RangerPHX
2013-09-24, 07:52
Monday, September 23, 2013
My computer is running very slow and just a short time past I was unable to connect with the internet, using IE9, Google, or Opera. Only Firefox connected as well as some stand alone Update Programs but not all: There was no problem in Safe Mode. Using different repair program this was resolved but very sorry to say I don't know which program fixed that issue; but the slow operation even short freeze ups, have not. I used "System Mechanic", "Advanced System Care Beta v 1.0 and 2.0", and "eFix Pro".
Additionally I use CC Cleaner on a regular (almost daily) basis, cleaning all but select Cookies and History currently (when the slowdown first started I did all Browser items, and "Old Prefetch Data").
Regarding Virus and Malware, I have run all of these (aforementioned)programs in Safe Mode and deleted all items found by these programs. AVG AntiVirus Free Edition 2013 is my current TSR program which replaced Comodo's Free Version. {fyi: I acquired this computer used without a clean set of files nor the OS, there were several User Accounts, which I deleted through the User Account Utility}
Advanced System Care
AVG Free Edition 2013 (TSR)
Hitman Pro
EmsiSoft Emergency Kit
IObit Malware Fighter
Malwarebytes AntiMalware
Spybot S&D*
SuperAnti Spyware - Free Edition
Sophos Virus Removal Tool
SpyHunter-4*
* But I did not purchase it and after all other scans, SpyHunter4 found 54 problems including what it labeled as serious, further some of the items were shown as being in the Registry. I have Screen Prints.
REQUESTED SCANS:
>>ASWmbr
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-23 10:45:58
-----------------------------
10:45:58.777 OS Version: Windows 6.0.6002 Service Pack 2
10:45:58.777 Number of processors: 2 586 0x605
10:45:58.779 ComputerName: COL-VELSOR UserName: Colonel
10:45:59.883 Initialize success
10:54:27.867 AVAST engine defs: 13092300
10:59:15.950 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:59:15.952 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
10:59:16.072 Disk 0 MBR read successfully
10:59:16.075 Disk 0 MBR scan
10:59:16.120 Disk 0 unknown MBR code
10:59:16.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229545 MB offset 63
10:59:16.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8926 MB offset 470110095
10:59:16.170 Disk 0 scanning sectors +488392065
10:59:16.343 Disk 0 scanning C:\Windows\system32\drivers
10:59:38.803 Service scanning
11:00:06.508 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
11:00:24.651 Modules scanning
11:00:41.502 Disk 0 trace - called modules:
11:00:41.555 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
11:00:41.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dba620]
11:00:41.574 3 CLASSPNP.SYS[86bbe8b3] -> nt!IofCallDriver -> [0x852fd830]
11:00:41.581 5 acpi.sys[806a16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852f4660]
11:00:42.579 AVAST engine scan C:\Windows
11:00:53.509 AVAST engine scan C:\Windows\system32
11:08:08.000 AVAST engine scan C:\Windows\system32\drivers
11:08:31.720 AVAST engine scan C:\Users\Colonel
11:25:21.062 AVAST engine scan C:\ProgramData
11:33:28.676 Scan finished successfully
12:00:22.696 Disk 0 MBR has been saved successfully to "C:\Users\Colonel\Desktop\MBR.dat"
12:00:22.703 The log file has been saved successfully to "C:\Users\Colonel\Desktop\aswMBR.txt"
>>>DDS TEXT
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2
Run by Colonel at 19:22:33 on 2013-09-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.276 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Privatefirewall *Enabled* {F9380B5D-D31C-8B74-72FB-D86DF39490C2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files COL\System Explorer\SystemExplorer.exe
C:\Program Files COL\WinPatrol\WinPatrol.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files COL\System Explorer\service\SystemExplorerService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRAM FILES\GADWIN SYSTEMS\PRINTSCREEN\PRINTSCREEN.EXE
C:\PROGRAM FILES\SPEEDFAN\SPEEDFAN.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
uRun: [System Explorer] c:\program files col\system explorer\SystemExplorer.exe
uRun: [WinPatrol] c:\program files col\winpatrol\winpatrol.exe -expressboot
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [SystemExplorerAutoStart] "c:\program files col\system explorer\SystemExplorer.exe" /TRAY
StartupFolder: c:\users\colonel\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files col\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDriveAutoRun = dword:67108835
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{BB34FE66-7D9B-4632-8286-CEE5FCCECF50} : DHCPNameServer = 192.168.0.1 205.171.2.25
Notify: igfxcui - <no file>
Notify: SDWinLogon - <no file>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files col\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-25 18:00; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: 2013-08-11 02:15; jid0-8PuBX6ppPYHJ9qopWqHMf11w69g@jetpack; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\jid0-8PuBX6ppPYHJ9qopWqHMf11w69g@jetpack.xpi
FF - ExtSQL: 2013-08-11 02:16; {E6C1199F-E687-42da-8C24-E7770CC3AE66}; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF - ExtSQL: 2013-08-29 04:51; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 65000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: browser.blink_allowed - false
FF - user.js: browser.xul.error_pages.enabled - false
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: dom.disable_window_open_feature.resizable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-8-22 146232]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-8-22 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-8-1 26936]
R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [2013-8-8 45952]
R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [2013-8-8 48640]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\run\a2ddax86.sys [2013-9-9 22056]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120120]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-8-22 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-8-1 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-8-22 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [2013-8-8 27648]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-8-23 26248]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-9-9 50200]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-3 22856]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2013-8-30 21480]
S4 IObitUnlocker;IObitUnlocker;c:\program files col\iobit unlocker\IObitUnlocker.sys [2013-6-18 28016]
.
=============== Created Last 30 ================
.
2013-09-23 19:50:43 -------- d-----w- c:\users\colonel\appdata\roaming\AVG2014
2013-09-23 19:42:35 -------- d-----w- c:\programdata\AVG2014
2013-09-23 19:39:13 -------- d-----w- c:\users\colonel\appdata\local\Avg2014
2013-09-19 17:51:09 -------- d--h--w- C:\TMP
2013-09-16 21:29:48 -------- d-----r- c:\users\colonel\Favorities F Fox
2013-09-11 15:16:48 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 15:16:46 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-09 20:13:13 -------- d-----w- c:\programdata\ProductData
2013-09-09 19:37:05 -------- d-----w- C:\EEK
2013-09-09 19:13:17 -------- d-----w- C:\FRST
2013-09-09 19:09:31 -------- d-----w- c:\users\colonel\Pavark
2013-09-05 21:40:01 -------- d-----w- c:\users\colonel\appdata\local\Citrix
2013-08-29 12:30:38 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-29 11:07:21 22328 ----a-w- c:\windows\system32\authuitu.dll
2013-08-29 11:07:16 30008 ----a-w- c:\windows\system32\uxtuneup.dll
2013-08-29 11:03:36 32568 ----a-w- c:\windows\system32\TURegOpt.exe
2013-08-29 11:02:30 -------- d-----w- c:\users\colonel\appdata\roaming\AVG
2013-08-29 11:00:17 -------- d-----w- c:\programdata\AVG
2013-08-29 10:59:41 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-28 07:37:06 -------- d-----w- c:\users\colonel\App REPORTS
2013-08-27 16:08:20 -------- d-----w- c:\users\colonel\appdata\roaming\TuneUp Software
2013-08-27 16:07:15 -------- d--h--w- C:\$AVG
2013-08-27 16:05:30 -------- d-----w- c:\program files\AVG
2013-08-27 15:59:47 -------- d--h--w- c:\programdata\Common Files
2013-08-27 15:59:47 -------- d-----w- c:\users\colonel\appdata\local\MFAData
2013-08-27 15:59:47 -------- d-----w- c:\programdata\MFAData
2013-08-27 15:49:21 128672 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2013-08-27 15:49:09 -------- d-----w- c:\program files\Privacyware
2013-08-27 15:45:50 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dee56636-1bec-4cd6-8d8e-b2aecd7e2f39}\mpengine.dll
2013-08-27 14:27:16 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-08-27 13:39:39 -------- d-----w- c:\programdata\TinyWall
2013-08-27 05:14:55 -------- d-----w- c:\windows\Downloaded Installations
2013-08-27 05:04:35 -------- d-----w- c:\program files\TinyWall
.
==================== Find3M ====================
.
2013-09-18 20:27:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 20:27:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-26 18:55:28 9216 ----a-w- c:\windows\system32\Native.exe
2013-08-23 06:37:18 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-08-23 05:56:56 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-08-23 05:56:16 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-23 05:56:16 146232 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-08-12 20:01:29 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-08-09 05:12:26 48640 ----a-w- c:\windows\system32\drivers\KSafeDISK.sys
2013-08-09 05:12:25 27648 ----a-w- c:\windows\system32\drivers\BTOWSFF.sys
2013-08-09 05:12:22 45952 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys
2013-08-01 23:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 23:06:40 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 23:06:14 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 23:05:58 26936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 07:33:43 11019776 ----a-w- c:\program files\common files\lpuninstall.exe
2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-03 16:00:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-03 15:59:54 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-03 15:59:53 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 10:07:32 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-06-29 10:07:32 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-06-29 10:07:32 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-06-29 10:02:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-06-29 10:01:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2013-06-29 09:59:18 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-06-29 09:59:18 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-06-29 09:58:47 739328 ----a-w- c:\windows\system32\inetcomm.dll
2013-06-29 09:58:09 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2013-06-29 09:58:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2013-06-29 09:58:09 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2013-06-29 09:56:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-06-29 09:56:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-06-29 09:56:13 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2013-06-29 09:56:13 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-06-29 09:56:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-06-29 09:56:13 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2013-06-29 09:56:13 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-06-29 09:55:35 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-06-29 09:55:35 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-06-29 09:54:07 72704 ----a-w- c:\windows\system32\fontsub.dll
2013-06-29 09:53:11 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-06-29 09:52:41 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-06-29 09:52:41 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-06-29 09:52:12 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2013-06-29 09:51:44 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-06-29 09:51:44 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2013-06-29 09:51:15 322560 ----a-w- c:\windows\system32\sbe.dll
2013-06-29 09:51:15 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2013-06-29 09:51:15 153088 ----a-w- c:\windows\system32\sbeio.dll
2013-06-29 09:48:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-06-29 09:48:29 413696 ----a-w- c:\windows\system32\odbc32.dll
2013-06-29 09:47:17 157184 ----a-w- c:\windows\system32\t2embed.dll
2013-06-29 09:46:57 1316864 ----a-w- c:\windows\system32\ole32.dll
2013-06-29 09:46:35 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-06-29 09:46:35 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-06-29 09:46:15 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-06-29 09:45:54 867328 ----a-w- c:\windows\system32\wmpmde.dll
2013-06-29 09:44:56 81920 ----a-w- c:\windows\system32\consent.exe
2013-06-29 09:44:17 601600 ----a-w- c:\windows\system32\schedsvc.dll
2013-06-29 09:44:17 352768 ----a-w- c:\windows\system32\taskschd.dll
2013-06-29 09:44:17 270336 ----a-w- c:\windows\system32\taskcomp.dll
2013-06-29 09:44:17 171520 ----a-w- c:\windows\system32\taskeng.exe
2013-06-29 09:44:16 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-06-29 09:42:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2013-06-29 09:41:56 17920 ----a-w- c:\windows\system32\netevent.dll
2013-06-29 09:41:56 125952 ----a-w- c:\windows\system32\srvsvc.dll
2013-06-29 09:41:21 128000 ----a-w- c:\windows\system32\spoolsv.exe
2013-06-29 09:41:05 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2013-06-29 09:40:49 502272 ----a-w- c:\windows\system32\usp10.dll
2013-06-29 09:40:12 81920 ----a-w- c:\windows\system32\iccvid.dll
2013-06-29 09:39:57 36864 ----a-w- c:\windows\system32\rtutils.dll
2013-06-29 09:39:41 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-06-29 09:39:41 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-29 09:39:41 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-06-29 09:39:41 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-06-29 09:39:41 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-06-29 09:38:37 67072 ----a-w- c:\windows\system32\asycfilt.dll
.
============= FINISH: 19:25:28.56 ===============
Am getting error in attaching the ZIP'd report may be the internet connection problem can try to attach and send in seperate post in safe mode if you instruct, but will wait on your reply. FYI the original txt is 14.2 KB
Thank you and looking forward to hearing from you
SAM
Hope I haven't broken any rules in sending this file under seperate message. As precviously stated I had no problem attaching this in Safe Mode".
Regards;
SAM
My computer is running very slow and just a short time past I was unable to connect with the internet, using IE9, Google, or Opera. Only Firefox connected as well as some stand alone Update Programs but not all: There was no problem in Safe Mode. Using different repair program this was resolved but very sorry to say I don't know which program fixed that issue; but the slow operation even short freeze ups, have not. I used "System Mechanic", "Advanced System Care Beta v 1.0 and 2.0", and "eFix Pro".
Additionally I use CC Cleaner on a regular (almost daily) basis, cleaning all but select Cookies and History currently (when the slowdown first started I did all Browser items, and "Old Prefetch Data").
Regarding Virus and Malware, I have run all of these (aforementioned)programs in Safe Mode and deleted all items found by these programs. AVG AntiVirus Free Edition 2013 is my current TSR program which replaced Comodo's Free Version. {fyi: I acquired this computer used without a clean set of files nor the OS, there were several User Accounts, which I deleted through the User Account Utility}
Advanced System Care
AVG Free Edition 2013 (TSR)
Hitman Pro
EmsiSoft Emergency Kit
IObit Malware Fighter
Malwarebytes AntiMalware
Spybot S&D*
SuperAnti Spyware - Free Edition
Sophos Virus Removal Tool
SpyHunter-4*
* But I did not purchase it and after all other scans, SpyHunter4 found 54 problems including what it labeled as serious, further some of the items were shown as being in the Registry. I have Screen Prints.
REQUESTED SCANS:
>>ASWmbr
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-23 10:45:58
-----------------------------
10:45:58.777 OS Version: Windows 6.0.6002 Service Pack 2
10:45:58.777 Number of processors: 2 586 0x605
10:45:58.779 ComputerName: COL-VELSOR UserName: Colonel
10:45:59.883 Initialize success
10:54:27.867 AVAST engine defs: 13092300
10:59:15.950 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:59:15.952 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
10:59:16.072 Disk 0 MBR read successfully
10:59:16.075 Disk 0 MBR scan
10:59:16.120 Disk 0 unknown MBR code
10:59:16.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229545 MB offset 63
10:59:16.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8926 MB offset 470110095
10:59:16.170 Disk 0 scanning sectors +488392065
10:59:16.343 Disk 0 scanning C:\Windows\system32\drivers
10:59:38.803 Service scanning
11:00:06.508 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
11:00:24.651 Modules scanning
11:00:41.502 Disk 0 trace - called modules:
11:00:41.555 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
11:00:41.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dba620]
11:00:41.574 3 CLASSPNP.SYS[86bbe8b3] -> nt!IofCallDriver -> [0x852fd830]
11:00:41.581 5 acpi.sys[806a16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852f4660]
11:00:42.579 AVAST engine scan C:\Windows
11:00:53.509 AVAST engine scan C:\Windows\system32
11:08:08.000 AVAST engine scan C:\Windows\system32\drivers
11:08:31.720 AVAST engine scan C:\Users\Colonel
11:25:21.062 AVAST engine scan C:\ProgramData
11:33:28.676 Scan finished successfully
12:00:22.696 Disk 0 MBR has been saved successfully to "C:\Users\Colonel\Desktop\MBR.dat"
12:00:22.703 The log file has been saved successfully to "C:\Users\Colonel\Desktop\aswMBR.txt"
>>>DDS TEXT
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2
Run by Colonel at 19:22:33 on 2013-09-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.276 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Privatefirewall *Enabled* {F9380B5D-D31C-8B74-72FB-D86DF39490C2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files COL\System Explorer\SystemExplorer.exe
C:\Program Files COL\WinPatrol\WinPatrol.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files COL\System Explorer\service\SystemExplorerService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRAM FILES\GADWIN SYSTEMS\PRINTSCREEN\PRINTSCREEN.EXE
C:\PROGRAM FILES\SPEEDFAN\SPEEDFAN.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
uRun: [System Explorer] c:\program files col\system explorer\SystemExplorer.exe
uRun: [WinPatrol] c:\program files col\winpatrol\winpatrol.exe -expressboot
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [SystemExplorerAutoStart] "c:\program files col\system explorer\SystemExplorer.exe" /TRAY
StartupFolder: c:\users\colonel\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files col\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDriveAutoRun = dword:67108835
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{BB34FE66-7D9B-4632-8286-CEE5FCCECF50} : DHCPNameServer = 192.168.0.1 205.171.2.25
Notify: igfxcui - <no file>
Notify: SDWinLogon - <no file>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files col\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-25 18:00; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: 2013-08-11 02:15; jid0-8PuBX6ppPYHJ9qopWqHMf11w69g@jetpack; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\jid0-8PuBX6ppPYHJ9qopWqHMf11w69g@jetpack.xpi
FF - ExtSQL: 2013-08-11 02:16; {E6C1199F-E687-42da-8C24-E7770CC3AE66}; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF - ExtSQL: 2013-08-29 04:51; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\colonel\appdata\roaming\mozilla\firefox\profiles\aro3mm1r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 65000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: browser.blink_allowed - false
FF - user.js: browser.xul.error_pages.enabled - false
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: dom.disable_window_open_feature.resizable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-8-22 146232]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-8-22 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-8-1 26936]
R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [2013-8-8 45952]
R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [2013-8-8 48640]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\run\a2ddax86.sys [2013-9-9 22056]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120120]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-8-22 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-8-1 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-8-22 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [2013-8-8 27648]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-8-23 26248]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-9-9 50200]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-3 22856]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2013-8-30 21480]
S4 IObitUnlocker;IObitUnlocker;c:\program files col\iobit unlocker\IObitUnlocker.sys [2013-6-18 28016]
.
=============== Created Last 30 ================
.
2013-09-23 19:50:43 -------- d-----w- c:\users\colonel\appdata\roaming\AVG2014
2013-09-23 19:42:35 -------- d-----w- c:\programdata\AVG2014
2013-09-23 19:39:13 -------- d-----w- c:\users\colonel\appdata\local\Avg2014
2013-09-19 17:51:09 -------- d--h--w- C:\TMP
2013-09-16 21:29:48 -------- d-----r- c:\users\colonel\Favorities F Fox
2013-09-11 15:16:48 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 15:16:46 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-09 20:13:13 -------- d-----w- c:\programdata\ProductData
2013-09-09 19:37:05 -------- d-----w- C:\EEK
2013-09-09 19:13:17 -------- d-----w- C:\FRST
2013-09-09 19:09:31 -------- d-----w- c:\users\colonel\Pavark
2013-09-05 21:40:01 -------- d-----w- c:\users\colonel\appdata\local\Citrix
2013-08-29 12:30:38 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-29 11:07:21 22328 ----a-w- c:\windows\system32\authuitu.dll
2013-08-29 11:07:16 30008 ----a-w- c:\windows\system32\uxtuneup.dll
2013-08-29 11:03:36 32568 ----a-w- c:\windows\system32\TURegOpt.exe
2013-08-29 11:02:30 -------- d-----w- c:\users\colonel\appdata\roaming\AVG
2013-08-29 11:00:17 -------- d-----w- c:\programdata\AVG
2013-08-29 10:59:41 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-28 07:37:06 -------- d-----w- c:\users\colonel\App REPORTS
2013-08-27 16:08:20 -------- d-----w- c:\users\colonel\appdata\roaming\TuneUp Software
2013-08-27 16:07:15 -------- d--h--w- C:\$AVG
2013-08-27 16:05:30 -------- d-----w- c:\program files\AVG
2013-08-27 15:59:47 -------- d--h--w- c:\programdata\Common Files
2013-08-27 15:59:47 -------- d-----w- c:\users\colonel\appdata\local\MFAData
2013-08-27 15:59:47 -------- d-----w- c:\programdata\MFAData
2013-08-27 15:49:21 128672 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2013-08-27 15:49:09 -------- d-----w- c:\program files\Privacyware
2013-08-27 15:45:50 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dee56636-1bec-4cd6-8d8e-b2aecd7e2f39}\mpengine.dll
2013-08-27 14:27:16 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-08-27 13:39:39 -------- d-----w- c:\programdata\TinyWall
2013-08-27 05:14:55 -------- d-----w- c:\windows\Downloaded Installations
2013-08-27 05:04:35 -------- d-----w- c:\program files\TinyWall
.
==================== Find3M ====================
.
2013-09-18 20:27:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 20:27:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-26 18:55:28 9216 ----a-w- c:\windows\system32\Native.exe
2013-08-23 06:37:18 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-08-23 05:56:56 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-08-23 05:56:16 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-23 05:56:16 146232 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-08-12 20:01:29 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-08-09 05:12:26 48640 ----a-w- c:\windows\system32\drivers\KSafeDISK.sys
2013-08-09 05:12:25 27648 ----a-w- c:\windows\system32\drivers\BTOWSFF.sys
2013-08-09 05:12:22 45952 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys
2013-08-01 23:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 23:06:40 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 23:06:14 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 23:05:58 26936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 07:33:43 11019776 ----a-w- c:\program files\common files\lpuninstall.exe
2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-03 16:00:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-03 15:59:54 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-03 15:59:53 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 10:07:32 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-06-29 10:07:32 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-06-29 10:07:32 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-06-29 10:02:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-06-29 10:01:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2013-06-29 09:59:18 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-06-29 09:59:18 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-06-29 09:58:47 739328 ----a-w- c:\windows\system32\inetcomm.dll
2013-06-29 09:58:09 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2013-06-29 09:58:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2013-06-29 09:58:09 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2013-06-29 09:56:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-06-29 09:56:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-06-29 09:56:13 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2013-06-29 09:56:13 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-06-29 09:56:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-06-29 09:56:13 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2013-06-29 09:56:13 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-06-29 09:55:35 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-06-29 09:55:35 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-06-29 09:54:07 72704 ----a-w- c:\windows\system32\fontsub.dll
2013-06-29 09:53:11 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-06-29 09:52:41 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-06-29 09:52:41 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-06-29 09:52:12 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2013-06-29 09:51:44 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-06-29 09:51:44 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2013-06-29 09:51:15 322560 ----a-w- c:\windows\system32\sbe.dll
2013-06-29 09:51:15 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2013-06-29 09:51:15 153088 ----a-w- c:\windows\system32\sbeio.dll
2013-06-29 09:48:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-06-29 09:48:29 413696 ----a-w- c:\windows\system32\odbc32.dll
2013-06-29 09:47:17 157184 ----a-w- c:\windows\system32\t2embed.dll
2013-06-29 09:46:57 1316864 ----a-w- c:\windows\system32\ole32.dll
2013-06-29 09:46:35 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-06-29 09:46:35 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-06-29 09:46:15 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-06-29 09:45:54 867328 ----a-w- c:\windows\system32\wmpmde.dll
2013-06-29 09:44:56 81920 ----a-w- c:\windows\system32\consent.exe
2013-06-29 09:44:17 601600 ----a-w- c:\windows\system32\schedsvc.dll
2013-06-29 09:44:17 352768 ----a-w- c:\windows\system32\taskschd.dll
2013-06-29 09:44:17 270336 ----a-w- c:\windows\system32\taskcomp.dll
2013-06-29 09:44:17 171520 ----a-w- c:\windows\system32\taskeng.exe
2013-06-29 09:44:16 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-06-29 09:42:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2013-06-29 09:41:56 17920 ----a-w- c:\windows\system32\netevent.dll
2013-06-29 09:41:56 125952 ----a-w- c:\windows\system32\srvsvc.dll
2013-06-29 09:41:21 128000 ----a-w- c:\windows\system32\spoolsv.exe
2013-06-29 09:41:05 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2013-06-29 09:40:49 502272 ----a-w- c:\windows\system32\usp10.dll
2013-06-29 09:40:12 81920 ----a-w- c:\windows\system32\iccvid.dll
2013-06-29 09:39:57 36864 ----a-w- c:\windows\system32\rtutils.dll
2013-06-29 09:39:41 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-06-29 09:39:41 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-29 09:39:41 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-06-29 09:39:41 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-06-29 09:39:41 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-06-29 09:38:37 67072 ----a-w- c:\windows\system32\asycfilt.dll
.
============= FINISH: 19:25:28.56 ===============
Am getting error in attaching the ZIP'd report may be the internet connection problem can try to attach and send in seperate post in safe mode if you instruct, but will wait on your reply. FYI the original txt is 14.2 KB
Thank you and looking forward to hearing from you
SAM
Hope I haven't broken any rules in sending this file under seperate message. As precviously stated I had no problem attaching this in Safe Mode".
Regards;
SAM