Computer is too slow to use.
Wife wants to replace! Help, please. So slow it is frustrating to the point of just wanting to give up using it.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720
Run by Owner at 1:28:30 on 2013-10-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1013.110 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\Downloads\uTorrent.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Epson Stylus NX430(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihba.exe /fu "c:\users\owner\appdata\local\temp\E_SD35C.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{1698D5E8-97B0-47AC-8A6A-DD756E414743} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{88C25230-17F3-4B78-9065-D1AA8B9351D6} : DHCPNameServer = 4.2.2.1 4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2013-2-6 142432]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2013-6-22 602216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2013-9-18 12320]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-4-3 12984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-17 52224]
.
=============== Created Last 30 ================
.
2013-10-15 19:40:16 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-15 19:40:15 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-15 19:40:15 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-15 19:40:15 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-15 19:40:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-15 19:40:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-15 19:40:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-13 16:51:07 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-13 16:51:06 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-13 16:51:06 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-13 16:51:06 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-13 16:51:04 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-13 16:51:04 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-13 16:51:04 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-13 16:51:00 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-01 17:09:41 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2013-10-01 17:07:51 -------- d-----w- c:\programdata\Malwarebytes
2013-10-01 17:07:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-01 17:07:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-01 17:06:29 -------- d-----w- c:\users\owner\appdata\local\Programs
2013-10-01 13:52:00 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2013-10-01 13:51:53 25400 ----a-w- c:\windows\system32\authuitu.dll
2013-10-01 13:50:47 -------- d-----w- c:\users\owner\appdata\roaming\AVG
2013-10-01 13:47:31 -------- d-----w- c:\programdata\AVG
2013-10-01 13:45:32 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
.
==================== Find3M ====================
.
2013-10-13 17:11:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 17:11:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-10 06:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 06:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 1:30:16.27 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-16 01:41:04
-----------------------------
01:41:04.601 OS Version: Windows 6.1.7601 Service Pack 1
01:41:04.602 Number of processors: 1 586 0x1601
01:41:04.604 ComputerName: OWNER-PC UserName: Owner
01:41:06.545 Initialize success
01:47:52.196 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:47:52.219 Disk 0 Vendor: ST3160318AS CC45 Size: 152587MB BusType: 3
01:47:52.227 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
01:47:52.232 Disk 1 Vendor: WDC_WD3200AAKS-61L9A0 01.03E01 Size: 305245MB BusType: 3
01:47:52.347 Disk 0 MBR read successfully
01:47:52.353 Disk 0 MBR scan
01:47:52.361 Disk 0 Windows 7 default MBR code
01:47:52.373 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:47:52.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
01:47:52.398 Disk 0 scanning sectors +312496128
01:47:52.483 Disk 0 scanning C:\Windows\system32\drivers
01:48:01.125 Service scanning
01:48:24.651 Modules scanning
01:49:32.134 Disk 0 trace - called modules:
01:49:32.514 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys VSTCNXT3.SYS dxgkrnl.sys igdkmd32.sys dxgmms1.sys
01:49:32.524 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550f030]
01:49:32.534 3 CLASSPNP.SYS[873ba59e] -> nt!IofCallDriver -> [0x8509c918]
01:49:32.544 5 ACPI.sys[870ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85094908]
01:49:32.555 Scan finished successfully
01:51:10.032 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
01:51:10.047 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
Thank you so much!
Attached Files
Sorry for the late reply, it appears your thread was just missed but I have you now. Still need help ?
Yes, I still need help. Thank you!
I ran adwcleaner since I posted logs. I don't think I did anything else except run Malwarebyte again. No noticeable change in performance. Thank you for coming to the rescue!
Can you find the log from AdwCleaner, it should be on your desktop, did you run it just to scan or did you have it clean what it found ?
If you didnt clean with it than here are instructions
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button. AdwCleaner will begin to scan your computer like it did before. After the scan has finished... This time, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[S0].txt ) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Also, what if any did Malwarebytes find, you can open Malwarebytes and go to the Report tab, click on the last one you ran, open it and post that log also, if it didn't find anything that no need to post it.
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
OTL by OldTimer
Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output . Click the "Scan All Users" checkbox. Check the boxes beside LOP Check and Purity Check . Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt .
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Malwarebytes didn't find anything, so no log in it posted.
Log on AdwCleaner:
# AdwCleaner v3.010 - Report created 22/10/2013 at 09:22:41
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Djenadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Luke.Owner-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Mark.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Djenadi.Owner-PC.002\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Luke.Owner-PC.000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1835 octets] - [22/10/2013 09:11:45]
AdwCleaner[S0].txt - [1772 octets] - [22/10/2013 09:22:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1832 octets] ##########
JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.1 (07.15.2013:2)
OS: Windows 7 Professional x86
Ran by Owner on Fri 10/25/2013 at 23:49:36.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/25/2013 at 23:53:56.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL.txt:
OTL logfile created on: 10/26/2013 12:10:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.18 Mb Total Physical Memory | 420.50 Mb Available Physical Memory | 41.50% Memory free
2.16 Gb Paging File | 0.96 Gb Available in Paging File | 44.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 59.23 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 224.49 Gb Free Space | 75.31% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe (AVG)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com ))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (AVG)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com ))
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 73 8B 8B 6A F0 CD 01 [binary data]
IE - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
[2012/05/18 16:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/05/18 16:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: chrome://newtab
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/04/03 12:12:06 | 000,441,500 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15173 more lines...
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000..\Run: [Epson Stylus NX430(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2579285414-3998430583-2402241036-1000\..Trusted Domains: localhost ([]* in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1698D5E8-97B0-47AC-8A6A-DD756E414743}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C25230-17F3-4B78-9065-D1AA8B9351D6}: DhcpNameServer = 4.2.2.1 4.2.2.2
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/29 14:31:00 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/26 00:06:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/25 23:49:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/23 08:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/22 09:11:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/21 08:04:34 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\System32\authuitu.dll
[2013/10/21 08:04:24 | 000,035,640 | ---- | C] (AVG) -- C:\Windows\System32\uxtuneup.dll
[2013/10/16 17:24:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\for spybot forum inquiry 10-16-13
[2013/10/16 01:23:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/10/16 01:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/10/16 01:21:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ERUNT
[2013/10/15 14:40:15 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/15 14:40:15 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/14 09:21:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/14 09:21:29 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/14 09:21:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/14 09:21:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/14 09:21:27 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/10/14 09:21:26 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/14 09:21:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/10/14 09:21:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/10/14 09:21:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/10/14 09:21:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/10/13 11:51:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/13 11:51:06 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/13 11:50:57 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/13 11:50:57 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/13 11:50:57 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/13 11:50:53 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/13 11:50:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/13 11:50:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/13 11:50:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/13 11:50:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/13 11:50:46 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/13 11:50:30 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/01 12:09:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/10/01 12:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/01 12:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/01 12:07:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/01 12:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/01 12:06:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/10/01 08:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2013/10/01 08:50:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG
[2013/10/01 08:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/10/01 08:45:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
========== Files - Modified Within 30 Days ==========
[2013/10/26 00:11:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/26 00:06:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/26 00:02:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1000UA.job
[2013/10/25 23:57:04 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1009UA.job
[2013/10/25 23:44:00 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 23:44:00 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 23:36:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1012UA.job
[2013/10/25 23:34:02 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1004UA.job
[2013/10/25 23:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/25 23:12:59 | 796,790,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 11:57:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1009Core.job
[2013/10/25 10:34:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1004Core.job
[2013/10/23 08:31:02 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 03:01:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1000Core.job
[2013/10/22 22:36:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579285414-3998430583-2402241036-1012Core.job
[2013/10/21 08:12:26 | 000,002,368 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/10/16 01:51:10 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/10/16 01:21:52 | 000,000,543 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2013/10/15 17:08:47 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/15 17:08:47 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/14 09:42:16 | 000,409,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/13 12:11:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/13 12:11:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/10/08 06:46:22 | 000,035,640 | ---- | M] (AVG) -- C:\Windows\System32\uxtuneup.dll
[2013/10/08 06:46:22 | 000,025,400 | ---- | M] (AVG) -- C:\Windows\System32\authuitu.dll
[2013/10/07 14:48:22 | 000,734,918 | ---- | M] () -- C:\Users\Owner\Documents\Honda tow bill 9.28.13.jpg
[2013/10/01 12:08:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/01 11:31:15 | 000,961,683 | ---- | M] () -- C:\Users\Owner\Documents\How Long Does it Take to Make Petrified Wood_ _ LiveScience.pdf
[2013/10/01 08:51:40 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/10/01 08:51:40 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
========== Files Created - No Company Name ==========
[2013/10/16 01:51:10 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/10/16 01:21:52 | 000,000,543 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2013/10/07 14:48:19 | 000,734,918 | ---- | C] () -- C:\Users\Owner\Documents\Honda tow bill 9.28.13.jpg
[2013/10/01 12:08:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/01 11:31:00 | 000,961,683 | ---- | C] () -- C:\Users\Owner\Documents\How Long Does it Take to Make Petrified Wood_ _ LiveScience.pdf
[2013/10/01 08:51:40 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/10/01 08:51:40 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013/10/01 08:51:20 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2012/09/05 02:11:47 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2012/09/05 02:11:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2012/09/05 02:11:41 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2012/09/05 02:11:40 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2012/09/05 02:11:40 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2012/09/05 02:11:39 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2012/09/05 02:11:37 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2012/09/05 02:11:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2012/09/05 02:11:34 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2012/09/05 02:11:33 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2012/09/05 02:11:32 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2012/09/05 02:11:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2012/09/05 02:11:23 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2012/09/05 02:11:19 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2012/07/06 20:22:14 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/03 13:27:49 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/04/02 23:22:19 | 000,000,071 | ---- | C] () -- C:\Windows\ENX430.ini
[2012/03/17 13:16:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/02/07 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/07 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/04/06 15:04:00 | 000,000,000 | ---D | M] -- C:\Users\Djenadi\AppData\Roaming\Charles Schwab
[2012/04/06 15:04:01 | 000,000,000 | ---D | M] -- C:\Users\Djenadi\AppData\Roaming\Epson
[2012/04/06 15:04:05 | 000,000,000 | ---D | M] -- C:\Users\Djenadi\AppData\Roaming\Flip Video
[2013/10/05 17:12:20 | 000,000,000 | ---D | M] -- C:\Users\Djenadi.Owner-PC.002\AppData\Roaming\AVG
[2013/04/06 20:34:27 | 000,000,000 | ---D | M] -- C:\Users\Djenadi.Owner-PC.002\AppData\Roaming\AVG2013
[2013/05/13 19:44:36 | 000,000,000 | ---D | M] -- C:\Users\Djenadi.Owner-PC.002\AppData\Roaming\Epson
[2012/08/07 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\Djenadi.Owner-PC.002\AppData\Roaming\Flip Video
[2012/05/15 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\Djenadi.Owner-PC.002\AppData\Roaming\TomTom
[2013/08/15 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Luke.Owner-PC.000\AppData\Roaming\AVG2013
[2012/04/13 08:37:14 | 000,000,000 | ---D | M] -- C:\Users\Luke.Owner-PC.000\AppData\Roaming\Epson
[2013/10/01 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Mark.Owner-PC\AppData\Roaming\AVG
[2013/04/11 14:39:16 | 000,000,000 | ---D | M] -- C:\Users\Mark.Owner-PC\AppData\Roaming\AVG2013
[2012/04/06 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Mark.Owner-PC\AppData\Roaming\Epson
[2012/07/22 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Mark.Owner-PC\AppData\Roaming\Flip Video
[2013/10/01 08:17:04 | 000,000,000 | ---D | M] -- C:\Users\Mark.Owner-PC\AppData\Roaming\TuneUp Software
[2013/10/01 08:50:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2013/04/03 08:47:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2013/04/29 16:04:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2012/07/06 20:21:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flip Video
[2012/04/02 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/05/18 16:43:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2013/04/02 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2013/10/16 02:05:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
OTL Extras in following reply...
OTL Extras.txt
OTL Extras.txt:
OTL Extras logfile created on: 10/26/2013 12:10:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.18 Mb Total Physical Memory | 420.50 Mb Available Physical Memory | 41.50% Memory free
2.16 Gb Paging File | 0.96 Gb Available in Paging File | 44.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 59.23 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 224.49 Gb Free Space | 75.31% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003085C7-CFA2-48DB-A5A1-3685AFD8FEE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{0157BC29-D552-4363-9574-EFD75EA7C2A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{0ADDFCCB-3AEC-4E71-837E-5F3DC011F839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D1DE511-50E1-4815-8D92-804EBC3D4317}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B0787E1-408A-4A96-87AD-695CB5FC238A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EFB8CA2-FA3A-432B-B9B2-E1781F5CA1A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24B0C303-0790-46B0-9A65-C530FB04B82B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28E8385E-36BA-412F-AE59-5D1011913FBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E3F8A9D-66D4-4B83-A048-C07AFAA2BF68}" = lport=138 | protocol=17 | dir=in | app=system |
"{43365484-49A8-4A54-9CCC-6D8B5FBDFFE9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5414A60C-A8E7-40F8-82D1-A6D798AA6D2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5848487A-6151-42B8-825F-32A8C103C3B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{A610900A-6331-4B9C-97ED-4860A07EDE47}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{AC665FF9-44C2-46B5-A1F2-50D2188AFEAD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B955B9CA-12C7-4CC9-8C69-B9E59EB5A436}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CA2832C8-B85C-4313-A7BE-5EBB0E679A5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD3F98A5-0031-4CFB-BD50-4A1F7D49D22D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D107B730-F81B-461F-8EEC-1D9F9F2C3266}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{D9C92148-F6FA-4BC3-8BD2-8C875871B94C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D9E22BFB-C5C5-4182-8A93-C42E4C30E48E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBE50089-9F60-4396-AFBF-E3683C4EB2DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5C6B080-1D30-4CD7-BE9C-588626803689}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ECCD660A-2192-4186-B9F8-CB410BDF4496}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFC6464A-7D3C-4BDF-B2B6-264ACF5E58AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F76CD3BB-1D47-4E0D-AE9C-50484A5B679C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA01EA4C-4F81-4B7F-A542-775AEA367F8F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060B9E47-18E8-42CC-90B1-D287AD3C7405}" = protocol=17 | dir=in | app=c:\program files\carbonite\carbonite backup\carbonitesetup.exe |
"{2572F9F5-2B87-46D9-8094-28EB5F49B382}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{26F61306-4630-4B0D-810C-492CE2FFBD26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C8C2455-BE9C-4ED7-9D26-A28777A90B2A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{33CB0AA4-25DF-4FEA-B429-DEF8B3CCC665}" = protocol=6 | dir=in | app=c:\program files\carbonite\carbonite backup\carbonitesetup.exe |
"{36F098A7-5D03-4141-A033-9CAE94D459EC}" = protocol=6 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteui.exe |
"{3E2682B3-382F-42AD-AA0D-867453B5A8AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4123758E-455B-47A0-8CB2-DC9C31F58ED9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{41D672BD-BC0A-44EE-AA25-A8685AECF94E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{52C4F351-A88B-4C89-9114-DFC35A51FFA0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{54691B83-F914-4A00-9B17-170983052576}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{59BC17D5-AFEF-4B79-85BD-B5C705F51924}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5CDCAD89-3626-4938-B44B-DA4BF2803DDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A4E4C7-86EA-4114-85D2-E636C16D6C9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{658D7723-F5B8-402E-A43B-EF8C6199A2A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65A23835-64B3-4770-A153-8C67798F83B1}" = protocol=17 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteui.exe |
"{689D8EB7-3A7D-46C9-9925-7FC5D571ADDE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{6C1E35BB-2513-434C-A33A-F286AA75076A}" = protocol=17 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteservice.exe |
"{784C98D5-143D-44B9-AE33-F8A9E4B8ED10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83E5C8DE-3508-40C8-BB01-9E63C5593498}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{876C6671-F09F-4579-A352-A2CA30A05B39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90091825-31DC-44AA-A9DF-D5A53AA54C6E}" = protocol=6 | dir=out | app=system |
"{96918426-7AA2-4D6C-AE5E-831F2EC67C3F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{970EDF7B-163D-4BFC-BBF7-41B9FC624D9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0731D9A-A126-4AAE-B407-EADDAA07105F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{B5A695C2-B24A-4DB9-9409-71A3D83DD573}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{B792FEAE-C3F5-45A2-99BA-CD2F72662136}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{BCE1E22B-EE88-4E51-91F8-F90BCE4C1989}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BF3DB5F5-4C32-46AA-991D-E192298EE6DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1DA2DA3-9DDD-4E20-921D-1E9D91A762A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C42382DE-6E9A-41A4-ABE2-D9432F1EF232}" = protocol=6 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteservice.exe |
"{CB3185D0-5180-4C0F-8808-EC3031E2864B}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{D8723751-07DB-4A7C-BCCC-450A85FC9497}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{DB55A98A-14BF-42DC-9CF4-C44239CBAE43}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{DCFEBEDF-49D3-4E62-AA6F-641A44524802}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1AD518A-DC10-407A-8896-02DFC0D1C701}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E5DCB21E-22E6-4104-8469-12DC03B358BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EB54173A-1CCA-42FC-A5EC-8756A5F7BB3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECA51359-4A14-4E16-A946-2D2FFE4A9054}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{F00BEEB3-4867-49AB-BA62-DC270BDCACA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8066175-B394-407A-BEF1-1AF132494358}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{FC2A5121-7582-4EEC-B57C-E0CAA63476A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{00F11932-3FA9-42F9-8833-EC510430A66F}C:\users\owner\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\utorrent.exe |
"TCP Query User{18B1CE8F-4D31-401A-9120-096B919AC00D}C:\users\public\documents\rsvs_lite\rsvsliteview.exe" = protocol=6 | dir=in | app=c:\users\public\documents\rsvs_lite\rsvsliteview.exe |
"TCP Query User{431E38ED-8F7B-4A3B-85E0-0EC39DBC6879}C:\users\owner\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\utorrent.exe |
"TCP Query User{807F5298-576A-42C5-BB08-8DCB10D1778B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{A40FDADF-1EFF-44B5-9375-D3B121BAA78C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{EF51774B-339A-4A39-96EA-1FC347A8B88D}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{02D658AA-B91E-4EE4-9F1F-3A93F35BCB69}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{2A0248FC-FC14-4C84-8DEC-F7662C487AAC}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{525A7080-E9AC-4CD6-B096-2224585728DC}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{6869DFB5-1434-4385-A36C-CDDE37CD0EFB}C:\users\owner\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\utorrent.exe |
"UDP Query User{A30D61F7-67C2-4A7D-A5D3-C7DF34F54E29}C:\users\public\documents\rsvs_lite\rsvsliteview.exe" = protocol=17 | dir=in | app=c:\users\public\documents\rsvs_lite\rsvsliteview.exe |
"UDP Query User{E68F0A5D-2AD5-4834-92DD-5BBF94B91873}C:\users\owner\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{6280C3D1-00A3-4E79-BDF6-98332A29B706}" = AVG 2013
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD86D42-C4DD-4E40-9211-164DFFBCA4DB}" = AVG PC TuneUp 2014 (en-US)
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"AVG PC TuneUp" = AVG PC TuneUp 2014
"AVG PC TuneUp 2014" = AVG PC TuneUp 2014
"Carbonite Backup" = Carbonite
"EPSON NX430 Series" = EPSON NX430 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Professional 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2579285414-3998430583-2402241036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 10/26/2013 1:03:15 AM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.
< End of report >
Thank you so much!!!
Good Morning,
These are my thoughts
1.
Not really looking at any Malware or viruses
2.
uTorrent" = µTorrent <--If you use File Sharing Programs like this you will eventually infect this computer, the bad guys are in tune to File Sharing and its one of the ways they try to infect you, you should uninstall this program via Programs and Features in the Control Panel
3.
AVG PC Tune Up, its possible that it may have caused some issues especially if it removed registry entries by mistake, been at this stuff for many years and never had any use for any types of programs like this.
4.
Carbonite back up, nice program, dont use it my self but wonder if its using up a lot of system resouces, not sure
5.
This is what I am concerned about
[ System Events ]
Error - 10/26/2013 1:03:15 AM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.
Its possible your file system has gotten corrupt, if it is this opens up another can of worms. Running chkdsk could possibly fix it. But before I link you to another windows forum to help you run this free online virus scanner and lets make sure we didnt miss anything
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Make sure that the option "Remove found threats" is Unchecked Push the Start button. ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. Push the button. Push Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
No threats found on eset scanner.
I ran the ESET scan. I finished with "no threats found." So, there was no "back" button, and there was no option for finding any kind of log.
Thanks.
Things running any better ?
It does seem to be at least somewhat better.
Haven't used it enough yet to really know. I'll try later to use it (I'm on my laptop now). But it does seem to be faster loading up the browser. I'll let you know soon. Thank you.
Tags for this Thread
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules