-
Hello Harry,
Been retired for about 3 months but my company wont let me go, they asked me to work all this week 
Nice people so in reality I really don't mind. 
Been a pleasure working with you and glad things are back to normal, here are instructions to update your Java (Very important ) you should check for new versions at least once a month and then uninstall any previous versions.
Update your Java to keep you more secure
- Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.
- Go to the update Tab and update it
- Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
- Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.
You can verify the installation Here
Harry, let me take one final look to make sure nothing was missed
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Ken,
Congrats on your retirement. 
I'm old enough to retire, but don't plan to do so for another five years or so. And since they keep making you work, I'm glad you don't mind. 
I ran OTL and have attached the logs in a zip file. Then I checked Java and had the latest version. I uninstalled four old versions (all from Sun Microsystems).
OTL Logs.zip
Harry
OTL logfile created on: 7/20/2013 11:31:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.87% Memory free
3.93 Gb Paging File | 3.05 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 9.48 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Computer Name: SEABISCUIT | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe (HP)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc.)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (MediaCollectorService) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe (Hewlett-Packard Company)
SRV - (HPMSSConnectorSvc) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe (HP)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WMSVC) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
========== Driver Services (SafeList) ==========
DRV - (LVMVDrv) -- system32\DRIVERS\LVMVDrv.sys File not found
DRV - (Lvckap) -- system32\DRIVERS\LVcKap.sys File not found
DRV - (getbus) -- C:\Users\hstumpf\AppData\Local\Temp\getbus.sys File not found
DRV - (catchme) -- C:\Users\Mary\AppData\Local\Temp\catchme.sys File not found
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (PDFSFilter) -- C:\Windows\System32\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (nvmpu401) -- C:\Windows\System32\drivers\nvmpu401.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 23 C8 AF E2 82 CE 01 [binary data]
IE - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2013/07/07 20:51:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/03/31 11:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions
[2013/07/07 20:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/27 06:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/27 06:52:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/07/17 00:27:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3845936323-2724631369-1939821654-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ACFF909-4D89-4317-B1F5-62BCCE4E8641}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/20 11:21:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2013/07/20 07:10:34 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{DC70E249-12D2-4E16-8632-67D917C6EB30}
[2013/07/19 09:45:18 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{422707BB-6B2A-4CC0-B08A-79148BBD6D17}
[2013/07/19 04:16:13 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Malwarebytes
[2013/07/19 04:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/19 04:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/19 04:15:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/19 04:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/18 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{96363A3C-0F3A-4768-B962-47FEA9D5FD3C}
[2013/07/18 21:27:45 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mary\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/18 09:44:11 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{A0A85B40-EE8A-4A9A-8725-25ACDE369AE2}
[2013/07/17 21:43:46 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{BD854A47-EA2B-4F8C-8D05-F99188F4095B}
[2013/07/17 09:43:34 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{FC0D9BF5-3D3E-40E5-8D99-03E20A89720F}
[2013/07/17 00:31:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/17 00:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\temp
[2013/07/17 00:27:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/17 00:04:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/17 00:04:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/17 00:04:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/16 23:41:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/16 22:46:16 | 005,089,088 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2013/07/16 21:43:08 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{97AD31E7-9EB7-4C0C-8EA6-FB28ED95AB3F}
[2013/07/16 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{13C4ACF1-FDA7-4CAA-B5DE-AB3243085625}
[2013/07/15 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{9AE7A034-D1E3-4E1B-86C6-3CB9499F7CFE}
[2013/07/15 20:55:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/15 09:41:58 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{9EF31D11-980B-4E6E-9F69-96A90FEA5F31}
[2013/07/14 21:40:50 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{D0C92016-275A-4745-BDC2-4A4F947071FA}
[2013/07/14 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{1409CAAB-8692-4919-98A1-FDA512820547}
[2013/07/13 21:38:28 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{DFC460EB-B8BA-4EFD-A2E6-2A95812C8252}
[2013/07/13 07:21:49 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{CFB5098E-C3E2-4BC6-B2C6-50E7714FA3DB}
[2013/07/12 18:45:47 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{0BB49373-4748-45E1-9AC5-FA95282B3965}
[2013/07/12 08:57:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/07/12 08:25:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/12 08:25:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/12 08:25:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/12 08:25:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/12 08:25:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/12 08:25:04 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/12 08:25:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/12 08:25:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/12 08:25:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/12 08:25:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/12 06:45:09 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{A6861E7E-2944-45E4-B4F0-7D77255CE767}
[2013/07/11 18:21:16 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{B62F9530-33AC-4A79-BC98-FA2188E44027}
[2013/07/11 16:37:15 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 16:37:10 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/11 16:37:07 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 16:37:04 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/11 06:19:46 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{6DF18D74-35FF-4387-BED6-2737F7273D1F}
[2013/07/10 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{9D15DC59-57C7-45A7-8310-368E5ACDA4F0}
[2013/07/10 06:16:25 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{C88A5F3E-D651-49AD-9FAD-6EBF671EBA25}
[2013/07/09 18:56:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/07/09 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/09 18:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/07/09 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{146F2547-B211-4286-81BC-838319073E7F}
[2013/07/09 06:14:01 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{21FCE9B9-73CD-46B6-A2FD-88C8311FA141}
[2013/07/08 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{38E9DC84-551D-4E4A-8606-2D5CAD75DD9C}
[2013/07/08 06:12:24 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{436762B8-F551-40AC-BF03-7BFE58DFF367}
[2013/07/07 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Windows Home Server
[2013/07/07 21:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/07/07 21:00:43 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/07/07 21:00:40 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/07 21:00:30 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/07/07 21:00:27 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/07/07 21:00:25 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/07 21:00:06 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/07/07 20:59:59 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/07/07 20:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/07/07 20:36:45 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/07 20:36:40 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/07/07 20:36:40 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/07 20:34:38 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/07 20:34:37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/07 20:34:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/07 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/07/07 15:09:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/07 14:38:11 | 000,000,000 | ---D | C] -- C:\Users\Mary\Documents\Blackbody_files
[2013/07/07 14:37:42 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\New Files
[2013/07/07 14:13:02 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\Mail Drafts
[2013/07/07 14:10:36 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{234DE1E8-5FD3-4108-9115-A56201ADEC25}
[2013/07/07 11:32:01 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/07/07 11:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/07 11:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/02 20:56:44 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{D576B55C-58E8-4027-8B56-09D56FE856C5}
[2013/07/02 08:56:32 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{3855B8F8-4E2E-4C51-8306-E5571D4BE293}
[2013/07/01 20:56:04 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{812FE831-99E3-4F63-8911-750F4AF213A0}
[2013/07/01 17:58:31 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Macromedia
[2013/07/01 14:33:08 | 000,000,000 | ---D | C] -- C:\Users\Mary\Documents\Perlite_files
[2013/07/01 14:32:42 | 000,000,000 | ---D | C] -- C:\Users\Mary\Documents\Thermal diffusivity_files
[2013/07/01 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{C389991A-1BCE-4AD9-B2C1-E3CE3CBCA256}
[2013/06/30 20:55:11 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{198382B1-F01C-426B-A926-3BA1C275A670}
[2013/06/30 08:52:15 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{425EC9DD-9EBC-4D47-BE00-0EC96F614553}
[2013/06/29 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{1125EA97-F162-4374-9F88-8CB649968347}
[2013/06/29 08:51:21 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{8A80A831-9892-4CD2-8F12-C2BF1972C7E5}
[2013/06/28 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{B3A2FC70-91A7-46A1-87BF-2AA1252DABFF}
[2013/06/28 08:50:44 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{79A4B26C-FF75-48E8-9B6E-7D31003C7F43}
[2013/06/27 20:50:17 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{0595ED40-E88B-4AFA-A26F-A8C981A62F22}
[2013/06/27 08:50:05 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{7ACD872F-2692-404D-B097-47D743D489D5}
[2013/06/27 06:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/26 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{A40A0150-237B-4475-9AB8-7AC793015CC1}
[2013/06/26 08:49:28 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{F62183F1-40BA-431F-84C3-02FF705E5E9A}
[2013/06/25 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{1ABB8B73-4E5F-4F5E-948D-70365535A608}
[2013/06/25 08:48:36 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{896364A8-7BC8-437A-AFB6-E71DAD196DA9}
[2013/06/24 20:47:58 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{87345A2F-033D-40C2-9792-A5175F2DD28F}
[2013/06/24 08:47:45 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{BB7F6E76-15C7-47B0-A4AE-3AE14DB06CB9}
[2013/06/23 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{D9EE6A53-720B-4C81-973D-233C65660A60}
[2013/06/20 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\{C62B65C5-3562-4B30-864E-AB20CB4A248C}
========== Files - Modified Within 30 Days ==========
[2013/07/20 11:30:46 | 000,000,314 | ---- | M] () -- C:\Users\Mary\Desktop\Strange voices from speakers, frequent 'Malicious URL Blocked' messages from Avast! - Page 2.URL
[2013/07/20 11:19:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2013/07/20 11:16:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/20 07:18:14 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 07:18:14 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 07:07:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/20 07:07:25 | 1584,259,072 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 04:15:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/18 21:09:42 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mary\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/17 00:27:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/16 22:58:32 | 005,089,088 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2013/07/15 21:18:22 | 000,051,142 | ---- | M] () -- C:\Users\Mary\Desktop\TDSS Killer Logs.zip
[2013/07/15 20:52:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\TDSSKiller.exe
[2013/07/15 20:32:59 | 002,218,636 | ---- | M] () -- C:\Users\Mary\Desktop\tdsskiller.zip
[2013/07/12 10:32:24 | 000,394,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/12 09:28:27 | 000,691,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/12 09:28:27 | 000,129,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/12 08:17:00 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/07/09 19:22:47 | 000,000,512 | ---- | M] () -- C:\Users\Mary\Desktop\MBR.dat
[2013/07/09 19:16:17 | 000,003,649 | ---- | M] () -- C:\Users\Mary\Desktop\attach.zip
[2013/07/09 18:51:40 | 000,001,116 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/07/09 18:51:35 | 000,000,917 | ---- | M] () -- C:\Users\Mary\Desktop\ERUNT.lnk
[2013/07/07 21:26:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/07 21:01:38 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/07 21:01:37 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/07 21:01:36 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/07 21:01:36 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/07 21:01:34 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/07 21:01:33 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/07 21:00:55 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/07 21:00:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/07 20:25:48 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/07 20:24:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/07 20:24:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/07 20:24:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/07 20:23:52 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/07/07 20:23:49 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/07 20:11:26 | 000,007,605 | ---- | M] () -- C:\Users\Mary\AppData\Local\Resmon.ResmonCfg
[2013/07/04 20:12:19 | 000,016,415 | ---- | M] () -- C:\Users\Mary\Documents\Blackbody.htm
[2013/07/02 11:48:01 | 000,089,962 | ---- | M] () -- C:\Users\Mary\Documents\Schjeldahl_NotesBeauty.pdf
[2013/07/02 10:47:12 | 001,167,754 | ---- | M] () -- C:\Users\Mary\Documents\Review Beauty by Roger Scruton Books The Observer.mht
[2013/07/01 17:58:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/01 17:58:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/01 14:33:08 | 000,016,926 | ---- | M] () -- C:\Users\Mary\Documents\Perlite.htm
[2013/07/01 14:32:43 | 000,016,616 | ---- | M] () -- C:\Users\Mary\Documents\Thermal diffusivity.htm
[2013/06/30 20:45:50 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/30 20:14:55 | 000,444,880 | ---- | M] () -- C:\Users\Mary\Documents\WPC Maillard.pdf
[2013/06/29 12:55:27 | 000,012,292 | -H-- | M] () -- C:\.DS_Store
[2013/06/26 21:51:24 | 000,071,024 | ---- | M] () -- C:\Users\Mary\Documents\Slavoj Zizek-Bibliography-The Interpassive Subject-Lacan Dot Com.htm
========== Files Created - No Company Name ==========
[2013/07/20 11:30:46 | 000,000,314 | ---- | C] () -- C:\Users\Mary\Desktop\Strange voices from speakers, frequent 'Malicious URL Blocked' messages from Avast! - Page 2.URL
[2013/07/19 04:15:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 00:04:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/17 00:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/17 00:04:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/17 00:04:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/17 00:04:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/15 21:18:22 | 000,051,142 | ---- | C] () -- C:\Users\Mary\Desktop\TDSS Killer Logs.zip
[2013/07/15 20:51:58 | 002,218,636 | ---- | C] () -- C:\Users\Mary\Desktop\tdsskiller.zip
[2013/07/12 08:16:55 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/07/09 19:22:47 | 000,000,512 | ---- | C] () -- C:\Users\Mary\Desktop\MBR.dat
[2013/07/09 19:16:15 | 000,003,649 | ---- | C] () -- C:\Users\Mary\Desktop\attach.zip
[2013/07/09 18:51:40 | 000,001,116 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/07/09 18:51:35 | 000,000,917 | ---- | C] () -- C:\Users\Mary\Desktop\ERUNT.lnk
[2013/07/07 21:01:41 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/07 21:01:40 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/07 21:01:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/07 21:00:54 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/07 21:00:17 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/07 21:00:14 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/07 16:16:04 | 000,007,605 | ---- | C] () -- C:\Users\Mary\AppData\Local\Resmon.ResmonCfg
[2013/07/07 14:38:05 | 000,016,415 | ---- | C] () -- C:\Users\Mary\Documents\Blackbody.htm
[2013/07/07 09:54:38 | 1584,259,072 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/02 11:48:00 | 000,089,962 | ---- | C] () -- C:\Users\Mary\Documents\Schjeldahl_NotesBeauty.pdf
[2013/07/02 10:47:07 | 001,167,754 | ---- | C] () -- C:\Users\Mary\Documents\Review Beauty by Roger Scruton Books The Observer.mht
[2013/07/01 14:36:11 | 000,460,682 | ---- | C] () -- C:\Users\Mary\Documents\apfelschnitzer.pdf
[2013/07/01 14:33:07 | 000,016,926 | ---- | C] () -- C:\Users\Mary\Documents\Perlite.htm
[2013/07/01 14:32:41 | 000,016,616 | ---- | C] () -- C:\Users\Mary\Documents\Thermal diffusivity.htm
[2013/06/30 20:45:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/30 20:45:50 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/30 19:29:20 | 000,444,880 | ---- | C] () -- C:\Users\Mary\Documents\WPC Maillard.pdf
[2013/06/29 12:37:12 | 000,012,292 | -H-- | C] () -- C:\.DS_Store
[2013/06/26 21:51:23 | 000,071,024 | ---- | C] () -- C:\Users\Mary\Documents\Slavoj Zizek-Bibliography-The Interpassive Subject-Lacan Dot Com.htm
[2013/05/12 21:16:22 | 000,012,292 | -H-- | C] () -- C:\Users\Mary\.DS_Store
[2013/03/23 17:50:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/23 15:36:15 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/03/23 15:09:16 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\Acronis
[2013/03/23 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\Blackberry Desktop
[2013/03/23 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\Configuration
[2013/03/23 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\GlobalSCAPE
[2013/03/23 15:09:18 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\JAM Software
[2013/03/23 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\JDiskReport
[2013/03/23 15:09:37 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\Research In Motion
[2008/09/13 18:34:30 | 000,000,000 | ---D | M] -- C:\Users\hstumpf\AppData\Roaming\Temp
[2013/07/07 21:11:16 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Windows Home Server
[2013/03/31 04:00:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 889 bytes -> C:\Users\Mary\Documents\THE ART OF FASHION_ Valentino.eml:OECustomProperty
@Alternate Data Stream - 780 bytes -> C:\Users\Mary\Documents\your pan is on the way.eml:OECustomProperty
@Alternate Data Stream - 769 bytes -> C:\Users\Mary\Documents\Julia and universal lids.eml:OECustomProperty
@Alternate Data Stream - 748 bytes -> C:\Users\Mary\Documents\Re_ a question of copper.eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Mary\Documents\snowhound hounding.eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Mary\Documents\more for snowhound.eml:OECustomProperty
@Alternate Data Stream - 704 bytes -> C:\Users\Mary\Documents\Re_ round steamer___.eml:OECustomProperty
@Alternate Data Stream - 60 bytes -> C:\Users\Mary\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\.DS_Store:AFP_AfpInfo
< End of report >
Last edited by ken545; 2013-07-20 at 21:57.
-
-
Ken,
I thought I'd do all the things in the links you sent me, and then get back to you. But in all of those links there are so many things to do! I will develop a plan -- what to do initially to all of my PCs, what to do on a schedule for them, what to do differently for the Windows XP and Windows 7 PCs, and so on.
Thanks for getting my PC back in working order. I couldn't have done it without you. It's actually my wife's PC, and in her despair she wanted me to buy her a new computer. We were able to avoid that.
I did find problems with two of your links. The link to WhattheTech doesn't work. And the link to Dslreports redirecta me to the correct link. The others are all fine.
I have one more question. Should I run TDSS Killer on all of my PCs, maybe every week or so, or is there a reason why I shouldn't?
Once again, thanks.
Harry 
-
Hello Harry,
On my systems I have one Anti Virus program ( more than one is overkill and can cause problems ) I also have Spybot Search and Destroy and Malwarebytes. You should keep these updated and run regular scans maybe weekly.
We have many many tools and there run to remove a particular infection that there designed to remove. You where infected with a variant of the TDSS Rootkit and TDSSKiller was written to remove that infection, if your not infected with TDSS that running that tool will do no good, besides all our tools are updated on a regular basis and an old version would really not help, another downside is that as a helper on the forums I am notified about any potential problems with a tool and the tool is pulled, the average user is not so running a particular tool when its not needed can cause you other problems.
Another program you can run is a free online virus scanner, just have it run and you can post the results in the forum, dont have it remove anything as sometimes they pick up false positives.
This is one of the better ones, if you have the time run it and if it finds anything post the log
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Check
- Click the
button. - Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the
button. - Push
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
All those links worked for me , unsure why they wouldn't open for you
-
Ken,
I ran the scan -- it ran for many, many hours! Here is the log.
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\0F7B25C9-00011348.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\12EF47B7-000128B6.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\150948C0-000115B8.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\15432CFC-000112A3.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\240371CC-00012768.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\24CC4ACC-00011249.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\30664F79-00011314.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\3B4C2481-00012826.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\441E4550-0001285B.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\4ADC3400-000112ED.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\4BFF704C-0001155E.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\52EA650A-0001125D.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\539E7B44-000129F2.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\576B1F02-00011263.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\5B9F7083-000115F3.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\61FE1C3F-00012718.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\655269A0-000112E6.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\688A2E43-00011590.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\6F563B7C-0001161A.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\75266AA6-00011246.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\7A8521C9-000125D5.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\7B3A624E-0001162A.eml HTML/Phishing.gen trojan
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\7C88076A-00011243.eml HTML/Phishing.gen trojan
Thanks again for your help.
Harry
-
Looks like some bad entries in your Windows Mail were removed.
All ok ?
-
Ken, all seems OK. But the entries weren't removed. You said to uncheck 'Remove found threats'. Should I run it again and remove them?
Harry
-
Ahh, hate to make you run that long scan again, it looks like what ESET found where deleted items in your mail.
Go here
C:\Users\hstumpf\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items <-- And see if you can delete all thats in there but not that folder itself
Let me know , we can try it another way if need be
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
