:\Users\Gramps\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVPIE487\918[2].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVPIE487\ads[2].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVPIE487\page-2[1].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVPIE487\zrt_lookup[1].html moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3QNDL2F\partner[4].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Yes, reinstall Avira as soon as possible.
     
  3. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Reinstalled avira and am waiting for my kid to come home so I can use his laptop to do next step.
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  5. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
    Ran by SYSTEM at 15-01-2013 07:22:12
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1574176 2012-12-20] (Ask)
    HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [384800 2012-12-04] (Avira Operations GmbH & Co. KG)
    HKU\Mumbles2x\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
    HKU\Mumbles2x\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
    HKU\Mumbles2x\...\Run: [Akamai NetSession Interface] "C:\Users\Mumbles2x\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
    HKU\Mumbles2x\...\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe -update activex [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ==================== Services (Whitelisted) ===================

    2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-11] (Akamai Technologies, Inc.)
    2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [85280 2012-12-04] (Avira Operations GmbH & Co. KG)
    2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [109344 2012-12-04] (Avira Operations GmbH & Co. KG)
    2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [565024 2012-12-04] (Avira Operations GmbH & Co. KG)

    ==================== Drivers (Whitelisted) =====================

    2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [99912 2012-12-03] (Avira Operations GmbH & Co. KG)
    1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [129216 2012-12-03] (Avira Operations GmbH & Co. KG)
    1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27800 2012-11-16] (Avira Operations GmbH & Co. KG)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-12 11:02 - 2013-01-12 11:02 - 00000000 ____D C:\Users\Gramps\AppData\Roaming\Avira
    2013-01-12 11:00 - 2013-01-12 11:00 - 00000000 ____D C:\Users\Gramps\AppData\Local\AskToolbar
    2013-01-12 10:59 - 2013-01-12 10:59 - 00002077 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
    2013-01-12 10:59 - 2013-01-12 10:59 - 00000000 ____D C:\Program Files (x86)\Ask.com
    2013-01-12 10:58 - 2013-01-12 10:58 - 00000000 ____D C:\Program Files (x86)\Avira
    2013-01-12 10:58 - 2012-12-03 12:36 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
    2013-01-12 10:58 - 2012-12-03 12:36 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
    2013-01-12 10:58 - 2012-11-16 17:17 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
    2013-01-12 09:12 - 2013-01-12 09:12 - 00000000 ____D C:\_OTL
    2013-01-12 08:03 - 2013-01-12 08:03 - 00062268 ____A C:\Users\Gramps\Desktop\OTL.Txt
    2013-01-12 08:03 - 2013-01-12 08:03 - 00053888 ____A C:\Users\Gramps\Desktop\Extras.Txt
    2013-01-12 07:55 - 2013-01-12 07:55 - 00602112 ____A (OldTimer Tools) C:\Users\Gramps\Desktop\OTL.exe
    2013-01-12 07:53 - 2013-01-12 07:53 - 00001104 ____A C:\Users\Gramps\Desktop\JRT.txt
    2013-01-12 07:45 - 2013-01-12 07:45 - 00000000 ____D C:\Windows\ERUNT
    2013-01-12 07:45 - 2013-01-12 07:45 - 00000000 ____D C:\JRT
    2013-01-12 07:39 - 2013-01-12 07:39 - 00003823 ____A C:\AdwCleaner[S1].txt
    2013-01-12 07:38 - 2013-01-12 07:38 - 00554087 ____A C:\Users\Gramps\Downloads\adwcleaner.exe
    2013-01-12 07:38 - 2013-01-12 07:38 - 00003691 ____A C:\AdwCleaner[R1].txt
    2013-01-10 05:11 - 2013-01-10 05:11 - 00000000 ____D C:\Users\Gramps\Downloads\mbar-1.01.0.1011
    2013-01-10 05:10 - 2013-01-10 05:10 - 13485902 ____A C:\Users\Gramps\Downloads\mbar-1.01.0.1011.zip
    2013-01-10 04:46 - 2013-01-10 05:09 - 00000000 ____D C:\Users\Gramps\Desktop\mbar-1.01.0.1011[1]
    2013-01-10 04:38 - 2013-01-10 04:38 - 00000000 ____D C:\Users\Gramps\AppData\Roaming\WinRAR
    2013-01-09 13:23 - 2013-01-09 13:23 - 00013634 ____A C:\ComboFix.txt
    2013-01-08 13:21 - 2013-01-08 13:21 - 00000000 ____D C:\3289d9febc9d439307069b
    2013-01-08 12:31 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-01-08 12:31 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-01-08 12:31 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-01-08 12:31 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-01-08 12:31 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-01-08 12:31 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-01-08 12:31 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-01-08 12:31 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-01-08 12:26 - 2013-01-09 13:23 - 00000000 ____D C:\Qoobox
    2013-01-08 12:25 - 2013-01-08 12:19 - 05019950 ____R (Swearware) C:\Users\Gramps\Downloads\ComboFix.exe
    2013-01-08 12:14 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
    2013-01-08 12:14 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2013-01-08 12:14 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2013-01-08 12:14 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2013-01-08 12:14 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
    2013-01-08 12:14 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
    2013-01-08 12:14 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
    2013-01-08 12:14 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
    2013-01-08 12:14 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
    2013-01-08 12:14 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
    2013-01-08 12:14 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
    2013-01-08 12:14 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2013-01-08 12:14 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2013-01-08 12:14 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-01-08 12:14 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-01-08 12:14 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-01-08 12:14 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-01-08 12:14 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-01-08 12:14 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-01-08 12:14 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-01-08 12:14 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-01-08 12:14 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-01-08 12:14 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-01-08 12:14 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-01-08 12:14 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-01-08 12:14 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-01-08 12:14 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-01-08 12:14 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
    2013-01-08 12:14 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
    2013-01-08 12:14 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2013-01-08 12:14 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2013-01-08 12:14 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-08 12:14 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-01-08 12:14 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-01-08 12:14 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-01-08 12:14 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-08 12:14 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-01-08 12:14 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-01-08 12:14 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-01-08 12:13 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-08 12:13 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-01-07 16:42 - 2013-01-07 16:42 - 00001923 ____A C:\Users\Gramps\Desktop\aswMBR.txt
    2013-01-07 16:42 - 2013-01-07 16:42 - 00000512 ____A C:\Users\Gramps\Desktop\MBR.dat
    2013-01-07 16:11 - 2013-01-07 16:11 - 00001723 ____A C:\Users\Gramps\Desktop\RKreport[2]_D_01072013_02d1911.txt
    2013-01-07 16:10 - 2013-01-07 16:10 - 00001851 ____A C:\Users\Gramps\Desktop\RKreport[1]_S_01072013_02d1910.txt
    2013-01-07 16:09 - 2013-01-07 16:11 - 00000000 ____D C:\Users\Gramps\Desktop\RK_Quarantine
    2012-12-20 17:32 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-20 17:32 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-20 17:32 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-20 17:32 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-19 14:56 - 2012-12-19 14:56 - 00002223 ____A C:\Users\Public\Desktop\Google Earth.lnk


    ==================== One Month Modified Files and Folders =======

    2013-01-15 04:18 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-15 04:18 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-15 04:17 - 2010-10-24 23:07 - 01052704 ____A C:\Windows\WindowsUpdate.log
    2013-01-15 04:15 - 2013-01-15 04:15 - 00000000 ____D C:\FRST
    2013-01-15 04:15 - 2009-07-13 21:13 - 00732510 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-15 04:13 - 2012-12-01 11:49 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-15 04:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-15 04:12 - 2009-07-13 20:51 - 00052690 ____A C:\Windows\setupact.log
    2013-01-14 18:02 - 2012-09-01 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-14 17:54 - 2012-12-01 11:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-13 06:40 - 2010-09-09 18:28 - 00514284 ____A C:\Windows\PFRO.log
    2013-01-12 15:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-01-12 11:02 - 2013-01-12 11:02 - 00000000 ____D C:\Users\Gramps\AppData\Roaming\Avira
    2013-01-12 11:00 - 2013-01-12 11:00 - 00000000 ____D C:\Users\Gramps\AppData\Local\AskToolbar
    2013-01-12 10:59 - 2013-01-12 10:59 - 00002077 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
    2013-01-12 10:59 - 2013-01-12 10:59 - 00000000 ____D C:\Program Files (x86)\Ask.com
    2013-01-12 10:58 - 2013-01-12 10:58 - 00000000 ____D C:\Program Files (x86)\Avira
    2013-01-12 10:58 - 2012-05-14 11:01 - 00000000 ____D C:\Users\All Users\Avira
    2013-01-12 09:12 - 2013-01-12 09:12 - 00000000 ____D C:\_OTL
    2013-01-12 09:12 - 2012-01-11 11:49 - 00000000 __SHD C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}
    2013-01-12 08:03 - 2013-01-12 08:03 - 00062268 ____A C:\Users\Gramps\Desktop\OTL.Txt
    2013-01-12 08:03 - 2013-01-12 08:03 - 00053888 ____A C:\Users\Gramps\Desktop\Extras.Txt
    2013-01-12 07:55 - 2013-01-12 07:55 - 00602112 ____A (OldTimer Tools) C:\Users\Gramps\Desktop\OTL.exe
    2013-01-12 07:53 - 2013-01-12 07:53 - 00001104 ____A C:\Users\Gramps\Desktop\JRT.txt
    2013-01-12 07:45 - 2013-01-12 07:45 - 00000000 ____D C:\Windows\ERUNT
    2013-01-12 07:45 - 2013-01-12 07:45 - 00000000 ____D C:\JRT
    2013-01-12 07:39 - 2013-01-12 07:39 - 00003823 ____A C:\AdwCleaner[S1].txt
    2013-01-12 07:38 - 2013-01-12 07:38 - 00554087 ____A C:\Users\Gramps\Downloads\adwcleaner.exe
    2013-01-12 07:38 - 2013-01-12 07:38 - 00003691 ____A C:\AdwCleaner[R1].txt
    2013-01-11 19:24 - 2012-09-22 18:51 - 00000000 ____D C:\Users\Gramps\AppData\Local\CrashDumps
    2013-01-10 05:11 - 2013-01-10 05:11 - 00000000 ____D C:\Users\Gramps\Downloads\mbar-1.01.0.1011
    2013-01-10 05:10 - 2013-01-10 05:10 - 13485902 ____A C:\Users\Gramps\Downloads\mbar-1.01.0.1011.zip
    2013-01-10 05:09 - 2013-01-10 04:46 - 00000000 ____D C:\Users\Gramps\Desktop\mbar-1.01.0.1011[1]
    2013-01-10 05:02 - 2012-09-01 17:22 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-10 05:02 - 2011-05-17 10:27 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-10 04:38 - 2013-01-10 04:38 - 00000000 ____D C:\Users\Gramps\AppData\Roaming\WinRAR
    2013-01-09 13:23 - 2013-01-09 13:23 - 00013634 ____A C:\ComboFix.txt
    2013-01-09 13:23 - 2013-01-08 12:26 - 00000000 ____D C:\Qoobox
    2013-01-09 13:21 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-01-09 13:12 - 2009-07-13 21:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-01-08 17:10 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-08 13:21 - 2013-01-08 13:21 - 00000000 ____D C:\3289d9febc9d439307069b
    2013-01-08 13:13 - 2011-01-18 18:28 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-01-08 12:19 - 2013-01-08 12:25 - 05019950 ____R (Swearware) C:\Users\Gramps\Downloads\ComboFix.exe
    2013-01-07 16:42 - 2013-01-07 16:42 - 00001923 ____A C:\Users\Gramps\Desktop\aswMBR.txt
    2013-01-07 16:42 - 2013-01-07 16:42 - 00000512 ____A C:\Users\Gramps\Desktop\MBR.dat
    2013-01-07 16:11 - 2013-01-07 16:11 - 00001723 ____A C:\Users\Gramps\Desktop\RKreport[2]_D_01072013_02d1911.txt
    2013-01-07 16:11 - 2013-01-07 16:09 - 00000000 ____D C:\Users\Gramps\Desktop\RK_Quarantine
    2013-01-07 16:10 - 2013-01-07 16:10 - 00001851 ____A C:\Users\Gramps\Desktop\RKreport[1]_S_01072013_02d1910.txt
    2013-01-06 14:50 - 2012-12-01 06:27 - 00000000 ____D C:\Users\Gramps\AppData\Local\WinZip
    2013-01-06 05:55 - 2011-12-29 17:06 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-06 05:55 - 2011-01-31 10:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-19 14:56 - 2012-12-19 14:56 - 00002223 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-12-19 14:56 - 2010-09-09 18:08 - 00000000 ____D C:\Program Files (x86)\Google
    2012-12-16 09:11 - 2012-12-20 17:32 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 06:45 - 2012-12-20 17:32 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 06:13 - 2012-12-20 17:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-16 06:13 - 2012-12-20 17:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-27 16:25:15
    Restore point made on: 2012-12-02 16:20:56
    Restore point made on: 2012-12-02 16:21:11
    Restore point made on: 2012-12-02 17:13:59
    Restore point made on: 2012-12-11 18:17:33
    Restore point made on: 2012-12-20 17:32:34
    Restore point made on: 2013-01-08 12:15:23
    Restore point made on: 2013-01-08 13:11:06
    Restore point made on: 2013-01-08 13:21:23
    Restore point made on: 2013-01-10 04:25:37
    Restore point made on: 2013-01-12 20:37:03

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 2933.86 MB
    Available physical RAM: 2449.35 MB
    Total Pagefile: 2932.01 MB
    Available Pagefile: 2429.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (TI105927W0F) (Fixed) (Total:286.29 GB) (Free:248.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (KAV_2011_S2) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
    4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 492 MB 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 286 GB 1501 MB
    Partition 3 Primary 10 GB 287 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI105927W0F NTFS Partition 286 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 491 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 491 MB Healthy

    =========================================================

    Last Boot: 2012-12-03 08:47

    ==================== End Of Log =============================
     
  6. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Farbar Recovery Scan Tool (x64) Version: 15-01-2013
    Ran by SYSTEM at 2013-01-15 07:24:32
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\ERDNT\cache64\services.exe
    [2011-01-31 12:30] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    That looks good.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  8. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
     
  9. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Farbar Service Scanner Version: 16-01-2013
    Ran by Gramps (administrator) on 15-01-2013 at 16:43:19
    Running from "C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NOZKLWTZ"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
     
  10. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    No virus' found with ESET.
     
  11. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ======================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
     
  12. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gramps
    ->Temp folder emptied: 63351 bytes
    ->Temporary Internet Files folder emptied: 16101427 bytes
    ->Java cache emptied: 1880 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Mumbles2x
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gramps
    ->Flash cache emptied: 0 bytes

    User: Mumbles2x
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Gramps
    ->Java cache emptied: 0 bytes

    User: Mumbles2x
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01152013_211957
    Files\Folders moved on Reboot...
    C:\Users\Gramps\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3EIE2B9\918[1].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3EIE2B9\partner[1].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJM7VVOQ\page-2[2].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OHSJSMZ\ads[2].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OHSJSMZ\partner[2].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OHSJSMZ\zrt_lookup[1].html moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03I1XY6D\partner[1].htm moved successfully.
    C:\Users\Gramps\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 46,860   +254

     
  14. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    ;) I didn't forget step 14 I was checking websites I go to that I was having problems with to see if any change and I am happy to report that my videos are loading faster and not buffering constantly as well as webpages. Thank you so much for your time.
     
  15. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Yes!! [​IMG]
    Good luck and stay safe :)
     
    familyman14 likes this.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.