Something Wrong

[Frosty]

Hi OCD,

Sure, The start-up issue is when I log in the screen will go blue for a short time, then I will get the welcome message, then it will go to a white screen for a short time then the desk top will show up.


The internet explorer is the one that locks up. Some time it tell me the internet explorer is not responding.

 

[Frosty]

Hi OCD,

Update on computer. I got back on it today and the system was running extremely slow. The system would lock up completely at desk top. Nothing would work, mouse, tab, ctrl-alt-del nothing complete lock down. It would hang up when you would log out it would go to a black screen and stay there. After about three or four shut downs the system started running better. I'm not sure what's going on.

IE 9 when I launched it this morning was asking me to set security setting. I use recommended setting. So something changed there.

Do you have any suggestions or thoughts?

 

[OCD]

Hi Frosty,

This problem doesn't seem malware related, more along the lines of corrupt file/s. Let's run a few scans and see if they yield any indication of the issue.

=========================

Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

• Start menu, in the search bar type "cmd"
• Right-click the cmd icon, select "run as administrator"
  • If you have user account control (UAC) set up it may prompt you to accept that action.
• Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

To view results log:

• Open the Start Menu, and type eventvwr.msc in the search box and press enter.
• If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
• In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
• Copy and paste Chkdsk into the line, and click on Find Next.
• You will now see the system log for the scan results of Check Disk (chkdsk).
• In the right had menu select copy, open notepad and paste the chkdsk results into notepad
• Post in your next reply.

=========================


System File Checker (SFC)

• Click on the Start button and in the Search programs and files box type the following:
  
  • command
• Don't press Enter, just let the search results populate above.
• In the search results, locate the Programs section.
• Locate the Command Prompt shortcut and right-click on it.
• Select Run as administrator.
• Click Yes on the User Account Control window that appears.
• Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
• Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
• An elevated Command Prompt window will appear.
  
  • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
• After the scan runs type exit to close the command prompt window

=========================

IE 9 when I launched it this morning was asking me to set security setting. I use recommended setting. So something changed there.

How long have you been using IE9?

=========================

Do you remember the date when you first started having the computer problem?

=========================

In your next post please provide the following:

• chkdsk results
• SFC scan results
• Answer to the questions asked.

 

[Frosty]

Hi OCD,

I have the info you requested.

Chkdsk log:

Information 11/11/2013 12:16:59 PM Wininit 1001 None
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 11/11/2013 12:16:59 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: FrontDesk
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x103b6 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 66486.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x10d9e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 69022.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1970b is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 104203.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1167040 for possibly 0xa91 clusters.
233792 file records processed.

1067 large file records processed.

0 bad file records processed.

Correcting cross-link for file 159178.
0 EA records processed.

76 reparse records processed.

286652 index entries processed.

0 unindexed files processed.

233792 security descriptors processed.

Cleaning up 271 unused index entries from index $SII of file 0x9.
Cleaning up 271 unused index entries from index $SDH of file 0x9.
Cleaning up 271 unused security descriptors.
Inserting data attribute into file 66486.
Inserting data attribute into file 69022.
Inserting data attribute into file 104203.
26434 data files processed.

CHKDSK is verifying Usn Journal...
37047760 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
233776 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
25358788 free clusters processed.

Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

145984182 KB total disk space.
44111952 KB in 155121 files.
85276 KB in 26432 indexes.
0 KB in bad sectors.
351802 KB in use by the system.
65536 KB occupied by the log file.
101435152 KB available on disk.

4096 bytes in each allocation unit.
36496045 total allocation units on disk.
25358788 allocation units available on disk.

Internal Info:
40 91 03 00 3e c5 02 00 bd ba 04 00 00 00 00 00 @...>...........
6e 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 n...L...........
42 00 00 00 e2 73 c1 77 80 e7 3f 00 80 df 3f 00 B....s.w..?...?.

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-11T18:16:59.000Z" />
<EventRecordID>205098</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FrontDesk</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x103b6 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 66486.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x10d9e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 69022.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1970b is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 104203.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1167040 for possibly 0xa91 clusters.
233792 file records processed.

1067 large file records processed.

0 bad file records processed.

Correcting cross-link for file 159178.
0 EA records processed.

76 reparse records processed.

286652 index entries processed.

0 unindexed files processed.

233792 security descriptors processed.

Cleaning up 271 unused index entries from index $SII of file 0x9.
Cleaning up 271 unused index entries from index $SDH of file 0x9.
Cleaning up 271 unused security descriptors.
Inserting data attribute into file 66486.
Inserting data attribute into file 69022.
Inserting data attribute into file 104203.
26434 data files processed.

CHKDSK is verifying Usn Journal...
37047760 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
233776 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
25358788 free clusters processed.

Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

145984182 KB total disk space.
44111952 KB in 155121 files.
85276 KB in 26432 indexes.
0 KB in bad sectors.
351802 KB in use by the system.
65536 KB occupied by the log file.
101435152 KB available on disk.

4096 bytes in each allocation unit.
36496045 total allocation units on disk.
25358788 allocation units available on disk.

Internal Info:
40 91 03 00 3e c5 02 00 bd ba 04 00 00 00 00 00 @...>...........
6e 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 n...L...........
42 00 00 00 e2 73 c1 77 80 e7 3f 00 80 df 3f 00 B....s.w..?...?.

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

sfc log:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\EMachUser>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Users\EMachUser>

Do you want me to get the CBS log file for you?

I have been using the IE 9 for quit some time. It's not something new.

The problem started back at the beginning of October. I was told that the A/V came up and said that it had found win32 trojan right after she went to WBAP.com

 

[OCD]

Hi Frosty,

Do you want me to get the CBS log file for you?

Yes, please do. If the file is too large, attach it to your reply.

 

[Frosty]

Hi OCD,

The CBS log file is large file so I Zip it for the attachment.
View attachment CBS.zip

 

[OCD]

Hi Frosty,

The CBS log file is a bit out of my knowledge range. I will ask for some help interpreting it, meanwhile let's try this.

Slightly different command, please run, reboot and post the log.

=========================

Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

• Start menu, in the search bar type "cmd"
• Right-click the cmd icon, select "run as administrator"
  • If you have user account control (UAC) set up it may prompt you to accept that action.
• Then type in "chkdsk /f" (make note of the space between chkdsk and /)

=========================

To view results log:

• Open the Start Menu, and type eventvwr.msc in the search box and press enter.
• If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
• In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
• Copy and paste Chkdsk into the line, and click on Find Next.
• You will now see the system log for the scan results of Check Disk (chkdsk).
• In the right had menu select copy, open notepad and paste the chkdsk results into notepad
• Post in your next reply.

=========================

Any change in performance?

 

[Frosty]

Hi OCD,

The CBS log file is a bit out of my knowledge range.

Definitely out mine range. I was looking at it going uh :scratch:

I will have that new log shortly.

 

[Frosty]

Hi OCD,

I finally had the chance to run chkdsk for you.

Here is the info.

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 11/12/2013 3:38:50 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: FrontDesk
Description:


Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.
233792 file records processed.

1068 large file records processed.

0 bad file records processed.

0 EA records processed.

76 reparse records processed.

286710 index entries processed.

0 unindexed files processed.

233792 security descriptors processed.

Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
26460 data files processed.

CHKDSK is verifying Usn Journal...
33828560 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

145984182 KB total disk space.
46944756 KB in 156508 files.
86608 KB in 26461 indexes.
0 KB in bad sectors.
348726 KB in use by the system.
65536 KB occupied by the log file.
98604092 KB available on disk.

4096 bytes in each allocation unit.
36496045 total allocation units on disk.
24651023 allocation units available on disk.

Internal Info:
40 91 03 00 c3 ca 02 00 98 c5 04 00 00 00 00 00 @...............
73 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 s...L...........
42 00 00 00 e2 73 26 77 80 e7 07 00 80 df 07 00 B....s&w........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-12T21:38:50.000Z" />
<EventRecordID>205283</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FrontDesk</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.
233792 file records processed.

1068 large file records processed.

0 bad file records processed.

0 EA records processed.

76 reparse records processed.

286710 index entries processed.

0 unindexed files processed.

233792 security descriptors processed.

Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
26460 data files processed.

CHKDSK is verifying Usn Journal...
33828560 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

145984182 KB total disk space.
46944756 KB in 156508 files.
86608 KB in 26461 indexes.
0 KB in bad sectors.
348726 KB in use by the system.
65536 KB occupied by the log file.
98604092 KB available on disk.

4096 bytes in each allocation unit.
36496045 total allocation units on disk.
24651023 allocation units available on disk.

Internal Info:
40 91 03 00 c3 ca 02 00 98 c5 04 00 00 00 00 00 @...............
73 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 s...L...........
42 00 00 00 e2 73 26 77 80 e7 07 00 80 df 07 00 B....s&w........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>


No noticable diffrences in porformace.

 

[OCD]

Hi Frosty,

I'm still waiting to see if any of my colleagues have any recommendations about the CBS file. Let's run this tool while we wait.

=========================

TFC

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
  • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

=========================

Any change in performance?

 

[Frosty]

Hi OCD,

I ran the TFC, and it cleaned a lot out. I was surprised as I have cleaned a lot out myself.

Performance wise - It was painfully slow when I first logged in. It took about 45 min. from the time I logged in open IE, downloaded TFC, ran it. another five to ten to reboot. I then shut it completely down and logged back in seems to be a bit faster. I have lost the white screen that was coming up during the initial loading of the desk top. (did this three times) The desk top icons seemed to load faster. So we have made some improvement here. :bigthumb:
IE is slow at launching it takes a few minutes to completely load the home page.

 

[OCD]

Hi Frosty,

Glad she is running a bit faster. :bigthumb: I haven't had any luck getting any insight into the CBS file yet. Unfortunately, it may not happen very quickly if at all, since most of my colleagues deal with malware removal. The CBS file is more of a Windows System issue, but we'll see. :red:

=========================

Clear Browser Cache in Internet Explorer

• Close all Internet Explorer and Windows Explorer windows that are currently open.
• Open Internet Explorer.
• Click the Tools button
  
  , and then expand theSafety menu, then select Delete browsing history.
• Select the check box next to each of the following categories.
  • Temporary Internet files and website files
  • History
• Click Delete

=========================

"Test drive" it for a few days and see how it responds.

 

[Frosty]

Hi OCD,

I cleared the cache but it did not make any changes.

However - I had windows updates available to install and I told it to install. nothing happened. Went and looked at windows update and it failed to update. Looked at history and since 16th of October Microsoft SQL server 2005 express edition service pack (KB2463332) keeps failing.

I have 10 updates that need to be installed. I also have a code B0240016 stating Window update is currently installing other updates. Please try again in a few minutes. I have waited but still the same.

Also when logging off I am getting a message that explorer.exe is still running-playing logoff sound. ask to force log off.

I was thinking of uninstalling IE 9 and reinstalling. What are your thoughts on that.

Umm. The system all of sudden decided it wanted to update 9 of the 10. I will get back with you on this later.

 

[Frosty]

Hi OCD,

Getting back with. The 9 updates where all successful. Some new developments. When the system rebooted I received an error message before the log in screen came up. Window could not connect to the system event notification service service.:slap: Please consult your system admin. I clicked OK and was able to log in. The control panel was reset back to default settings.

 

[OCD]

Hi Frosty,

How is the system running with IE10? How is it running in general?

 

[Frosty]

HI OCD,

I have not installed IE10.
The system is running, we can move around in it. Slow on a few programs when it opens. I get Not Responding on a few programs when it first loads up.

 

[OCD]

Hi Frosty,

Let's run a new scan to check and make sure we didn't miss anything.

Re-run OTL (it should be located on your desktop).

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Uncheck the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
  Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

• OTL.txt

 

[Frosty]

HI OCD,

Here is the new log on OTL:

OTL logfile created on: 11/16/2013 11:05:45 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 270.22 Mb Available Physical Memory | 30.23% Memory free
2.00 Gb Paging File | 1.02 Gb Available in Paging File | 50.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 91.68 Gb Free Space | 65.85% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()


========== Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 11:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 11:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 11:35:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 18:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/14 10:14:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 10:14:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 10:14:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/14 10:14:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 10:14:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 10:14:25 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 10:14:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/14 10:14:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/13 09:53:48 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/13 08:54:11 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\TFC.exe
[2013/11/05 07:41:01 | 000,000,000 | ---D | C] -- C:\b7f0181b655e8a652b2d630988d50828
[2013/11/05 07:38:06 | 000,000,000 | ---D | C] -- C:\b546cb6c3722d3eae57e29963246
[2013/11/02 08:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/01 15:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 15:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 15:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 15:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 14:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 14:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 14:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 12:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 12:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 08:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/01 08:22:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/01 08:19:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 08:19:18 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 08:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 08:06:06 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 07:55:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 09:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 09:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 22:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 08:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 08:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 08:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/12/16 16:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll

========== Files - Modified Within 30 Days ==========

[2013/11/16 11:00:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:00:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/16 11:00:40 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 17:46:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 08:54:24 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\TFC.exe
[2013/11/12 09:51:37 | 000,175,382 | ---- | M] () -- C:\Users\EMachUser\Desktop\CBS.zip
[2013/11/03 11:16:27 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/03 11:16:27 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/02 11:27:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/01 15:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 14:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 14:17:44 | 000,000,553 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 14:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 14:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 13:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 12:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 12:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 12:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 08:20:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 08:06:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 07:53:44 | 001,073,262 | ---- | M] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe

========== Files Created - No Company Name ==========

[2013/11/13 09:53:48 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/11/12 09:51:37 | 000,175,382 | ---- | C] () -- C:\Users\EMachUser\Desktop\CBS.zip
[2013/11/01 15:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 14:17:44 | 000,000,553 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 14:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 14:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 13:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 12:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 07:53:43 | 001,073,262 | ---- | C] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/31 10:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 19:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 17:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2010/03/26 18:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 11:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 15:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 11:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 10:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 09:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 00:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 18:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 14:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
< End of report >

 

[OCD]

Hi Frosty,

OTL log looks good. :bigthumb:

Unfortunately, the bit of lag or slowness you are experiencing is most likely due to the systems resources.

Do you have any other issues or questions?

 

[Frosty]

Hi OCD,

Good deal. We got a lot done.

I have not seen any other problems with system. Did you ever get any answers on the CBS log?