Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Memory spike; slow laggy computer; require assistance

malware google chrome popups slow

  • This topic is locked This topic is locked

#1
goosew_108

goosew_108

    New Member

  • Member
  • Pip
  • 9 posts

Hello experts! I wanted to ask your expertise on what's causing my computer to be abnormally slow. There's two major symptoms that are happening and causing problems. The first is to do with google chrome. Opening tabs -- especially multimedia tabs-- causes a massive freeze that is two-three minutes long and a spike in cpu usage (attached is a photo of when I open youtube)

 

I've already tried uninstalling and reinstalling the program. The second symptom is that my software program- malwarebytes consistently every two days or so will send a pop up of "potentially unwanted programs" that it has found and wants to quarantine/delete. I don't have a photo of this but if you would like to see it, I would try to catch it next time it happens and send along a photo. It takes a terribly long time to open softwares in general, but using the internet is very painful-- scrolling frequently freezes even on non-multimedia pages. 

 

Thanks in advance! Here is my OTL log. 

 

 

OTL logfile created on: 26/11/2014 8:21:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 27.90% Memory free
3.98 Gb Paging File | 2.02 Gb Available in Paging File | 50.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.82 Gb Total Space | 126.54 Gb Free Space | 43.36% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.61 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
 
Computer Name: LEWIS-HOMEPC | User Name: Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/26 20:20:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.exe
PRC - [2014/11/25 01:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/11/13 01:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Family\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/04 10:46:40 | 003,060,248 | ---- | M] () -- C:\Program Files\AVG Web TuneUp\vprot.exe
PRC - [2014/11/04 10:46:40 | 001,358,360 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG Web TuneUp\avgcefrend.exe
PRC - [2014/10/27 11:03:54 | 001,849,368 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
PRC - [2014/10/27 11:03:54 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
PRC - [2014/10/01 10:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 10:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 10:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/18 02:20:34 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/26 21:44:10 | 000,472,728 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
PRC - [2012/09/06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/30 03:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/01/30 03:50:26 | 000,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/29 15:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 15:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/07/21 11:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/26 16:06:14 | 000,043,008 | ---- | M] () -- c:\Users\Family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1fxyln.dll
MOD - [2014/11/25 01:39:25 | 014,910,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 01:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 01:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/11/13 01:49:58 | 003,610,624 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/11/04 10:46:40 | 040,630,296 | ---- | M] () -- C:\Program Files\AVG Web TuneUp\libcef.dll
MOD - [2014/11/04 10:46:40 | 003,060,248 | ---- | M] () -- C:\Program Files\AVG Web TuneUp\vprot.exe
MOD - [2014/10/27 11:03:55 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 11:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2014/11/26 09:10:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/05 21:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/10/27 11:03:54 | 001,849,368 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe -- (vToolbarUpdater18.1.10)
SRV - [2014/10/01 10:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 10:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/01/30 03:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/07/06 16:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007/02/14 00:55:42 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/14 00:55:42 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/09/29 15:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/10/27 11:03:55 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/10/26 23:03:50 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/10/01 10:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/10/01 10:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 06:32:08 | 000,134,144 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/09/05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0A7F57AF-E6B5-4DE7-A7F5-DACF503C0D20}: "URL" = http://search.live.c...#38;FORM=HVDCS7
IE - HKLM\..\SearchScopes\{358A9004-0BB7-4404-BDF9-EAAAC2CB52C9}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{4D599494-48F5-4625-B4CD-910ED1D8E4B9}: "URL" = http://ca.search.yah...ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.globeinvestorgold.com/ [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.homeunionville.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0A7F57AF-E6B5-4DE7-A7F5-DACF503C0D20}: "URL" = http://search.live.c...#38;FORM=HVDCS7
IE - HKCU\..\SearchScopes\{358A9004-0BB7-4404-BDF9-EAAAC2CB52C9}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{4D599494-48F5-4625-B4CD-910ED1D8E4B9}: "URL" = http://ca.search.yah...ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLJ_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/20 15:59:50 | 000,000,000 | ---D | M]
 
[2014/09/20 15:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/20 16:00:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/17 13:38:04 | 000,196,608 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npxsciter.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: sciter (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npxsciter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.146_0\
CHR - Extension: No name found = \Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Web TuneUp) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll File not found
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Web TuneUp\vprot.exe ()
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe File not found
O4 - HKLM..\RunOnce: [ehssetup] "%WinDir%\system32\rundll32.exe" "%WinDir%\ehome\ehssetup.dll",LaunchProcessInputFiles File not found
O4 - HKLM..\RunOnce: [HDMI ARP Update] reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HDMI" /v Changed /t REG_DWORD /d 1 /f File not found
O4 - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4 - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4 - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4 - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found
O4 - HKCU..\RunOnce: [DPAPIKeyMig] C:\Windows\System32\dpapimig.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [WAB Migrate] C:\Program Files\Windows Mail\wab.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} https://www.topprodu...ds/msjavx86.exe (Microsoft VM)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A7C227-CA85-4131-A3D9-C7CB36011BA6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6692F84-004C-4BEA-BC89-7B067E5CA886}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6AEFDE-EAB5-4C12-BDF2-39A482E98CB3}: DhcpNameServer = 172.20.10.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDToolbar.dll File not found
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/15 23:31:32 | 000,000,000 | -H-D | C] -- C:\Users\Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/11/15 23:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/26 20:34:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3A381596-DF53-49F1-B516-6C1B19F06422}.job
[2014/11/26 20:10:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/26 19:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/26 16:49:04 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/26 16:05:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/26 15:57:21 | 000,018,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/26 15:57:21 | 000,018,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/26 15:56:18 | 000,674,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/26 15:56:18 | 000,129,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/26 15:49:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/26 15:49:33 | 1603,112,960 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/16 09:22:33 | 000,373,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/15 23:31:27 | 000,002,231 | ---- | M] () -- C:\Users\Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/15 23:31:27 | 000,002,231 | ---- | C] () -- C:\Users\Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/15 23:31:27 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/15 05:38:07 | 1603,112,960 | -HS- | C] () -- \hiberfil.sys
[2014/09/15 05:16:49 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2014/08/01 09:32:03 | 000,000,895 | ---- | C] () -- C:\Windows\disney.ini
[2014/08/01 09:30:52 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2014/08/01 09:30:52 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/07/13 21:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 21:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2006/12/13 03:45:41 | 000,383,786 | RHS- | C] () -- \bootmgr
[2006/12/13 03:45:41 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
 
 
And the extras log: 
 

OTL Extras logfile created on: 26/11/2014 8:21:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 27.90% Memory free
3.98 Gb Paging File | 2.02 Gb Available in Paging File | 50.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.82 Gb Total Space | 126.54 Gb Free Space | 43.36% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.61 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
 
Computer Name: LEWIS-HOMEPC | User Name: Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CB62E9C3-0A46-4CBF-B144-1B29265A28B3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03007517-582B-4FFA-9C1D-07E940361664}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{085DD786-CF99-47F8-9074-086FE55E8AAE}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{177EAB74-9F52-41DD-B087-1009FD801E96}" = protocol=6 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs7dc2\hpdiagnosticcoreui.exe | 
"{228F5C22-35DD-406E-9A88-CCBCA5D21002}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26533726-96EB-4629-AF99-BEF0CCDCC568}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{2D23E64E-6449-45B6-9FD6-4F26ADED2AAF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe | 
"{3BB26D95-7483-47FE-96D1-77952A9B06C1}" = protocol=17 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs7dc2\hpdiagnosticcoreui.exe | 
"{3DFCB5BA-185C-46D4-A6D2-209F3F3E921F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{4EA4BE56-8F98-455B-BF45-EE07D024F6D8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{50BA087C-CCCA-450E-B7B4-21CD776FB9D5}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections | 
"{51134040-1FE1-4BF2-A758-C01AE1F5167C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{5FFBA407-C614-4B0B-9C36-F132ED069CFD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{68AAD176-5D5E-4016-B586-EC7EA56DAE0C}" = protocol=17 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs241d\hpdiagnosticcoreui.exe | 
"{68F4AF04-D21F-4D5D-9D33-97F502C5B8E3}" = protocol=17 | dir=in | app=c:\program files\hp\csiinstaller\0ef0ea0d-f945-4958-85cc-60ff1e86d216\installer\hpbcsiinstaller.exe | 
"{724291FA-1391-4CFF-BEC0-2315FA2A9F20}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{7890B280-8BA4-4546-BC8A-D8F986CF22F5}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{871233F9-4955-4B71-BE1F-434F0DDF46CB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{8E44B1D7-61AE-4EA0-B4DF-E8BD2FB72BFE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{A0FA95F8-847C-4B91-B2FE-E99B7A42F730}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A33A3EF5-A1D8-4246-84B4-F08733ADE4D6}" = protocol=17 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs35c8\hpdiagnosticcoreui.exe | 
"{AEEF7B1A-1BFB-466C-A76C-E5FB389EF59B}" = protocol=6 | dir=in | app=c:\program files\hp\csiinstaller\0ef0ea0d-f945-4958-85cc-60ff1e86d216\installer\hpbcsiinstaller.exe | 
"{B21DDFE6-82FE-45FF-9554-39778F2AA3D5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe | 
"{B84809F8-72EB-4460-AD5F-DC3C581B1C67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D08C2BA9-9117-4D84-A377-43A78597EDB1}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{D13D15F1-606D-4BCB-8B8F-FE0E668576A5}" = protocol=6 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs35c8\hpdiagnosticcoreui.exe | 
"{D62942DD-2895-4440-8442-DE7E8E17460B}" = protocol=17 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs2b45\hpdiagnosticcoreui.exe | 
"{DF4DC5B4-A401-4B71-9128-78A7C97FC7D5}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{E2E1520F-6349-4DE5-9A87-2F77B796C391}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{E311FCEA-37AB-4148-A4A5-C71805CB577C}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{E6153C8D-DFC2-44CE-80BF-6551EC58C343}" = protocol=6 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs241d\hpdiagnosticcoreui.exe | 
"{EB49869E-D06C-468D-8678-1153574A55BB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{EC0A4DA8-AC61-48CE-A522-4C1144C337E6}" = protocol=6 | dir=in | app=c:\users\lewis\appdata\local\temp\7zs2b45\hpdiagnosticcoreui.exe | 
"{F2F69701-FB4C-4F08-87D0-E8009CE9A487}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{FD0A806F-A5C3-4C92-A2A4-7638F75CBA15}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe | 
"TCP Query User{50B14491-D051-4E68-BA05-05A268692952}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6FCE6A26-F078-4B6B-8109-75F7D2519D0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C60BCBDD-6716-4565-AABD-A0B52D58C21B}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D2CB4EE9-0F97-4652-BF08-FBA4D48FB031}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A5A4AF-5CC1-4009-B8E2-F4C4E9A1D6FC}" = DYNA Font
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{439A51F7-84B1-4603-BEC8-647EB2AC307F}" = WD Drive Utilities
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{47BBD3C6-4C8C-408A-9E5F-EFCF2A161AE4}" = easyOFFER 2007 TREB
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4D7B6C53-B3E7-4D93-B27C-B7A50A9627C9}" = Canon Laser Printer/Scanner/Fax Extended Survey Program
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{51FECE8E-F698-4752-9F06-539500985CA4}" = easyOFFER 2007 TREB Service Pack 2
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf14
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{78AD4938-7EE6-4DC0-A5BC-3AF82750A617}" = QuickTax Tracker
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86D04316-F49A-4AF2-B3F1-A1E943886CE7}" = iTunes
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-2448-0000-705000000001}" = Adobe Reader Chinese Traditional Fonts
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2938963-3BB0-41cd-9769-E28814C59075}" = Canon MF8200C Series
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDAC04BD-EE0F-4A9A-99F2-D1A711683C87}" = .NET Utilities
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E48995AF-B140-44F5-9A20-A3E4E627F2C2}" = WD SmartWare
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}" = PenpowerJR
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8STAR8.1" = 8STAR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"ASUS Wireless Router Utilities" = ASUS Wireless Router Utilities
"AVG Web TuneUp" = AVG Web TuneUp
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon Laser Printer/Scanner/Fax Extended Survey Program" = Canon Laser Printer/Scanner/Fax Extended Survey Program
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HP-LaserJet 1020 series" = LaserJet 1020 series
"HPOCR" = HP OCR Software 8.0
"InstallShield_{78AD4938-7EE6-4DC0-A5BC-3AF82750A617}" = QuickTax Tracker
"Making Sales Happen_is1" = Making Sales Happen 2.7.16
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mojo Sales Engine_is1" = Mojo Sales Engine 2.4.74
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 32.0.2 (x86 en-US)" = Mozilla Firefox 32.0.2 (x86 en-US)
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Top Producer Editor_is1" = Top Producer Editor
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/11/2014 8:59:20 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 8:59:20 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:07:34 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:07:34 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 504: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:07:35 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:07:35 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 504: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:23:58 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:23:58 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:26:29 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:26:29 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 296: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:26:40 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:26:40 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:26:40 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:26:40 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:27:56 PM | Computer Name = Lewis-HomePC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary AVGIDSDriver.  System Error: The system cannot find the file specified.  .
 
Error - 12/11/2014 9:28:21 PM | Computer Name = Lewis-HomePC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary AVGIDSDriver.  System Error: The system cannot find the file specified.  .
 
Error - 12/11/2014 9:28:23 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 12/11/2014 9:28:23 PM | Computer Name = Lewis-HomePC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error - 12/11/2014 9:29:33 PM | Computer Name = Lewis-HomePC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary AVGIDSDriver.  System Error: The system cannot find the file specified.  .
 
Error - 23/11/2014 3:51:57 PM | Computer Name = Lewis-HomePC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17420 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1a40    Start
 Time: 01d007560ed205d5    Termination Time: 42    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:   
 
[ System Events ]
Error - 16/11/2014 10:25:56 AM | Computer Name = Lewis-HomePC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
Error - 16/11/2014 10:25:56 AM | Computer Name = Lewis-HomePC | Source = Service Control Manager | ID = 7000
Description = The Network Connections service failed to start due to the following
 error:   %%1053
 
Error - 16/11/2014 10:26:44 AM | Computer Name = Lewis-HomePC | Source = DCOM | ID = 10005
Description = 
 
Error - 16/11/2014 11:41:33 AM | Computer Name = Lewis-HomePC | Source = BROWSER | ID = 8032
Description = 
 
Error - 24/11/2014 9:12:18 PM | Computer Name = Lewis-HomePC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:03:59 PM on ?11/?24/?2014 was unexpected.
 
Error - 24/11/2014 9:13:27 PM | Computer Name = Lewis-HomePC | Source = DCOM | ID = 10016
Description = 
 
Error - 24/11/2014 10:30:04 PM | Computer Name = Lewis-HomePC | Source = BROWSER | ID = 8032
Description = 
 
Error - 26/11/2014 12:19:27 AM | Computer Name = Lewis-HomePC | Source = DCOM | ID = 10010
Description = 
 
Error - 26/11/2014 4:49:57 PM | Computer Name = Lewis-HomePC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:34:07 AM on ?11/?26/?2014 was unexpected.
 
Error - 26/11/2014 4:51:01 PM | Computer Name = Lewis-HomePC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 

Attached Thumbnails

  • taskmanager.gif

Edited by goosew_108, 27 November 2014 - 12:44 PM.

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi goosew_108,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.



Let's get started....

Thank you for the OTL logs but I would like to get a more detailed look with a different scanner please.

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. You can use more than one post if that is easier for you, I don't mind.
Information to Reply with >>>>
  • That you have read the introduction outline and any questions or concerns you may have.
  • The FRST.txt log text.
  • The Addition.txt log text.

  • 0

#3
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

]Hi Dbreeze! Thank you so much for replying and taking the time to help. I read everything and I think I can follow all the instructions. The only thing is that earlier today before I received this reply, my parents bought and installed the new 2015 version of AVG and it went through the registry and cleaned up a lot of errors and fixed a lot of items in the registry etc. So already, the internet seems to run a lot better, but things are still laggy at application startups. Would it be okay for us to continue the process though until you declare my computer clean? Thanks in advance 

 

I attached the FRST files you've requested.

 

---------------------------------

 

Attached File  FRST.txt   36.59KB   155 downloads

 

Attached File  Addition.txt   31.67KB   194 downloads

 

-----------------------------------


Edited by goosew_108, 30 November 2014 - 01:47 AM.

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
While it does look like AVG2015 fixed a good many of the initial problems I noticed, there are still some details that need to be addressed. There also seems to be some issues with the Volume Shadow Service so I would like to start checking on that also.

First, Run a FRST Fixlist script >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
URLSearchHook: [S-1-5-21-1281781510-1492145563-2711715990-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {358A9004-0BB7-4404-BDF9-EAAAC2CB52C9} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-1281781510-1492145563-2711715990-1002 -> {358A9004-0BB7-4404-BDF9-EAAAC2CB52C9} URL = http://www.ask.com/w...}&l=dis&o=cahpd
BHO: CA Toolbar Helper -> {FBF2401B-7447-4727-BE5D-C19B2075CA84} -> No File
Toolbar: HKLM - CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKU\S-1-5-21-1281781510-1492145563-2711715990-1002 -> CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKU\S-1-5-21-1281781510-1492145563-2711715990-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - No File
ShellExecuteHooks: ShellHook Class - {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - No File [ ]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3A381596-DF53-49F1-B516-6C1B19F06422}.job => ?
end


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Second, Run a CHKDSK scan on the C: drive >>>>


We need to run a CHKDSK utility scan and / or fix on your system. To start this utility (it is part of the Windows OS)
click on Start>>>Computer>>>Highlight C: >>>Right click>>>Properties>>>Tools>>>Error Checking, then click on Check Now.

If there are errors that need correcting, the utility will ask you to schedule a run when the system is not in use (meaning the next time the system reboots or starts). Please allow this and restart the system to allow this to happen.

Once the utility completes all its runs (the scan you started and the working repair [if needed]) please run the routine below to provide a log file for review:

ListChkdskResult.png Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.
  • Right-click on ListChkdskResult.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • A message about checking Windows Event Log will pop-up. Click OK.
  • Wait patiently until a notepad window will open. This won't take long.
  • The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.
Please include the content of this file in your next reply.


Information to Reply with >>>>
  • The Fixlog.txt file text.
  • The ListChkDskResult.txt file text.
  • Any questions or concerns you have.

  • 0

#5
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi dbreeze! 

 

Things are definetetly speeding up after the this new fix. I wanted to mention that I'm going to be out of town from tomorrow until Sunday night. Is it alright if I respond to you either on Sunday night or Monday? Thanks for all your know-how. 

 

And attached are the logs. I couldn't upload the listchkdskresult for some reason, so i copied pasted it here: 

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 03/12/2014 12:23:40 AM >------
Category: 0
Computer Name: Lewis-HomePC
Event Code: 1001
Record Number: 219959
Source Name: Microsoft-Windows-Wininit
Time Written: 12-02-2014 @ 21:44:51
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  363520 file records processed.                                         
 
File verification completed.
  1355 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  76 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  423120 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  363520 file SDs/SIDs processed.                                        
 
CHKDSK is compacting the security descriptor stream
Cleaning up 9955 unused security descriptors.
  29801 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34648512 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  363504 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  33156227 free clusters processed.                                        
 
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 305998055 KB total disk space.
 172761424 KB in 204297 files.
    137696 KB in 29804 indexes.
         0 KB in bad sectors.
    474027 KB in use by the system.
     65536 KB occupied by the log file.
 132624908 KB available on disk.
 
      4096 bytes in each allocation unit.
  76499513 total allocation units on disk.
  33156227 allocation units available on disk.
 
Internal Info:
00 8c 05 00 7f 92 03 00 03 63 06 00 00 00 00 00  .........c......
0b e4 00 00 4c 00 00 00 00 00 00 00 00 00 00 00  ....L...........
90 8e 0f 00 50 01 0e 00 a8 1b 0e 00 00 00 0e 00  ....P...........
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: Lewis-HomePC
Event Code: 26214
Record Number: 219843
Source Name: Chkdsk
Time Written: 11-30-2014 @ 01:09:50
Event Type: Information
User: 
Message: Chkdsk was executed in read/write mode.  
 
Checking file system on D:\
Volume label is Recovery.
 
CHKDSK is verifying files (stage 1 of 5)...
  9408 file records processed.                                         
 
File verification completed.
  0 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  10142 index entries processed.                                        
 
Index verification completed.
 
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  9408 file SDs/SIDs processed.                                        
 
Cleaning up 44 unused index entries from index $SII of file 0x9.
Cleaning up 44 unused index entries from index $SDH of file 0x9.
Cleaning up 44 unused security descriptors.
Security descriptor verification completed.
  368 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  1158680 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  9392 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  160603 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
   6570584 KB total disk space.
   5902928 KB in 5761 files.
      1656 KB in 369 indexes.
     23584 KB in use by the system.
     12272 KB occupied by the log file.
    642416 KB available on disk.
 
      4096 bytes in each allocation unit.
   1642646 total allocation units on disk.
    160604 allocation units available on disk.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: Lewis-HomePC
Event Code: 1001
Record Number: 193398
Source Name: Microsoft-Windows-Wininit
Time Written: 05-06-2014 @ 00:37:00
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
The non resident attribute of type 0x80 and instance tag 0x0 is
inconsistent.  The valid data length is 0xc70b2000, file size 0xc70b2000, and
allocated length 0xc6fed000.
Deleting corrupt attribute record (128, "")
from file record segment 220822.
Deleted corrupt attribute list entry
with type code 128 in file 188.
Unable to locate attribute of type 0x80, lowest vcn 0x0,
instance tag 0x0 in file 0x35e96.
The first attribute of type 0x30 and instance tag 0x2
in file 0xbc should not be resident.
Deleted corrupt attribute list entry
with type code 48 in file 188.
Unable to locate attribute with instance tag 0x2 and segment
reference 0x400000000000bc.  The expected attribute type is 0x30.
Deleting corrupt attribute record (48, "")
from file record segment 188.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x16f000000034709.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 214793.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x15600000003470a.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 214794.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x117000000037a62.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 227938.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xeb000000037a88.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 227976.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x15e000000037a8f.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 227983.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xa7000000037a93.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 227987.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x113000000037a99.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 227993.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x75000000038240.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 229952.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x120000000038243.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 229955.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xce000000038244.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 229956.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xf2000000038245.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 229957.
Attribute record of type 0x80 and instance tag 0x1 is cross linked
starting at 0x247a4fc for possibly 0xd4 clusters.
  309760 file records processed.                                  
 
  966 large file records processed.                            
 
  0 bad file records processed.                              
 
Correcting cross-link for file 205318.
  0 EA records processed.                                    
 
  92 reparse records processed.                               
 
Unable to locate the file name attribute of index entry pagefile.sys
of index $I30 with parent 0x5 in file 0xbc.
Deleting index entry pagefile.sys in index $I30 of file 5.
  1147460 index entries processed.                                 
 
CHKDSK is recovering lost files.
  5 unindexed files processed.                               
 
  309760 security descriptors processed.                          
 
Cleaning up 9232 unused index entries from index $SII of file 0x9.
Cleaning up 9232 unused index entries from index $SDH of file 0x9.
Cleaning up 9232 unused security descriptors.
Inserting data attribute into file 188.
  32426 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  33735184 USN bytes processed.                                     
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 305998055 KB total disk space.
 165583744 KB in 249601 files.
    160784 KB in 32427 indexes.
         0 KB in bad sectors.
    429091 KB in use by the system.
     65536 KB occupied by the log file.
 139824436 KB available on disk.
 
      4096 bytes in each allocation unit.
  76499513 total allocation units on disk.
  34956109 allocation units available on disk.
 
Internal Info:
00 ba 04 00 b6 4d 04 00 04 77 07 00 00 00 00 00  .....M...w......
9a 76 00 00 5c 00 00 00 07 3e 00 00 00 00 00 00  .v..\....>......
61 ca 6e 15 00 00 00 00 56 04 01 f3 00 00 00 00  a.n.....V.......
37 6f 8a e3 00 00 00 00 00 00 00 00 00 00 00 00  7o..............
00 00 00 00 00 00 00 00 1d 27 d4 f6 01 00 00 00  .........'......
64 7a da 00 00 00 00 00 c0 1f e8 00 08 72 2f 00  dz...........r/.
08 78 32 00 10 00 00 00 34 1d e8 00 48 73 2f 00  .x2.....4...Hs/.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
-----------------------------------------------------------------------
 

 

Attached Files


  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi goosew_108!

Thanks for letting me know about your time away from the forum. Reply here when it is convenient for you; we will leave the thread open for you.

The ChkDsk run did actually correct some disk errors that the background processes of Windows use quite heavily; the result should be much better responsiveness from the system now.

It looks like the Fixlist / FRST script run was handled fine on your end except for the fact that I believe it was run under a user account that was not an Administrator of the system. Can you have the account Lewis be the only one logged into the system and then run the Fixlist.txt script again? (You will have to download the script again as FRST deletes the script from the desktop when it runs the script.)

Before we move on, I will need to see about a correct Fixlist run so I will wait for your reply on this matter.


  • 0

#7
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Dbreeze, I am back! Thanks for waiting. 

 

The responsiveness may be a bit better... but it didn't last for very long and now everything is super slow again! including starting a computer.. or starting programs. eeks. 

 

So I ran FRST as an administrator and i've attached the fixlog. Think it should be right this time. 

Attached Files


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

I am so sorry for letting you wait so long here; no excuse for it.  I apologize and we should move to checking for other malware ...
 
Hey, that is great news on the Fixlist run; it did the job it was written for.  Good deal!! :spoton:
 
Now, let's go after some Adware and or Junkware that could be slowing the system ....


First, a Junkware removal scan >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Second, a AdwCleaner scan >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Information to Reply with >>>>

  • How is the system running now after the Fixlist run?
  • The JRT.txt log text.
  • The AdwCleaner[R#].txt scan log text.
  • Any questions you may have.

  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

goosew_108, do you still need any help?  :confused:


  • 0

#10
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Dbreeze! 

I'm so sorry for not replying sooner. I did half of it but I had to go out of town again until Sunday. Would you mind if I finish up the rest then? 


  • 0

Advertisements


#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

That will be fine.  I will try and be better at replying promptly.  Hope you have a good trip. :yes:


  • 0

#12
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Dbreeze, merry christmas!!!

Thanks for waiting :) 

 

My computer's been definetetly smoother since the fixlist. But every few days, it still pops up a message saying that the memory ran out and I have to restart the computer in order to clear the memory... and this is after not doing very much at all. Just running the usual internet browser and whatever's in the background. 

 

My two logs are attached, looking forward to your analysis :) 

 

JRT: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Lewis on 15/12/2014 at 22:16:06.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0A7F57AF-E6B5-4DE7-A7F5-DACF503C0D20}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{358A9004-0BB7-4404-BDF9-EAAAC2CB52C9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0A7F57AF-E6B5-4DE7-A7F5-DACF503C0D20}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Lewis\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Lewis\appdata\locallow\alot"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Users\Lewis\documents\optimizer pro"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Lewis\AppData\Roaming\mozilla\firefox\profiles\i5ihmcib.default\user.js
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/12/2014 at 22:30:59.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
ADW: 
 
# AdwCleaner v4.106 - Report created 24/12/2014 at 02:31:17
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Lewis - LEWIS-HOMEPC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater18.1.10
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vu4c0nyu.default\searchplugins\avg-secure-search.xml
File Found : C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihmcib.default\user.js
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\weDownload Manager Pro
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\Family\AppData\LocalLow\Conduit
Folder Found : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vu4c0nyu.default\Extensions\[email protected]
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
[vu4c0nyu.default] - Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[vu4c0nyu.default] - Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [414 octets] - [24/12/2014 02:28:10]
AdwCleaner[R1].txt - [5825 octets] - [24/12/2014 02:31:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5885 octets] ##########
 

  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi goosew_108! I hope you had a Merry Christmas also!

FIRST, AdwCleaner Clean run >>>>

Re-run AdwCleaner

Close all open windows and browsers.
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
SECOND, Update and run a MalwareBytes' AntiMalware scan >>>>

The version of MalwareBytes' AntiMalware listed in your logs is not the current latest version. Please update it using the directions below:

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from Here

Double Click on the mbam-setup.exe file to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
  • 2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps
  • Once the program has loaded and updated, select "Scan Now >>" to start the scan.
  • 5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps
  • The scan may take some time to finish, so please be patient.
  • If any malware is found, make sure that everything is checked, and click Remove Selected.
  • When the scan is complete, click View detailed log >> to view the results.
  • 386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps
  • The report screen will open
  • a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps
  • At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
  • ExportSaved_zpsac3a71eb.png
  • The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Information to Reply with >>>>
  • The AdwCleaner[S#].txtlog file text.
  • The Malwarebytes' AntiMalware scan log text.
  • How is your system running now?

  • 0

#14
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
# AdwCleaner v4.106 - Report created 28/12/2014 at 20:04:17
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Lewis - LEWIS-HOMEPC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.10
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files\weDownload Manager Pro
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vu4c0nyu.default\Extensions\[email protected]
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vu4c0nyu.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihmcib.default\user.js
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
[vu4c0nyu.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[vu4c0nyu.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [414 octets] - [24/12/2014 02:28:10]
AdwCleaner[R1].txt - [5965 octets] - [24/12/2014 02:31:17]
AdwCleaner[R2].txt - [5182 octets] - [28/12/2014 19:59:23]
AdwCleaner[S0].txt - [5219 octets] - [28/12/2014 20:04:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5279 octets] ##########

  • 0

#15
goosew_108

goosew_108

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Oops and one more: 

Computer was smoother after the fix! 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 28/12/2014
Scan Time: 8:17:10 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.28.12
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Lewis
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 473496
Time Elapsed: 52 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, , [6cd06107611b48ee8c4972b317ede61a], 
 
Registry Values: 1
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|Debugger, "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe", , [6cd06107611b48ee8c4972b317ede61a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Conduit.A, C:\Program Files\Installl_Converter, , [72ca87e13b41a78f595c0425917249b7], 
 
Files: 4
PUP.Optional.Conduit.A, C:\Program Files\Installl_Converter\GottenAppsContextMenu.xml, , [72ca87e13b41a78f595c0425917249b7], 
PUP.Optional.Conduit.A, C:\Program Files\Installl_Converter\OtherAppsContextMenu.xml, , [72ca87e13b41a78f595c0425917249b7], 
PUP.Optional.Conduit.A, C:\Program Files\Installl_Converter\SharedAppsContextMenu.xml, , [72ca87e13b41a78f595c0425917249b7], 
PUP.Optional.Conduit.A, C:\Program Files\Installl_Converter\ToolbarContextMenu.xml, , [72ca87e13b41a78f595c0425917249b7], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, google chrome, popups, slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP