Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

URGENT: Is it a Malware, a Virus or something else - sounds fishy!

Started by Feather24 , Apr 19 2014 10:57 AM

malware virus slow computer sound problems

This topic is locked

#1
Feather24

Posted 19 April 2014 - 10:57 AM

Member

Member
251 posts

Hi, I've used this site before so I'm grateful to be able to come back here.

Please note: I am not an advanced user, so I will need time to do whatever you suggest and as I use my computer for my business I will need time to do work too (which is within 4 days I think?) I am very grateful for any help you can offer.

Below I've attached my OLT report.

Ok so here are my issues then I will state my other computer details:

1. When switching on running nosier first thing - much more noticeable

2. Slower running overall, generally feels sluggish

3. Was unable to use F8 button to run AVG in safe mode so had to go around to do that

4. When watching video's either in e.g. youtube, online player from safe sites - the sound has started to cut out often throughout the viewing

5. Slow booting up and shutting down

6. Often says "warning to shut down due to high usage" when only 1 window is open

7. Often slow loading www addresses and it has become harder to get programs to work, often I have to click many times to get them to work.

8. Over last couple of days I had to completely reset my SKYPE account as I couldn't access it, I haven't had to do that for years. Some of the functionality of that seems to be missing e.g. button to end calls etc.

Using desktop PC, OS Windows 7, MS office

What I have used to help: AVG paid version, Malwarebytes, superantivirus, - they have just picked up cookies no Viruses. I run AVG every day and check for updates daily, also keep MS updates up to date too.

OLT Scan results:

OTL Extras logfile created on: 19/04/2014 17:13:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frances\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.58% Memory free
3.98 Gb Paging File | 2.45 Gb Available in Paging File | 61.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 138.42 Gb Free Space | 59.46% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 19.53 Gb Total Space | 9.73 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive F: | 54.99 Gb Total Space | 7.59 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

Computer Name: FRANCES-PC | User Name: Frances | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F3E3B36-93B1-480B-95C0-85995E163C67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{30636BD0-7ECA-4455-8AA6-0497B4273B6C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{7668AC32-9FA3-4FF2-BD76-F5653FD7A144}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{8E6763E6-6E86-436E-A28E-28261E655D98}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{A0AA3F11-D9CA-486F-9F81-4D8687F18B84}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AB1FD2F4-A994-48BA-947E-AE64B70B0E1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{AE9BA5BF-B251-4DB9-A0E0-61E4DEFCBFDC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{BDF49E80-90C1-49FF-AA7E-CC212F89E778}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{D77C773C-1CCA-47A1-9B78-9B8C1A3D100F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{DE5B138F-9F0D-413F-B1E5-F3AFB45F1F82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{17B70602-91E3-4DEA-9C5C-9CEE84326E73}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{B18BE84B-12F4-4E70-83D5-6E71D51ECB14}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Trust Webcam Live
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client
"{8430D549-E92E-4C27-8A8E-627FCE949ED2}" = AVG 2014
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}" = Vocal Remover
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}" = Citrix Online Launcher
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AD0BF9C0-E5E6-4FF4-8C6A-68CC42B0797D}" = AVG 2014
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C2E455CE-A952-4711-9505-51A8898B113F}" = ArcSoft WebCam Companion 2
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E3B2301A-17BB-441E-B432-FF4DC8549B8A}" = DriverUpdate
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon Kindle For PC" = Amazon Kindle For PC
"Audacity_is1" = Audacity 2.0.2
"AVG" = AVG 2014
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"CCleaner" = CCleaner
"Coupon Printer2.2.0.1" = Coupon Printer
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX3800 User's Guide" = ESDX3800 User's Guide
"FinePrint" = FinePrint
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"IAW20" = IAW20
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pamela" = Pamela Pro 4.7
"Picasa 3" = Picasa 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TVWiz" = Intel® TV Wizard
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Vision Board" = Vision Board 1.31
"VisionBoard Movie Recorder" = VisionBoard Movie Recorder 1.00
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 6.0.0.1259
"Vocal Remover" = Vocal Remover

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/04/2014 13:23:51 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17503

Error - 17/04/2014 13:23:52 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/04/2014 13:23:52 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18501

Error - 17/04/2014 13:23:52 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18501

Error - 17/04/2014 13:23:53 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/04/2014 13:23:53 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19515

Error - 17/04/2014 13:23:53 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19515

Error - 17/04/2014 13:23:54 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/04/2014 13:23:54 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20514

Error - 17/04/2014 13:23:54 | Computer Name = Frances-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20514

[ System Events ]
Error - 13/04/2014 08:48:52 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error - 13/04/2014 08:48:53 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error - 13/04/2014 08:48:54 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error - 13/04/2014 08:48:56 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error - 13/04/2014 08:48:57 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error - 13/04/2014 08:58:03 | Computer Name = Frances-PC | Source = DCOM | ID = 10010
Description =

Error - 16/04/2014 10:33:59 | Computer Name = Frances-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 16/04/2014 10:33:59 | Computer Name = Frances-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 16/04/2014 10:58:00 | Computer Name = Frances-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1AEFD181-F14E-4463-B2D2-39C1367B81A8}
because another computer on the network has the same name. The server could not
start.

Error - 17/04/2014 13:24:26 | Computer Name = Frances-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

< End of report >

#2
Essexboy

Posted 19 April 2014 - 12:22 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you post the main OTL log please

#3
Essexboy

Posted 24 April 2014 - 06:54 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4
Essexboy

Posted 29 April 2014 - 06:49 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#5
Feather24

Posted 29 April 2014 - 07:46 AM

Member

Topic Starter
Member
251 posts

Hi firstly, thanks for helping and reopening this topic.

"Could you post the main OTL log please" - not sure what you mean here - I posted everything that came up in notepad from the OLT results. If you need anything else please can you explain where I get it from. thanks.

#6
Essexboy

Posted 29 April 2014 - 08:22 AM

GeekU Moderator

Retired Staff
69,964 posts

No problem we will run a fresh OTL, there will only be one log this time

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Select LOP and Purity
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Attach both logs

#7
Feather24

Posted 01 May 2014 - 01:37 PM

Member

Topic Starter
Member
251 posts

Hi I was coming here today to run the OTL report at no: 6 - when I logged on a lot of strange things started to happen: 1. Skype opening by itself constantly, file opening by themselves, the computer shutting itself down without me asking it to, also when I clicked on a file lots of them opened and I couldn't close them down. I noticed that the internet assist prog from my SP said it also didn't recognise my browser, when I logged back on after unplugging and then replugging the internet connection, even though it was one that they said they did e.g. IE. I also had problem shutting down my email. I tried re-running the OLT just with what I had on my computer as I disconnected from the internet because I thought maybe there might be some sort of remote access thing going on. I rebooted my PC about 3 times to be able to send this message. Please help! PS I'm still not getting your emails when you post a response either but came back here anyway. thanks

#8
Feather24

Posted 01 May 2014 - 02:00 PM

Member

Topic Starter
Member
251 posts

OK managed to do the new log:

OTL logfile created on: 01/05/2014 20:43:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frances\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 12.69% Memory free
3.98 Gb Paging File | 2.65 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 143.87 Gb Free Space | 61.80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 19.53 Gb Total Space | 9.73 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive F: | 54.99 Gb Total Space | 7.59 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 274.75 Gb Free Space | 59.00% Space Free | Partition Type: FAT32

Computer Name: FRANCES-PC | User Name: Frances | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/01 20:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL (1).exe
PRC - [2014/04/28 19:49:27 | 000,844,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe
PRC - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2014/04/03 21:19:10 | 001,473,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgfws.exe
PRC - [2014/03/27 22:16:32 | 000,854,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2014/03/27 22:15:24 | 000,886,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2014/03/27 22:13:02 | 000,650,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2014/03/27 22:11:40 | 000,669,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/03/19 13:11:14 | 034,138,432 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe
PRC - [2014/03/06 08:28:01 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
PRC - [2014/01/03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/23 21:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/18 00:02:32 | 001,975,296 | ---- | M] (Alexander Nikiforov) -- C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
PRC - [2011/09/07 15:06:32 | 001,841,664 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/15 02:07:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/15 02:07:12 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/15 02:06:55 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/15 02:06:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/15 02:05:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/15 02:05:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe

========== Services (SafeList) ==========

SRV - [2014/04/28 20:49:28 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/04/03 21:19:10 | 001,473,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014/03/29 22:56:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/03/06 08:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 21:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/10/09 10:17:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - [2014/05/01 20:20:13 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/04/18 15:02:04 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/03/31 16:11:58 | 000,211,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/03/31 16:11:50 | 000,108,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/03/27 22:15:18 | 000,193,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/03/27 22:14:40 | 000,123,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/03/27 22:04:22 | 000,150,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/03/27 22:04:02 | 000,238,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/03/27 22:03:22 | 000,028,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/03/27 22:03:20 | 000,022,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 11:00:38 | 000,047,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/09/22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2008/07/28 19:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/01/26 17:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Frances\Desktop
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 4B FD 45 2B 67 CB 01 [binary data]
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/23 13:39:17 | 000,000,000 | ---D | M]

[2011/04/18 17:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Extensions
[2014/03/21 14:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions
[2013/05/17 10:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/21 14:16:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/13 23:30:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/23 09:40:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/25 00:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/21 14:16:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/29 22:56:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Google Wallet = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2013/09/16 10:14:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [googletalk] C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [visionboard] C:\Program Files\VisionBoard\visionboardlauncher.exe ()
O4 - Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AEFD181-F14E-4463-B2D2-39C1367B81A8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/01 17:17:23 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/05/01 20:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL (1).exe
[2014/04/27 16:59:15 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\TWJ health
[2014/04/23 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Frances\AppData\Local\AVG
[2014/04/23 10:40:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/23 10:38:00 | 070,658,472 | ---- | C] (AVG) -- C:\Users\Frances\Desktop\avg_tuh_stf_all_2014_380_24c3.exe
[2014/04/23 10:37:38 | 000,000,000 | -HSD | C] -- C:\Users\Frances\AppData\Local\EmieUserList
[2014/04/23 10:37:38 | 000,000,000 | -HSD | C] -- C:\Users\Frances\AppData\Local\EmieSiteList
[2014/04/23 10:23:46 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/04/23 10:22:37 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/23 10:22:25 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/23 10:22:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/23 10:22:25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/23 10:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/23 10:17:44 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/23 10:17:41 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/23 10:17:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/04/23 10:17:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/04/23 10:17:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/23 10:17:38 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/04/23 10:17:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/23 10:17:37 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/04/23 10:17:36 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/04/23 10:17:36 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/04/23 10:17:35 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/04/23 10:17:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/23 10:17:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/04/23 10:17:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/04/23 10:17:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/04/23 10:17:35 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/04/23 10:17:34 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/04/23 10:17:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/04/23 10:17:25 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/04/23 10:17:22 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/23 10:16:32 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/04/23 10:16:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/04/19 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\Frances\Documents\COACHING 2014
[2014/04/19 19:49:07 | 000,000,000 | ---D | C] -- C:\Users\Frances\Desktop\New folder
[2014/04/19 17:12:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
[2014/04/18 15:02:04 | 000,199,960 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2014/04/09 19:14:21 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/09 19:14:21 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/09 19:14:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/01 20:49:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 20:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL (1).exe
[2014/05/01 20:40:05 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 20:27:59 | 000,015,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 20:27:58 | 000,015,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 20:20:27 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2014/05/01 20:20:13 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2014/05/01 20:19:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/01 20:19:34 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2014/05/01 20:19:31 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/30 10:46:36 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/28 20:49:27 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/28 20:49:27 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/23 10:40:32 | 070,658,472 | ---- | M] (AVG) -- C:\Users\Frances\Desktop\avg_tuh_stf_all_2014_380_24c3.exe
[2014/04/23 10:14:15 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/21 11:22:36 | 000,734,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/21 11:22:36 | 000,151,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/19 17:12:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
[2014/04/19 11:14:34 | 026,441,011 | ---- | M] () -- C:\Users\Frances\Desktop\Faster Change Now! Free tele call with Ricky & Lisen 16April.mp3
[2014/04/18 15:02:04 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2014/04/17 20:28:53 | 000,471,941 | ---- | M] () -- C:\Users\Frances\Desktop\02_Asking_and_Receiving_Being_YOUR_Reality_Step_by_Step_Action_Guide.pdf
[2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/14 03:11:39 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/04/14 03:07:19 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/04/07 16:04:01 | 004,724,404 | ---- | M] () -- C:\Users\Frances\Desktop\easewithyourbody-taster.mp3
[2014/04/06 18:35:35 | 006,488,064 | ---- | M] () -- C:\Users\Frances\Documents\main.db
[2014/04/02 15:15:35 | 005,549,378 | ---- | M] () -- C:\Users\Frances\Desktop\Acoustical Vibration of Gold March 20.mp3
[2014/04/02 15:15:32 | 005,549,378 | ---- | M] () -- C:\Users\Frances\Desktop\Acoustical Vibration of Gold March 20 (1).mp3
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/19 11:12:12 | 026,441,011 | ---- | C] () -- C:\Users\Frances\Desktop\Faster Change Now! Free tele call with Ricky & Lisen 16April.mp3
[2014/04/17 20:28:53 | 000,471,941 | ---- | C] () -- C:\Users\Frances\Desktop\02_Asking_and_Receiving_Being_YOUR_Reality_Step_by_Step_Action_Guide.pdf
[2014/04/07 16:03:04 | 004,724,404 | ---- | C] () -- C:\Users\Frances\Desktop\easewithyourbody-taster.mp3
[2014/04/02 15:15:31 | 005,549,378 | ---- | C] () -- C:\Users\Frances\Desktop\Acoustical Vibration of Gold March 20 (1).mp3
[2014/04/02 15:15:23 | 005,549,378 | ---- | C] () -- C:\Users\Frances\Desktop\Acoustical Vibration of Gold March 20.mp3
[2014/03/28 11:21:58 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/04 20:30:05 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2013/11/04 20:30:04 | 012,028,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2013/11/04 20:30:04 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2013/11/04 20:30:04 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2013/11/04 20:30:04 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2013/10/16 16:17:30 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2013/09/16 09:45:46 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/23 13:26:58 | 000,036,154 | ---- | C] () -- C:\Program Files\cc_20130723_132652.reg
[2013/07/07 14:15:45 | 000,000,151 | ---- | C] () -- C:\Windows\Reimage.ini
[2011/06/27 23:28:39 | 000,015,044 | ---- | C] () -- C:\Program Files\cc_20110627_232823.reg
[2011/06/27 09:30:01 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
[2011/06/07 11:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
[2010/11/08 16:25:25 | 000,004,608 | ---- | C] () -- C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 16:43:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2010/12/10 11:09:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/09 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/04/17 22:17:12 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Amazon
[2014/04/12 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Audacity
[2010/11/08 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Avery
[2014/04/23 10:52:42 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\AVG
[2013/12/09 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\AVG2014
[2013/10/16 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\coupons
[2014/05/01 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Dropbox
[2011/04/01 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\EPSON
[2011/11/28 00:42:55 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\MP3SkypeRecorder
[2010/10/11 15:56:48 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\OpenOffice.org
[2011/02/18 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Pamela
[2012/01/20 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Tific
[2012/11/24 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\TuneUp Software
[2011/08/31 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/07/24 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2011/05/09 13:39:42 | 000,589,528 | ---- | M] (Microsoft Corporation) -- C:\mssstool32.exe

< c:\program files (x86)\Google\Desktop >
[2009/07/14 05:53:46 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011/02/27 13:37:31 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/02/27 13:37:32 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/01 16:14:59 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/03/28 11:22:06 | 000,000,398 | ---- | C] () -- C:\Windows\Tasks\DriverUpdate Startup.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 88D7-8F84
Directory of C:\
14/07/2009 05:53    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
14/07/2009 05:53    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 05:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 05:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
14/07/2009 05:53    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009 05:53    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
14/07/2009 05:53    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 05:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 05:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
14/07/2009 05:53    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:53    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:53    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009 05:53    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:53    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:53    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:53    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:53    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:53    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:53    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:53    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:53    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:53    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009 05:53    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:53    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Frances
08/10/2010 13:45    <JUNCTION>     Application Data [C:\Users\Frances\AppData\Roaming]
08/10/2010 13:45    <JUNCTION>     Cookies [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2010 13:45    <JUNCTION>     Local Settings [C:\Users\Frances\AppData\Local]
08/10/2010 13:45    <JUNCTION>     My Documents [C:\Users\Frances\Documents]
08/10/2010 13:45    <JUNCTION>     NetHood [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/10/2010 13:45    <JUNCTION>     PrintHood [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/10/2010 13:45    <JUNCTION>     Recent [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Recent]
08/10/2010 13:45    <JUNCTION>     SendTo [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\SendTo]
08/10/2010 13:45    <JUNCTION>     Start Menu [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu]
08/10/2010 13:45    <JUNCTION>     Templates [C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Frances\AppData\Local
08/10/2010 13:45    <JUNCTION>     Application Data [C:\Users\Frances\AppData\Local]
08/10/2010 13:45    <JUNCTION>     History [C:\Users\Frances\AppData\Local\Microsoft\Windows\History]
08/10/2010 13:45    <JUNCTION>     Temporary Internet Files [C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Frances\Documents
08/10/2010 13:45    <JUNCTION>     My Music [C:\Users\Frances\Music]
08/10/2010 13:45    <JUNCTION>     My Pictures [C:\Users\Frances\Pictures]
08/10/2010 13:45    <JUNCTION>     My Videos [C:\Users\Frances\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:53    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009 05:53    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:53    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s) 154,344,329,216 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
[2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#9
Feather24

Posted 01 May 2014 - 02:10 PM

Member

Topic Starter
Member
251 posts

I couldn't find the OTL extras file, I noticed that the last time you asked me for it I couldn't find it then it appeared the day after so perhaps it will do that again! Strange! I've never had this problem before running otl scans.

#10
Essexboy

Posted 01 May 2014 - 02:21 PM

GeekU Moderator

Retired Staff
69,964 posts

Nothing immediately jumps out at me from that so I will need to look deeper

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

AswMBR%20scan.JPG

On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

To ensure that you get notifications at the top right of the thread should be a Follow this topic button

Select that

[attachment=70344:Capture.JPG]

#11
Essexboy

Posted 05 May 2014 - 07:07 AM

GeekU Moderator

Retired Staff
69,964 posts

#12
Essexboy

Posted 05 May 2014 - 09:47 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#13
Feather24

Posted 05 May 2014 - 02:16 PM

Member

Topic Starter
Member
251 posts

Hi thanks.

First log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-05 16:35:47
-----------------------------
16:35:47.683    OS Version: Windows 6.1.7601 Service Pack 1
16:35:47.683    Number of processors: 2 586 0x170A
16:35:47.685    ComputerName: FRANCES-PC UserName: Frances
16:35:50.297    Initialize success
16:36:04.534    Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:04.537    Disk 0 Vendor: ST3802110A 3.AAJ Size: 76318MB BusType: 3
16:36:04.540    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
16:36:04.543    Disk 1 Vendor: WDC_WD2500AAJS-00V4A0 05.01D05 Size: 238474MB BusType: 3
16:36:04.622    Disk 1 MBR read successfully
16:36:04.626    Disk 1 MBR scan
16:36:04.629    Disk 1 Windows 7 default MBR code
16:36:04.633    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:36:04.642    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       238372 MB offset 206848
16:36:04.648    Disk 1 scanning sectors +488392704
16:36:04.729    Disk 1 scanning C:\Windows\system32\drivers
16:36:14.958    Service scanning
16:36:25.712    Modules scanning
16:36:30.446    Disk 1 trace - called modules:
16:36:30.471    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
16:36:30.478    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85a3b030]
16:36:30.485    3 CLASSPNP.SYS[88d8d59e] -> nt!IofCallDriver -> [0x85964918]
16:36:30.493    5 ACPI.sys[888cb3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x855b6908]
16:36:30.500    Scan finished successfully
16:37:24.698    Disk 1 MBR has been saved successfully to "C:\Users\Frances\Desktop\MBR.dat"
16:37:24.706    The log file has been saved successfully to "C:\Users\Frances\Desktop\aswMBR.txt"

#14
Feather24

Posted 05 May 2014 - 02:18 PM

Member

Topic Starter
Member
251 posts

I'll need to post the combo fix after tomorrow as I'm away Tuesday.

thanks

#15
Feather24

Posted 10 May 2014 - 03:23 AM

Member

Topic Starter
Member
251 posts

Hi here is the Combofix scan results:

ComboFix 14-05-10.01 - Frances 10/05/2014 10:02:19.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2037.1058 [GMT 1:00]
Running from: c:\users\Frances\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1CF.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2349.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc318C.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3EDD.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5AC.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9463.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9750.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA064.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA167.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA94A.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF2E.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB795.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE21.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFBF.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC94.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCEE3.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD021.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0B0.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7B2.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE060.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE74B.tmp
c:\users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE95E.tmp
c:\users\Frances\videos\AmazonMP3DownloaderInstall(1).exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-10 to 2014-05-10 )))))))))))))))))))))))))))))))
.
.
2014-05-10 09:12 . 2014-05-10 09:13 -------- d-----w- c:\users\Frances\AppData\Local\temp
2014-05-10 09:12 . 2014-05-10 09:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-10 09:12 . 2014-05-10 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 21:55 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 10:11 . 2014-05-03 10:11 -------- d-----w- c:\users\Frances\AppData\Roaming\DropboxMaster
2014-04-23 09:52 . 2014-04-23 09:52 -------- d-----w- c:\users\Frances\AppData\Local\AVG
2014-04-23 09:40 . 2014-04-23 10:07 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-04-23 09:37 . 2014-04-23 09:37 -------- d-sh--w- c:\users\Frances\AppData\Local\EmieUserList
2014-04-23 09:37 . 2014-04-23 09:37 -------- d-sh--w- c:\users\Frances\AppData\Local\EmieSiteList
2014-04-23 09:23 . 2014-04-23 09:23 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-23 09:22 . 2014-04-14 19:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-23 09:16 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-23 09:16 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-18 14:02 . 2014-04-18 14:02 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-10 08:26 . 2014-03-28 10:21 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-04-28 19:49 . 2012-04-01 15:14 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 19:49 . 2011-06-29 10:58 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 15:11 . 2014-03-31 15:11 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-31 15:11 . 2014-03-31 15:11 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-03-27 21:15 . 2014-03-27 21:15 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-27 21:14 . 2014-03-27 21:14 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-27 21:04 . 2014-03-27 21:04 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-27 21:04 . 2014-03-27 21:04 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-27 21:03 . 2014-03-27 21:03 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-27 21:03 . 2014-03-27 21:03 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-07-23 12:27 . 2013-07-23 12:26 36154 ----a-w- c:\program files\cc_20130723_132652.reg
2011-06-27 22:29 . 2011-06-27 22:28 15044 ----a-w- c:\program files\cc_20110627_232823.reg
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"visionboard"="c:\program files\VisionBoard\visionboardlauncher.exe" [2009-07-11 1176064]
"googletalk"="c:\users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"btbb_McciTrayApp"="c:\program files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe" [2011-09-07 1841664]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-04-06 5180432]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
.
c:\users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-04-18 3645456]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-28 904192]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-03-27 150296]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-03-27 238872]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-03-27 28440]
S0 SASKUTIL;SASKUTIL; [x]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-03-27 123160]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-04-18 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-03-27 22296]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-03-27 193304]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-03-31 211224]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2014-04-03 1473280]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-03-27 291912]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 09:42 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:49]
.
2014-05-10 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2014-03-19 12:11]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 12:37]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-10 10:16:03
ComboFix-quarantined-files.txt 2014-05-10 09:16
.
Pre-Run: 150,980,505,600 bytes free
Post-Run: 150,556,450,816 bytes free
.
- - End Of File - - FA66799C58CCC44660C7739DE12E4256
A36C5E4F47E84449FF07ED3517B43A31

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: malware, virus, slow computer, sound problems

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,670 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → Malware Issue [Closed] Started by Beloved9178 , 17 Aug 2023 Slow computer, popups and 2 more... 1 2 3	Hot 33 replies 41,904 views	DR M 30 Aug 2023
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,270 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,723 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,789 views	DR M 16 Apr 2023