Inactive Laptop problem - struggling to even carry out 6-step preliminary removal

[Timtrash]

Hello

I am trying to help a friend whose laptop is pretty much at a standstill. I have brought it home and run CCleaner and disc clean up utility, to no avail. I am now trying to carry out the preliminary removal steps, but I am struggling to even get past the first step.

I downloaded Avast and the other software onto a CD, and installed Avast from the disk onto the laptop. Avast hung on the initial scan after install. So I rebooted, opened the programme and tried to do a full scan. It started and the time counter ticked away, but no files would scan.

Now I have booted into safe mode and am running a scan, which does look like it is working, but I thought I should check to see if I am going about this the right way before going any further.

Hope you can help - thanks

 

[Broni]

Complete as many steps as you can.

 

[Timtrash]

Thanks Broni. It is still running Avast's full scan, still in safe mode. Been running now for 4 hours 11 minutes, and has been sat at 48 per cent for some time. Some stats in case it's useful:

Scan speed - 1.1MB per second
Tested files/folders - 37969/2362
Amount of data tested - 16.2 GB
Infected files: 1

Should I just leave it going overnight?

 

[Broni]

Keep it going

 

[Timtrash]

Hi, this is not looking good! An Avast full scan (safe mode) took 14 hours, with one threat found. I moved it to virus chest, then scheduled a boot-time scan. I did the boot-time scan last night and that took about 6 hours.

When I finally rebooted into normal mode, I tried to run a full scan (to start the 6-step removal procedure), and the PC flashed up some kind of error message (too fast to read) and rebooted. I tried to run it again. This time it did start, but it would not move.The "kb scanned" rate dropped right down to 8kb, and the "files/folders scanned" wouldn't tick over, leaving the scan hanging on 0 per cent. I don't think it is doing anything so after half an hour of that I turned the PC off (had to go to work!)

The preliminary removal advice insist that you carry out all steps IN THE ORDER GIVEN. If I am not able to perform a full scan with Avast, what should I do? Try to run the other steps regardless? Hope you can help.

Thanks

 

[Broni]

Skip Avast for now.

 

[Timtrash]

Hi, I managed to carry out scans using Malwarebytes, GMER and Dds, but they all had to be done in safe mode. However, I have spent the last few days trying everything I can think of to get the scan logs off the laptop and onto my PC so I could paste them in a reply. But to no avail, I can't burn to disc in safe mode, and various attempts to get it to recognise as USB stick have failed. I am now wondering if this is even a virus at all and am thinking these kind of problems indicate a hard disk failure. Is there a way to tell for definite either way?

 

[Broni]

Is there a problem with internet connection?

 

[Timtrash]

I haven't been able to get online. I've been scanning in safe mode with networking but every time I have tried to launch IE and Chrome they just sat there and freeze. However, now, I can't even boot up in safe mode. I get to the welcome screen, click on Administrator to launch it, and it just hangs. Does this evidence point increasingly to hard drive failure I wonder?

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[Timtrash]

Hi - it worked! Thanks so much. I have pasted the report contents below.

OTL logfile created on: 9/17/2011 10:49:58 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 838.00 Mb Available Physical Memory | 83.00% Memory free
902.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.59 Gb Free Space | 78.62% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 0.84 Gb Free Space | 11.26% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/06 14:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2006/09/28 13:56:14 | 000,055,808 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 14:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/07/12 03:20:02 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/12 03:07:09 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2008/05/16 08:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 08:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 08:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 08:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 08:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 08:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 08:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/03 00:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/02/16 10:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/22 21:56:44 | 000,988,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 21:56:00 | 000,209,664 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 21:55:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/09 19:38:24 | 000,006,909 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
DRV - [2002/06/20 21:32:50 | 000,014,032 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ax88172.sys -- (AX88172)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.USER-058F6747B7_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\User_ON_C..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.USER-058F6747B7_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 12:30:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Videos
[2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Pictures
[2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Music
[2011/09/13 16:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\Malwarebytes
[2011/09/13 16:26:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/13 16:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/13 16:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/13 16:26:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/13 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011/09/13 16:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/11 11:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/09/11 11:48:04 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/11 11:48:04 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/11 11:47:59 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/11 11:47:59 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/11 11:47:58 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/11 11:43:38 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/11 11:43:38 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/11 11:43:37 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/11 11:23:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/11 11:22:03 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/11 11:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/11 11:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/11 06:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\SUPERAntiSpyware.com
[2011/09/11 06:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/11 06:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/11 06:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/11 05:56:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/09/11 05:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/09/11 05:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2011/09/11 05:46:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Recent
[2011/09/11 05:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/11 05:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/09 17:49:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Administrative Tools
[2011/09/09 11:34:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/09/09 09:53:43 | 000,000,000 | ---D | C] -- C:\0544e7f4369e761b41fe2e960fc3
[2011/09/09 09:24:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\Microsoft
[2011/09/09 09:24:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data
[2011/09/09 09:24:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Cookies
[2011/09/09 09:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Favorites
[2011/09/09 09:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop
[2011/09/09 09:24:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\SendTo
[2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Startup
[2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu
[2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Accessories
[2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Templates
[2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\PrintHood
[2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\NetHood
[2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Local Settings
[2011/09/09 09:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents
[2011/09/09 09:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Local Settings\Application Data\Microsoft
[2011/09/09 05:39:38 | 000,000,000 | ---D | C] -- C:\0cbc7056403b0b6ee7e2c4d32e
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/17 16:28:30 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-1417001333-1003UA.job
[2011/09/17 16:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/17 15:25:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\Shortcut to Internet.lnk
[2011/09/17 14:44:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/13 16:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/11 11:48:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/11 11:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/09/11 11:44:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/11 11:04:43 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-1417001333-1003Core.job
[2011/09/11 10:59:03 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 06:03:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/11 06:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/11 05:47:18 | 000,114,820 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\cc_20110911_104709.reg
[2011/09/11 05:43:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/11 05:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/09 12:40:31 | 021,816,824 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\VolumeCaches.reg
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/17 15:25:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\Shortcut to Internet.lnk
[2011/09/11 11:48:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/11 10:59:03 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 06:03:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/11 05:47:16 | 000,114,820 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\cc_20110911_104709.reg
[2011/09/11 05:43:09 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/09 12:39:12 | 021,816,824 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\VolumeCaches.reg
[2011/09/09 09:24:26 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Remote Assistance.lnk
[2011/09/09 09:24:26 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Windows Media Player.lnk
[2010/06/23 02:57:30 | 000,069,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/11/06 21:26:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2008/08/26 15:36:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/25 04:34:46 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dpu10.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:48:40 | 001,044,480 | ---- | C] () -- C:\WINDOWS\System32\libdivx.dll
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/12 03:20:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/12 03:11:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/07/12 03:11:55 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/07/12 03:11:55 | 000,400,152 | ---- | C] () -- C:\WINDOWS\System32\igxpun.exe
[2008/07/11 20:21:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/11 12:33:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/11 12:27:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 001,114,896 | ---- | C] () -- C:\WINDOWS\System32\esent97.dll
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,346,112 | ---- | C] () -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/04/14 08:00:00 | 000,312,348 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,193,024 | ---- | C] () -- C:\WINDOWS\System32\napmontr.dll
[2008/04/14 08:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\mapistub.dll
[2008/04/14 08:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\odbccr32.dll
[2008/04/14 08:00:00 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\driverquery.exe
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\jgsd400.dll
[2008/04/14 08:00:00 | 000,040,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\eapsvc.dll
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\adptif.dll
[2008/04/14 08:00:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\encapi.dll
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/09/28 13:56:14 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\WudfSvc.dll
[2001/08/17 18:36:34 | 000,077,890 | ---- | C] () -- C:\WINDOWS\System32\usrdpa.dll

========== LOP Check ==========

[2010/02/15 15:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
[2008/10/30 15:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Snapfish
[2011/09/11 11:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/11/06 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/11/17 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/01/18 20:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

========== Purity Check ==========


< End of report >

 

[Broni]

OK, the problem is that I don't see anything malicious there, nor any incorrect setting.
We're not dealing with malware issue here.

I suggest you start new topic in Windows forum.

 

[Timtrash]

OK, thank you very much for all of your help with this and for persevering with this thread. I am grateful for the help and advice. I will do as you suggest and begin a new thread, but it looks pretty clear it is the hard drive. Thanks again Broni. All the best.

 

[Broni]

Could be a hard drive.

Good luck!