Dell Desktop slowness

bbowerman · Feb 5, 2014

Hey Guys im new to the forum I am from oklahoma and I have taken 1 1/2 years of networking/computer repair and should start college soon for an IT degree but anyways my moms desktop is very slow here are the specs:

Dell inspiron 537
2.2ghz celeron processor
4gb of ram
64 bit system
600gb hdd with 430gb free

it is sooo slow it will barely load a youtube video and my internet is decently fast my laptop can play and load 3 at once but her desktop skips and sputter on one video?
I have run malwarebytes and avast and it only had like 1 adware so i cleaned it out. also run ccleaner. I know the celeron processor isnt great but it should play a youtube video in medium quality shouldnt it? what can I do to speed it up?

bbowerman · Feb 5, 2014

oh btw this is windows 7 home premium sp1 64bit

johnb35 · Feb 5, 2014

Perform the following and post the logs.

1.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. OTL

bbowerman · Feb 5, 2014

okay heres adw thats a nice tool found stuff malwarebytes and others did not

# AdwCleaner v3.018 - Report created 05/02/2014 at 11:28:08
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Billy - LISA-PC
# Running from : C:\Users\Billy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Users\Billy\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Billy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Billy\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Billy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Billy\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Lisa.Lisa-PC\AppData\Local\Conduit
Folder Deleted : C:\Users\Lisa.Lisa-PC\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Lisa.Lisa-PC\AppData\Local\jZip
Folder Deleted : C:\Users\Lisa.Lisa-PC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lisa.Lisa-PC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Emily\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Chyna Bailey\AppData\Local\jZip
Folder Deleted : C:\Users\Chyna Bailey\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
[!] Folder Deleted : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
[!] Folder Deleted : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lisa.Lisa-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Chyna Bailey\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7673 octets] - [05/02/2014 11:26:25]
AdwCleaner[S0].txt - [6925 octets] - [05/02/2014 11:28:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6985 octets] ##########

johnb35 · Feb 5, 2014

Please do not attach logs, just copy and paste into your reply, much easier to read that way. Waiting for Junkware and OTL logs.

bbowerman · Feb 5, 2014

they are still running and i figured attaching would save space but ill post next time

bbowerman · Feb 5, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Billy on Wed 02/05/2014 at 11:33:37.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Billy\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Billy\appdata\locallow\datamngr"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/05/2014 at 11:52:30.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

bbowerman · Feb 5, 2014

OTL logfile created on: 2/5/2014 11:55:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Billy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.42% Memory free
7.93 Gb Paging File | 6.74 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 421.21 Gb Free Space | 72.44% Space Free | Partition Type: NTFS

Computer Name: LISA-PC | User Name: Billy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Billy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\WINDOWS\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswStm) -- C:\WINDOWS\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\WINDOWS\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswMonFlt) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SymEvent) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FTDIBUS) -- C:\WINDOWS\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\WINDOWS\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\WINDOWS\SysNative\drivers\sptd.sys ()
DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Netaapl) -- C:\WINDOWS\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ivusb) -- C:\WINDOWS\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (libusb0_x64) -- C:\WINDOWS\SysNative\drivers\AU\libusb0_x64.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (HTCAND64) -- C:\WINDOWS\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (androidusb) -- C:\WINDOWS\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\WINDOWS\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\WINDOWS\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWBS2) -- C:\WINDOWS\SysNative\drivers\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\WINDOWS\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\WINDOWS\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (RimUsb) -- C:\WINDOWS\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (mdmxsdk) -- C:\WINDOWS\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (nocashio) -- C:\WINDOWS\SysWOW64\drivers\nocashio.sys ()
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{55A04BAF-4ACA-4269-B20C-77621FA9F414}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3A7FEC8D-86A6-4F48-82F0-7382D1AFEAF5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Billy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Billy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/26 18:04:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 07:21:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/27 07:21:24 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google

mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google

ageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

Hosts file not found
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://echo.medcity.net/dana-cached/sc/JuniperSetupClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A00270D0-0033-4C27-A8FD-53A6B510DD55}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{240d6cdd-944f-11e1-8370-00256400d0aa}\Shell - "" = AutoRun
O33 - MountPoints2\{240d6cdd-944f-11e1-8370-00256400d0aa}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{4f25295f-f00a-11de-b486-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f25295f-f00a-11de-b486-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{9b8fde3d-e838-11e0-878f-00256400d0aa}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8fde3d-e838-11e0-878f-00256400d0aa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/05 11:33:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/05 11:26:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/04 14:03:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2014/02/04 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/02/04 14:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2014/02/04 14:02:02 | 000,000,000 | ---D | C] -- C:\Users\Billy\Documents\EA Games
[2014/02/04 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2014/02/04 13:48:40 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2014/01/29 11:59:54 | 000,000,000 | ---D | C] -- C:\Users\Billy\Desktop\flash
[2014/01/29 03:03:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/24 15:41:42 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Roaming\Mozilla
[2014/01/23 11:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/01/23 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/01/22 13:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/01/22 13:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/22 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/22 13:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/22 13:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/01/22 13:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/01/17 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Billy\Desktop\ProcessExplorer
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Users\Billy\Documents\*.tmp files -> C:\Users\Billy\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/05 11:40:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723209108-801828472-2437451715-1002UA.job
[2014/02/05 11:38:37 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/05 11:37:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/05 11:37:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/05 11:30:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/05 11:29:43 | 000,421,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/05 11:29:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/05 11:29:21 | 3193,741,312 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/05 11:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/05 11:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723209108-801828472-2437451715-1006UA.job
[2014/02/05 09:49:30 | 000,007,605 | ---- | M] () -- C:\Users\Billy\AppData\Local\Resmon.ResmonCfg
[2014/02/05 09:48:09 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/05 09:48:09 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/05 09:48:09 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/04 17:36:03 | 000,000,478 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2014/02/04 15:05:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723209108-801828472-2437451715-1006Core.job
[2014/02/04 14:02:50 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2014/02/04 12:40:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723209108-801828472-2437451715-1002Core.job
[2014/02/03 18:44:47 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/29 03:07:00 | 000,775,092 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/23 11:05:49 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/01/22 13:35:43 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/11 13:13:30 | 000,035,558 | ---- | M] () -- C:\Users\Billy\Documents\Sp2014-SPCH2313-Syllabus Agreement Form.rtf
[2014/01/11 13:10:20 | 000,037,084 | ---- | M] () -- C:\Users\Billy\Documents\Sp2014-SPCH2313-Student Assessment Release Form.rtf
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Users\Billy\Documents\*.tmp files -> C:\Users\Billy\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/05 11:29:31 | 000,421,208 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/05 09:49:30 | 000,007,605 | ---- | C] () -- C:\Users\Billy\AppData\Local\Resmon.ResmonCfg
[2014/02/04 17:36:03 | 000,000,478 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2014/02/04 14:02:50 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2014/01/23 11:05:49 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/01/22 13:35:43 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/11 13:13:30 | 000,035,558 | ---- | C] () -- C:\Users\Billy\Documents\Sp2014-SPCH2313-Syllabus Agreement Form.rtf
[2014/01/11 13:10:19 | 000,037,084 | ---- | C] () -- C:\Users\Billy\Documents\Sp2014-SPCH2313-Student Assessment Release Form.rtf
[2012/08/27 07:13:34 | 000,221,522 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/08/27 07:13:34 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/08/17 21:06:24 | 000,022,990 | ---- | C] () -- C:\Users\Billy\Eye makeup Gold and Black.jpg
[2012/05/27 07:52:32 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/05/21 18:07:11 | 000,000,277 | ---- | C] () -- C:\Windows\VECalc.INI
[2012/04/30 20:46:04 | 000,207,632 | ---- | C] () -- C:\Windows\hpwins28.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/27 12:15:10 | 000,000,000 | ---D | M] -- C:\Users\Billy\AppData\Roaming\AVAST Software
[2011/10/02 10:04:18 | 000,000,000 | ---D | M] -- C:\Users\Billy\AppData\Roaming\Canneverbe Limited

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP

1B5B4F1

< End of report >

johnb35 · Feb 5, 2014

OK, I see some issues. Go ahead with the next step and post the logfile. Before running it, right click on the avast icon in the system tray and click on avast shields control, then click on disable until computer is restarted. A window should pop up, click ok.

1.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

2.

I then need to see a log that combofix produces but doesn't automatically show you. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

In your next reply please post:

The ComboFix log
The add-remove programs list

bbowerman · Feb 5, 2014

its running now posting from my laptop it runs fedora lol

bbowerman · Feb 5, 2014

ComboFix 14-02-05.02 - Billy 02/05/2014 12:27:41.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2641 [GMT -6:00]
Running from: c:\users\Billy\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Billy\Documents\~WRL2733.tmp
c:\users\Public\Documents\~WRL0005.tmp
c:\windows\Update.bat
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-01-05 to 2014-02-05 )))))))))))))))))))))))))))))))
.
.
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Work\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Lisa.Lisa-PC\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Emily\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Emily and Chyna\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\Chyna Bailey\AppData\Local\temp
2014-02-05 18:37 . 2014-02-05 18:37 -------- d-----w- c:\users\3m!ly\AppData\Local\temp
2014-02-05 18:32 . 2014-02-05 18:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A2637B-1228-4D80-981E-C3C90FC73BD9}\offreg.dll
2014-02-05 17:33 . 2014-02-05 17:33 -------- d-----w- c:\windows\ERUNT
2014-02-05 17:26 . 2014-02-05 17:31 -------- d-----w- C:\AdwCleaner
2014-02-04 19:48 . 2014-02-04 19:48 -------- d-----w- c:\program files (x86)\EA GAMES
2014-02-04 19:48 . 2005-10-16 05:06 442368 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2014-02-04 08:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A2637B-1228-4D80-981E-C3C90FC73BD9}\mpengine.dll
2014-01-29 09:03 . 2014-01-29 09:03 -------- d-----w- c:\windows\Migration
2014-01-23 17:05 . 2014-01-23 17:05 -------- d-----w- c:\program files\VideoLAN
2014-01-23 17:02 . 2014-01-23 17:01 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-23 17:02 . 2014-01-23 17:02 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-23 17:02 . 2014-01-23 17:01 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-23 17:02 . 2014-01-23 17:01 189352 ----a-w- c:\windows\system32\java.exe
2014-01-23 16:58 . 2013-12-19 03:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-22 19:34 . 2014-01-22 19:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-22 19:34 . 2014-01-22 19:35 -------- d-----w- c:\program files\iTunes
2014-01-22 19:29 . 2014-01-22 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-22 19:29 . 2014-01-22 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-22 19:29 . 2014-01-22 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-22 19:29 . 2014-01-22 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-22 19:29 . 2014-01-22 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-22 19:28 . 2014-01-22 19:29 -------- d-----w- c:\program files (x86)\QuickTime
2014-01-22 15:21 . 2014-01-22 15:21 -------- d-----w- c:\users\Emily\AppData\Roaming\vlc
2014-01-15 17:00 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 17:00 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 17:00 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 17:00 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 17:00 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 17:00 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 17:00 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 17:00 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 17:00 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 04:19 . 2012-04-15 13:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 04:19 . 2011-11-12 15:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-16 09:00 . 2011-10-02 13:36 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-27 01:36 . 2013-12-27 00:05 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-27 00:04 . 2013-03-13 21:05 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-27 00:04 . 2012-02-29 02:00 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-27 00:04 . 2012-02-29 02:00 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-27 00:04 . 2012-02-29 02:00 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-27 00:04 . 2012-02-29 02:00 334136 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-27 00:04 . 2012-02-29 01:59 43152 ----a-w- c:\windows\avastSS.scr
2013-12-26 23:18 . 2013-12-26 23:18 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2013-12-26 23:18 . 2013-12-26 23:18 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2013-12-26 23:18 . 2013-12-26 23:18 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2013-12-26 23:18 . 2013-12-26 23:18 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-12-26 23:18 . 2013-12-26 23:18 3707864 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-12-26 23:18 . 2013-12-26 23:18 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2013-12-26 23:18 . 2013-12-26 23:18 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2013-12-26 23:18 . 2013-12-26 23:18 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2013-12-26 23:18 . 2013-12-26 23:18 2587864 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-12-26 23:18 . 2013-12-26 23:18 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2013-12-26 23:18 . 2013-12-26 23:18 617176 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-12-26 23:18 . 2013-12-26 23:18 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2013-12-26 23:18 . 2013-12-26 23:18 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2013-12-26 23:18 . 2013-12-26 23:18 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2013-12-26 23:18 . 2013-12-26 23:18 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2013-12-26 23:18 . 2013-12-26 23:18 1286360 ----a-w- c:\windows\system32\RTCOM64.dll
2013-12-26 23:18 . 2013-12-26 23:18 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
2013-12-26 23:18 . 2013-12-26 23:18 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2013-12-26 23:18 . 2013-12-26 23:18 153304 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-12-26 23:18 . 2013-12-26 23:18 897152 ----a-w- c:\windows\system32\MBAPO64.dll
2013-12-26 23:18 . 2013-12-26 23:18 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll
2013-12-26 23:18 . 2013-12-26 23:18 65112 ----a-w- c:\windows\system32\MBppld64.dll
2013-12-26 23:18 . 2013-12-26 23:18 60504 ----a-w- c:\windows\system32\MBPPCn64.dll
2013-12-26 23:18 . 2013-12-26 23:18 397080 ----a-w- c:\windows\system32\MBWrp64.dll
2013-12-26 23:18 . 2013-12-26 23:18 1993496 ----a-w- c:\windows\system32\MBAPO264.dll
2013-12-26 23:18 . 2013-12-26 23:18 1722648 ----a-w- c:\windows\SysWow64\MBAPO232.dll
2013-12-26 23:18 . 2013-12-26 23:18 2743328 ----a-w- c:\windows\system32\FMAPO64.dll
2013-12-26 23:18 . 2013-12-26 23:18 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2013-12-26 23:18 . 2013-12-26 23:18 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-26 23:18 . 2013-12-26 23:18 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2013-12-18 12:13 . 2011-12-03 23:51 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 18:06 . 2013-03-13 21:05 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-27 18:05 . 2012-02-29 02:00 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-26 11:54 . 2013-12-11 09:02 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 09:03 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 09:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 09:02 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 09:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 09:02 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 09:02 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 09:02 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 09:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 09:02 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 09:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 09:02 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 09:02 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 09:02 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 09:02 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 09:02 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 09:02 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 09:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 09:02 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 09:02 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 09:02 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 09:02 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 09:02 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 09:02 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 05:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 05:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-13 09:03 . 2013-11-13 09:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-13 09:03 . 2013-11-13 09:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-13 09:03 . 2013-11-13 09:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-13 09:03 . 2013-11-13 09:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-13 09:03 . 2013-11-13 09:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 09:03 . 2013-11-13 09:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-13 09:03 . 2013-11-13 09:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-13 09:03 . 2013-11-13 09:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-13 09:03 . 2013-11-13 09:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-13 09:03 . 2013-11-13 09:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-13 09:03 . 2013-11-13 09:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-13 09:03 . 2013-11-13 09:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-13 09:03 . 2013-11-13 09:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-13 09:03 . 2013-11-13 09:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-13 09:03 . 2013-11-13 09:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-13 09:03 . 2013-11-13 09:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-13 09:03 . 2013-11-13 09:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-13 09:03 . 2013-11-13 09:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-13 09:03 . 2013-11-13 09:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-13 09:03 . 2013-11-13 09:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-13 09:03 . 2013-11-13 09:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-13 09:03 . 2013-11-13 09:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-13 09:03 . 2013-11-13 09:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-13 09:03 . 2013-11-13 09:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-13 09:03 . 2013-11-13 09:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-13 09:03 . 2013-11-13 09:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-13 09:03 . 2013-11-13 09:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-13 09:03 . 2013-11-13 09:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-13 09:03 . 2013-11-13 09:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-13 09:03 . 2013-11-13 09:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-13 09:03 . 2013-11-13 09:03 774144 ----a-w- c:\windows\system32\jscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-27 3764024]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe" [2009-07-14 646144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-12-23 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 libusb0_x64;PNX Driver x64;c:\windows\system32\DRIVERS\AU\libusb0_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AU\libusb0_x64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 00:40 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:19]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 20:38]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 20:38]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723209108-801828472-2437451715-1002Core.job
- c:\users\Billy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 15:38]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723209108-801828472-2437451715-1002UA.job
- c:\users\Billy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 15:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-27 00:04 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-26 13662936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-05 12:41:00
ComboFix-quarantined-files.txt 2014-02-05 18:40
.
Pre-Run: 452,186,845,184 bytes free
Post-Run: 452,212,895,744 bytes free
.
- - End Of File - - 5BF649060DB7DCD6EC45DF2814FE6F0C
CDB4DE4BBD714F152979DA2DCBEF57EB

bbowerman · Feb 5, 2014

add remove programs

Update for Microsoft Office 2007 (KB2508958)
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
7-Zip 9.20
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
avast! Free Antivirus
BufferChm
Compatibility Pack for the 2007 Office system
Copy
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Destinations
DeviceDiscovery
Digital Line Detect
DocMgr
DocProc
Fax
Google Chrome
Google Talk Plugin
Google Update Helper
GPBaseService2
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
iPhone Configuration Utility
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
LAME v3.99.3 (for Windows)
MarketResearch
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Multimedia Card Reader
NetWaiting
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Status
swMSM
The Sims 2
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
WebReg
Windows 7 USB/DVD Download Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

johnb35 · Feb 5, 2014

1. You need to uninstall the following programs.

Java(TM) 6 Update 37
MarketResearch

2. Open OTL again and paste the following into the custom scans/fixes box at the bottom and then click on run fix button at top.

Code:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

:Commands
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[Reboot]

bbowerman · Feb 5, 2014

okay will do OTL is loading i will paste that in and unistall the programs

bbowerman · Feb 5, 2014

uninstalled the java update an ran the OTL script but there was no market research to uninstall

johnb35 · Feb 6, 2014

How are things going?

bbowerman · Feb 6, 2014

been busy job interviews and sledding lol

that thing is like a new computer after that its crazy the junk that big time anti malware, antivirus, and cleaners dont see.

Dell Desktop slowness

bbowerman

New Member

bbowerman

New Member

johnb35

Administrator

bbowerman

New Member

Attachments

johnb35

Administrator

bbowerman

New Member

bbowerman

New Member

bbowerman

New Member

johnb35

Administrator

bbowerman

New Member

bbowerman

New Member

bbowerman

New Member

johnb35

Administrator

bbowerman

New Member

bbowerman

New Member

johnb35

Administrator

bbowerman

New Member