Cass1 Posted October 10, 2013 Report Share Posted October 10, 2013 I hope you can help. My husband's older Dell desktop running WindowsXP is extremely slow and seems overtaxed if more than one window is open at once. This has been going on for some time and it is so bad that we just don't use this computer anymore. I'd like to try to get it in running order again and would appreciate some help. Link to post Share on other sites
flashh4 Posted October 10, 2013 Report Share Posted October 10, 2013 Hi Cassi, and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ===================================AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished... *This time, click on the Clean button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !!NEXTMALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.Please don't attach the scans / logs, use "copy/paste". please post those logs. thanksChuck Link to post Share on other sites
Cass1 Posted October 10, 2013 Author Report Share Posted October 10, 2013 Thanks, Chuck. Here are the results of the AdwCleaner scan. Do I go straight into the next step, or do I need to wait until you give the "all clear"? # AdwCleaner v3.007 - Report created 10/10/2013 at 09:55:23# Updated 09/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Max - HAL2# Running from : C:\Documents and Settings\Max\Desktop\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Documents and Settings\Max\Application Data\SystweakFile Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\bcysvan8.default\.autoreg***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}***** [ Browsers ] *****-\\ Internet Explorer v8.0.6001.18702-\\ Mozilla Firefox v8.0 (en-US)[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\bcysvan8.default\prefs.js ][ File : C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\prefs.js ]-\\ Google Chrome v30.0.1599.69[ File : C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [2859 octets] - [10/10/2013 09:51:08]AdwCleaner[s0].txt - [2818 octets] - [10/10/2013 09:55:23]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2878 octets] ########## Link to post Share on other sites
flashh4 Posted October 10, 2013 Report Share Posted October 10, 2013 Cassi, thanks for the log, just go threw it all & post 1 tool before going to the next ! After i get all 3 logs i will look them over & have another fix for you !! So stay with me until i give you the "all clean speech" !! Chuck Link to post Share on other sites
Cass1 Posted October 10, 2013 Author Report Share Posted October 10, 2013 Ok, sounds good Chuck. Here is the log from Junk Removal Tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.4 (10.06.2013:1)OS: Microsoft Windows XP x86Ran by Max on Thu 10/10/2013 at 10:10:27.62~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL~~~ Registry Keys~~~ Files~~~ Folders~~~ FireFoxSuccessfully deleted the following from C:\Documents and Settings\Max\Application Data\mozilla\firefox\profiles\kuv2ofwc.default\prefs.jsuser_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 10/10/2013 at 10:18:57.57End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
Cass1 Posted October 10, 2013 Author Report Share Posted October 10, 2013 Here is the Malwarebytes log. I will be back later this evening to check in for more instructions. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.10.10.05Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Max :: HAL2 [administrator]10/10/2013 10:57:48 AMmbam-log-2013-10-10 (10-57-48).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 246554Time elapsed: 22 minute(s), 19 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites
flashh4 Posted October 10, 2013 Report Share Posted October 10, 2013 Cassi, we are not finding much other than a little junk. Lets see what is down deep !! Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply.NEXTTHIS IS FOR USERS WHO CAN NOT GET EXE. TO RUNIn addition, for users that cannot run executables. You can now download OTL either as a .com, or a .scr file.Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.Links:http://oldtimer.geekstogo.com/OTL.comhttp://oldtimer.geekstogo.com/OTL.scr................................................Vista and Windows 7 users:These tools MUST be run from the executable. (.exe) every time you run themwith Admin Rights (Right click, choose "Run as Administrator")+++++++++++++++++Download OldTimer to your desk top !If you already have a copy of OTL delete it and use this version.(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following. o Scan all users. o Standard Output. o Lop check. o Purity check.* Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs. o OTL.txt (open on your desktop). o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.*This may have to be broken into more than one post ! ThanksChuck Do not worry about removing the tools/programs, we will do this after we make sure we don't need them to run a second time !! Link to post Share on other sites
Cass1 Posted October 11, 2013 Author Report Share Posted October 11, 2013 Security Check log: Results of screen317's Security Check version 0.99.74 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 11.1.102.55 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 8.0 Firefox out of Date! Google Chrome 29.0.1547.76 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 10%````````````````````End of Log`````````````````````` Link to post Share on other sites
Cass1 Posted October 11, 2013 Author Report Share Posted October 11, 2013 Old Timer log: OTL logfile created on: 10/10/2013 10:48:25 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.01 Mb Total Physical Memory | 39.89 Mb Available Physical Memory | 15.64% Memory free621.67 Mb Paging File | 273.44 Mb Available in Paging File | 43.99% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.50 Gb Total Space | 53.32 Gb Free Space | 71.57% Space Free | Partition Type: NTFS Computer Name: HAL2 | User Name: Max | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/10/10 22:45:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\My Documents\Downloads\OTL.exePRC - [2011/11/05 00:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010/09/13 12:19:30 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exePRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2002/06/12 10:46:04 | 000,025,088 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exePRC - [2001/09/17 11:48:42 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exePRC - [2001/09/05 12:28:40 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exePRC - [2001/07/31 22:26:52 | 000,073,728 | ---- | M] () -- C:\Program Files\Netropa\Traymon.exe ========== Modules (No Company Name) ========== MOD - [2011/11/05 00:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dllMOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\SYSTEM32\cpwmon2k.dllMOD - [2001/07/31 22:26:52 | 000,073,728 | ---- | M] () -- C:\Program Files\Netropa\Traymon.exeMOD - [2000/06/08 08:09:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msiosd32.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)SRV - [2010/09/13 12:19:30 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)SRV - [2001/08/10 12:14:14 | 000,192,512 | ---- | M] (Roxio Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ImapiRox.exe -- (ImapiService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)DRV - [2008/06/11 22:51:42 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)DRV - [2008/04/13 12:41:21 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\memstpci.sys -- (MemStPCI)DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BANTExt.sys -- (BANTExt)DRV - [2007/08/26 13:38:26 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)DRV - [2007/05/14 08:36:30 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)DRV - [2007/01/05 15:51:40 | 000,022,184 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmn0400.sys -- (grmn0400)DRV - [2007/01/05 15:51:36 | 000,023,208 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmn0200.sys -- (grmn0200)DRV - [2005/03/31 18:41:26 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)DRV - [2003/10/22 20:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)DRV - [2002/06/12 10:46:06 | 000,284,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k)DRV - [2002/06/12 10:46:06 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman)DRV - [2002/06/12 10:46:04 | 000,007,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1)DRV - [2001/12/04 10:26:04 | 000,032,256 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DM9PCI5.SYS -- (DM9102)DRV - [2001/09/19 09:41:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.sys -- (LMouFlt2)DRV - [2001/09/19 09:41:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.sys -- (LHidFlt2)DRV - [2001/09/19 09:41:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2)DRV - [2001/09/10 09:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)DRV - [2001/09/04 15:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)DRV - [2001/09/04 14:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)DRV - [2001/09/04 14:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)DRV - [2001/09/04 14:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)DRV - [2001/08/17 14:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)DRV - [2001/08/17 12:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPT3XX.SYS -- (hpt3xx)DRV - [2001/08/17 12:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)DRV - [2001/07/25 10:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys -- (winachsf)DRV - [2001/07/18 12:07:00 | 000,080,449 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\spkpnt.sys -- (SpeakerPhone)DRV - [2001/07/18 12:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys -- (K56)DRV - [2001/07/18 12:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys -- (Fsks)DRV - [2001/07/18 12:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys -- (SoftFax)DRV - [2001/07/18 12:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys -- (Tones)DRV - [2001/07/18 12:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys -- (Fallback)DRV - [2001/07/18 12:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys -- (basic2)DRV - [2001/07/18 12:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys -- (Rksample)DRV - [2001/07/18 12:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys -- (V124)DRV - [2001/06/20 16:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)DRV - [2000/05/27 04:37:48 | 000,028,224 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SonyPVM1.sys -- (SONYPVM1)DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKLM\..\URLSearchHook: {EA197903-5454-DCA0-1431-906504E5199D} - SOFTWARE\Classes\CLSID\{EA197903-5454-DCA0-1431-906504E5199D}\InprocServer32 File not foundIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.comIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.comIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLCIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.comIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-240772092-972506294-598665437-1006\..\SearchScopes\{0048250F-E476-4BED-9722-1CECF50B54C0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLC_enIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/searchIE - HKU\S-1-5-21-240772092-972506294-598665437-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ffFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\FirefoxFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/21 11:51:22 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/10 07:27:37 | 000,000,000 | ---D | M] [2009/01/28 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Extensions[2012/07/25 12:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions[2010/09/16 13:43:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/10/18 18:13:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/01/31 13:18:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected][2012/07/25 12:20:43 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi[2012/04/21 11:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2008/04/03 10:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2011/07/27 00:41:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://www.google.comCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - Extension: Docs = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\CHR - Extension: Google Drive = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\CHR - Extension: YouTube = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not foundO2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.O2 - BHO: (Reg Error: Value error.) - {EA197903-5454-DCA0-1431-906504E5199D} - Reg Error: Value error. File not foundO3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-240772092-972506294-598665437-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE (Creative Technology Ltd)O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)O4 - HKLM..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe (Microsoft Corporation)O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe (HP)O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not foundO4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not foundO4 - HKU\S-1-5-21-240772092-972506294-598665437-1006..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not foundO4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]O7 - HKU\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class)O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} https://www.webiqonline.com/WebIQ/bin/WebIQ.cab (WebIQ Technology Client)O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150/15c54463794443571916/netzip/RdxIE601.cab (RdxIE Class)O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar.google.com/data/en/deleon/1.1.56-deleon/GoogleNav.cab (Reg Error: Key error.)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261184016578 (MUWebControl Class)O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.napster.com/client/isetup.cab (InstallShield International Setup Player)O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.6433101852 (Reg Error: Key error.)O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D9DFA5-AE70-436D-8073-7A5C4BF99C89}: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2001/11/15 06:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{aa222bf9-ec3d-11de-a5be-0008a1160b30}\Shell - "" = AutoRunO33 - MountPoints2\{aa222bf9-ec3d-11de-a5be-0008a1160b30}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{aa222bf9-ec3d-11de-a5be-0008a1160b30}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO33 - MountPoints2\{c04b7fdd-8fcb-11de-a5af-0008a1160b30}\Shell - "" = AutoRunO33 - MountPoints2\{c04b7fdd-8fcb-11de-a5af-0008a1160b30}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{c04b7fdd-8fcb-11de-a5af-0008a1160b30}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/10/10 10:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/10/10 10:53:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2013/10/10 10:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2013/10/10 10:10:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2013/10/10 10:06:18 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\Max\Desktop\JRT.exe[2013/10/10 09:51:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/10/09 04:09:51 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys[2013/10/09 04:09:51 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys[2013/10/09 04:09:50 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys[2013/10/09 04:09:50 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys[2013/10/09 04:09:50 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys[2013/10/09 04:09:50 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys[2011/12/13 16:33:52 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup313.exe[2010/02/14 20:17:09 | 000,033,792 | ---- | C] (Stirling) -- C:\Program Files\_ISREG32.DLL[2009/12/18 14:20:49 | 003,326,576 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup226.exe[2009/08/29 17:54:49 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe[2009/07/26 14:28:49 | 003,530,240 | ---- | C] (Acro Software Inc. ) -- C:\Program Files\CuteWriter.exe[2009/01/28 17:18:34 | 007,518,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.5.exe[2008/10/14 19:01:01 | 027,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe[2008/06/11 22:46:13 | 000,382,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe[2008/06/11 21:01:49 | 002,897,456 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup207.exe[2008/06/08 01:54:40 | 007,155,198 | ---- | C] (Systweak Inc. ) -- C:\Program Files\advanced system optimizer.exe[2008/06/08 01:15:45 | 002,633,568 | ---- | C] (Sammsoft ) -- C:\Program Files\advanced registry optimizer 5.exe[2002/12/19 17:47:08 | 000,250,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\BlackorDark.exe[2002/12/19 17:44:34 | 000,169,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\work.exe[2002/12/19 17:41:39 | 000,327,368 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Blue.exe[2002/12/19 17:33:12 | 000,265,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gray.exe[2002/09/18 15:59:02 | 008,981,440 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\ar505enu.exe[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/10 22:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2013/10/10 18:33:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2013/10/10 10:53:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2013/10/10 10:30:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL[2013/10/10 10:30:15 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI[2013/10/10 10:30:08 | 000,000,318 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI[2013/10/10 10:29:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT[2013/10/10 10:06:24 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\Max\Desktop\JRT.exe[2013/10/10 09:50:14 | 001,048,960 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\adwcleaner.exe[2013/10/10 04:06:14 | 000,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2013/10/10 03:48:46 | 000,517,356 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT[2013/10/10 03:48:46 | 000,094,446 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT[2013/10/10 03:42:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2013/10/04 10:49:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe[2013/09/23 12:33:58 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll[2013/09/23 12:33:58 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll[2013/09/23 12:33:58 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll[2013/09/23 12:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll[2013/09/23 12:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll[2013/09/23 12:33:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll[2013/09/23 12:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll[2013/09/23 12:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll[2013/09/23 12:33:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll[2013/09/23 12:33:57 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll[2013/09/23 12:33:57 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll[2013/09/23 12:33:57 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll[2013/09/23 12:33:57 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl[2013/09/23 12:33:57 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl[2013/09/23 12:33:57 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll[2013/09/23 12:33:57 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll[2013/09/23 12:33:57 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll[2013/09/23 12:33:57 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll[2013/09/23 12:33:57 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll[2013/09/23 12:33:57 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll[2013/09/23 12:33:57 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll[2013/09/23 12:33:57 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll[2013/09/23 12:33:57 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll[2013/09/23 12:33:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll[2013/09/23 12:33:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll[2013/09/23 12:33:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll[2013/09/23 12:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll[2013/09/23 12:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll[2013/09/23 12:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll[2013/09/23 12:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll[2013/09/23 12:06:48 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/10 10:53:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2013/10/10 09:50:03 | 001,048,960 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\adwcleaner.exe[2012/02/16 11:43:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2010/02/14 20:17:04 | 000,000,181 | ---- | C] () -- C:\Program Files\risklvls.dat[2010/02/14 20:16:56 | 000,701,952 | ---- | C] () -- C:\Program Files\Opsplan.exe[2010/02/14 20:16:53 | 000,263,110 | ---- | C] () -- C:\Program Files\opsphoto.bmp[2010/02/14 20:16:53 | 000,001,121 | ---- | C] () -- C:\Program Files\infogrps.dat[2010/02/14 20:16:52 | 000,001,466 | ---- | C] () -- C:\Program Files\DeIsL1.isu[2009/08/27 13:23:37 | 155,255,392 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe[2008/10/16 13:00:47 | 019,153,264 | ---- | C] () -- C:\Program Files\aaw2008.exe[2008/04/20 14:38:50 | 019,871,600 | ---- | C] () -- C:\Program Files\aaw2007.exe[2006/11/18 15:40:16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache[2004/12/18 21:28:00 | 010,645,690 | ---- | C] () -- C:\Program Files\avg70free_296a409.exe[2002/06/06 17:37:13 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/09/13 01:32:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== LOP Check ========== [2011/07/27 17:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10[2011/07/27 00:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9[2011/06/21 00:22:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2002/05/16 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JASC[2011/07/27 17:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData[2004/04/20 13:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster[2002/05/24 09:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT[2003/07/02 09:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft[2007/11/22 11:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2004/07/01 09:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\alta[2011/07/27 04:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG10[2012/12/16 15:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Canon[2007/08/15 11:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\GARMIN[2002/12/19 14:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Goodsol[2005/06/03 20:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Keyhole[2007/12/02 14:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Leadertech[2006/02/11 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\MSNInstaller[2009/08/27 13:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\OpenOffice.org[2008/06/08 01:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Sammsoft[2009/07/03 14:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\VERITAS ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1< End of report > Extras log: OTL Extras logfile created on: 10/10/2013 10:48:25 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.01 Mb Total Physical Memory | 39.89 Mb Available Physical Memory | 15.64% Memory free621.67 Mb Paging File | 273.44 Mb Available in Paging File | 43.99% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.50 Gb Total Space | 53.32 Gb Free Space | 71.57% Space Free | Partition Type: NTFS Computer Name: HAL2 | User Name: Max | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.).inf [@ = inffile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-240772092-972506294-598665437-1006\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [edit] -- Reg Error: Key error.batfile [open] -- "%1" %*batfile [print] -- Reg Error: Key error.cmdfile [edit] -- Reg Error: Key error.cmdfile [open] -- "%1" %*cmdfile [print] -- Reg Error: Key error.comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [open] -- Reg Error: Key error.inffile [print] -- Reg Error: Key error.inifile [print] -- Reg Error: Key error.jsfile [edit] -- Reg Error: Key error.jsfile [print] -- Reg Error: Key error.jsefile [edit] -- Reg Error: Key error.jsefile [print] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [edit] -- Reg Error: Key error.regfile [merge] -- Reg Error: Key error.regfile [print] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.txtfile [print] -- Reg Error: Key error.txtfile [printto] -- Reg Error: Key error.vbefile [edit] -- Reg Error: Key error.vbefile [print] -- Reg Error: Key error.vbsfile [edit] -- Reg Error: Key error.vbsfile [print] -- Reg Error: Key error.wsffile [edit] -- Reg Error: Key error.wsffile [print] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{280C7673-2DF8-4E74-B031-D8F108BE2A6D}" = PRO200WL"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Sonic Simple Backup"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}" = Digital Voice Recorder"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = Sonic RecordNow DX"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{95D885F5-B696-11D5-9D1D-0050DAB14E03}" = Shockwave Player"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word"{C7CE1A24-E4BF-47F6-AB24-8DC9FC7ECEE9}" = PC Camer@C"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F3B76517-C1BC-40A7-814C-4C0A87E7D9DF}" = Garmin MapSource"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard"3-D TopoQuads" = 3-D TopoQuads"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player"Avery Wizard 2.1 MSW2000" = Avery Wizard 2.1 for Microsoft® Word 2000"Belarc Advisor" = Belarc Advisor 8.1"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0"CCleaner" = CCleaner"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem"CutePDF Writer Installation" = CutePDF Writer 2.7"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility"Google Chrome" = Google Chrome"hp deskjet 940c series" = hp deskjet 940c series (Remove only)"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"InstallShield_{C7CE1A24-E4BF-47F6-AB24-8DC9FC7ECEE9}" = PC Camer@C"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers"Ops Planner 99" = Ops Planner 99"Pretty Good Solitaire 500_is1" = Pretty Good Solitaire 500 version 8.1.1"Sound Blaster Live! Value" = Sound Blaster Live! Value"The Weather Channel" = The Weather Channel"WebIQ" = WebIQ Client Software"WIC" = Windows Imaging Component"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Works2002Setup" = Microsoft Works 2002 Setup Launcher"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 7/13/2012 11:49:11 AM | Computer Name = HAL2 | Source = Application Hang | ID = 1002Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang modulehungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/13/2012 12:06:06 PM | Computer Name = HAL2 | Source = Microsoft Office 10 | ID = 2001Description = Rejected Safe Mode action : Microsoft Word. Error - 7/16/2012 12:40:44 AM | Computer Name = HAL2 | Source = Application Hang | ID = 1002Description = Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/22/2012 9:23:30 AM | Computer Name = HAL2 | Source = Application Error | ID = 1000Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module comctl32.dll, version 6.0.2900.6028, fault address 0x0007475b. Error - 7/22/2012 9:23:42 AM | Computer Name = HAL2 | Source = Application Error | ID = 1000Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 7/24/2012 10:03:05 PM | Computer Name = HAL2 | Source = Application Hang | ID = 1002Description = Hanging application AcroRd32.exe, version 10.1.3.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/28/2012 5:55:53 PM | Computer Name = HAL2 | Source = Application Hang | ID = 1002Description = Hanging application MSPUB.EXE, version 6.0.1.427, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/27/2013 11:11:08 PM | Computer Name = HAL2 | Source = .NET Runtime Optimization Service | ID = 1103Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 5/16/2013 5:46:58 AM | Computer Name = HAL2 | Source = .NET Runtime Optimization Service | ID = 1103Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 10/10/2013 6:08:24 AM | Computer Name = HAL2 | Source = .NET Runtime Optimization Service | ID = 1103Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown < End of report > Link to post Share on other sites
flashh4 Posted October 11, 2013 Report Share Posted October 11, 2013 Cassi lets continue with some more cleaning ! We need to Run an OTL fix !! * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . Do not include the word Code:OTLDRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)IE - HKLM\..\URLSearchHook: {EA197903-5454-DCA0-1431-906504E5199D} - SOFTWARE\Classes\CLSID\{EA197903-5454-DCA0-1431-906504E5199D}\InprocServer32 File not foundIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLCIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLCIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =FF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll File not foundFF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not foundFF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found[2012/07/25 12:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions[2012/07/25 12:20:43 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi[2012/04/21 11:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensionsO2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.O2 - BHO: (Reg Error: Value error.) - {EA197903-5454-DCA0-1431-906504E5199D} - Reg Error: Value error. File not foundO3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-240772092-972506294-598665437-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not foundO4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not foundO4 - HKU\S-1-5-21-240772092-972506294-598665437-1006..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection. Please post that log next !! ThanksChuck Link to post Share on other sites
Cass1 Posted October 11, 2013 Author Report Share Posted October 11, 2013 Here is the latest log: All processes killed========== OTL ==========Service WDICA stopped successfully!Service WDICA deleted successfully!Service PDRFRAME stopped successfully!Service PDRFRAME deleted successfully!Service PDRELI stopped successfully!Service PDRELI deleted successfully!Service PDFRAME stopped successfully!Service PDFRAME deleted successfully!Service PDCOMP stopped successfully!Service PDCOMP deleted successfully!Service PCIDump stopped successfully!Service PCIDump deleted successfully!Service lbrtfdc stopped successfully!Service lbrtfdc deleted successfully!Service Changer stopped successfully!Service Changer deleted successfully!Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EA197903-5454-DCA0-1431-906504E5199D} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA197903-5454-DCA0-1431-906504E5199D}\ deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected]\platform\WINNT_x86-msvc folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected]\platform folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected]\META-INF folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected]\components folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\[email protected] folder moved successfully.C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions folder moved successfully.File C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\kuv2ofwc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\tb-amulet-of-protection\content folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\tb-amulet-of-protection folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib\google3 folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib\firefox folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak\skin folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak\locale\en folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak\locale folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak\content folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak\components folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak folder moved successfully.C:\Program Files\Mozilla Firefox\extensions folder moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA197903-5454-DCA0-1431-906504E5199D}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA197903-5454-DCA0-1431-906504E5199D}\ not found.Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.Registry value HKEY_USERS\S-1-5-21-240772092-972506294-598665437-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.Registry value HKEY_USERS\S-1-5-21-240772092-972506294-598665437-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection deleted successfully.========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User User: LocalService User: Max->Java cache emptied: 0 bytes User: NetworkService User: Owner Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User->Flash cache emptied: 41 bytes User: LocalService User: Max->Flash cache emptied: 628 bytes User: NetworkService User: Owner Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator->Temp folder emptied: 6060583 bytes->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User->Temp folder emptied: 6070311 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 0 bytes User: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 161246 bytes->FireFox cache emptied: 3663333 bytes User: Max->Temp folder emptied: 55624109 bytes->Temporary Internet Files folder emptied: 264375 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 119101461 bytes->Google Chrome cache emptied: 6116226 bytes->Flash cache emptied: 0 bytes User: NetworkService->Temp folder emptied: 11096 bytes->Temporary Internet Files folder emptied: 248093 bytes User: Owner->Temp folder emptied: 6060583 bytes->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 19569 bytes%systemroot%\System32 .tmp files removed: 35345 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 11248156 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 918145902 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytesRecycleBin emptied: 14360827 bytes Total Files Cleaned = 1,094.00 mb HOSTS file reset successfullyRestore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 10112013_090709Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites
flashh4 Posted October 11, 2013 Report Share Posted October 11, 2013 Cassi, very good ! Clean up with OTL Right-click OTL.exe and select " Run as administrator " to run it. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer.You can now delete any tools we used if they remain on your Desktop. ===================== Ok one last tool/program !! ESET online scannner >>> http://www.eset.com/onlinescan/Note: You can use either Internet Explorer or Mozilla FireFox for this scan. 1. Firstly please Disable any Antivirus you have active , as shown in This topic. 2. Note: Don't forget to re-enable it after the scan. 3. Next please click on the following link to open a new window to ESET online scannnerhttp://www.eset.com/us/online-scanner/features 4. Then click on: Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. 5. Select the option YES, I accept the Terms of Use then click on: 6. When prompted allow the Add-On/Active X to install. 7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. 8. Now click on Advanced Settings and select the following: * Scan for potentially unwanted applications * Scan for potentially unsafe applications * Enable Anti-Stealth Technology 9. Now click on: 10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. 11. When completed the Online Scan will begin automatically. 12. Do not touch either the mouse or keyboard during the scan otherwise it may stall. 13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! 14. Now click on: 15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. or may be ESETSmartInstaller@High as CAB hook log: 16. Copy and paste that log as a reply to this topic. How's it running ?? It may be a little slow until after a few reboots !!Do you know your internet speed ? ThanksChuck Link to post Share on other sites
Cass1 Posted October 11, 2013 Author Report Share Posted October 11, 2013 Thanks, Chuck. It is running nicely, though not as quickly as it has in the past. We'll see how it continues to improve. The eset scan is still going. I'm not sure what our Internet speed is, we just have probably the slowest plan our cable provider offers. I will have to let the scan continue and check on it when I get back from work in the morning. Again, thank you! Cassi Link to post Share on other sites
flashh4 Posted October 11, 2013 Report Share Posted October 11, 2013 Cassi, yes it takes a while to run because it checks everything in computer ! So let it run !! The slowness could very possibly be how fast your internet is !!You can check your speed here >>> http://reviews.cnet.com/internet-speed-test/ It should be running smother but it may not run faster ! You could check to see if you have any open rams spots to add more ram which would make it run so much faster. Here is a few programs that will also speed up a computer !!A1...Codestuff Starter http://www.snapfiles.com/get/starter.htmlStarter is a startup manager, that allows you to view and manage allthe programs that are startingautomatically whenever Windows boots. It lists all the hidden registry entries, as well as the common Startup Folder items as well. You can choose to safely disable selected entries, edit them or delete them altogether (if you know what you are doing). Expert users can even add their own entries.A2...Startup Delayer http://www.snapfiles.com/get/startdelay.htmlStartup Delayer allows you to specify which programs to start first and which ones to delay. You can set a custom delay for each one, even drag the visual display graph which shows you exactly how your programs are starting and allows you to easily modify the order or adjust delay times.A3...Mike Lin's Startup Control Panel Startup Control Panel is a nifty control panel applet that allows you to easily configure which programs run when your computer starts. It is simple to use , very small and won't burden your system. http://www.snapfiles.com/get/startupcpl.html These are some good programs,i don't use them but they do help i have been told ! Chuck Link to post Share on other sites
Cass1 Posted October 12, 2013 Author Report Share Posted October 12, 2013 Ok, Chuck. The eset scanner has completed. The only thing it found was cute pdf writer. I thought I copied the log, but when I attempted to paste it, it was not there. Things are running so much better now. I can quickly open multiple windows, whereas before it would freeze up and take 15 minutes+ to open just one extra window. And forget about opening multiple programs, it would just die. Yes, we looked into installing more RAM, but this is one of those rare systems where the only source for the RAM is Dell, and it's prohibitively expensive. So I think we will get the important stuff off this system, and use it only for surfing the web for now. It will be good to be able to use it again! Link to post Share on other sites
flashh4 Posted October 12, 2013 Report Share Posted October 12, 2013 Thats great Cassi that we got it to running a lot better !! Thats ok about the ESET log, if it didn't find anything then we are good to go ! I know you may have some of these installed, this is just my standard all clean speech ! If you find anything that looks like it might help you feel free to use it/them !!Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.Here are some tips to reduce the potential for spyware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps: * Open Internet Explorer * Click on Tools > Internet Options * Press Security tab * Select Internet zone then place check next to Enable Protected Mode if not already done * Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply * Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/I use & like FireFox !!3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:Online Armor Free Online Armor FreeAgnitum Outpost Firewall Free Agnitum Outpost Firewall5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6. Consider a custom hosts file such as MVPS HOSTS This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file. 7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-downloadYou are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/ Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.To insure better safety, these are a must have:Rule #1 ........ Good AntivirusRule #2 ........ Good FirewallRule #3 ........ Good Router is Great ! (optional but best)Happy surfing and Stay CleanChuck Let me know if you have read this & if i have helped you and i will lock this after 5 days. If you need it re-opened just PM me or another Mod ! Link to post Share on other sites
Cass1 Posted October 13, 2013 Author Report Share Posted October 13, 2013 Chuck, I read your post above and cannot thank you enough. Things are running SO much better now! I may get with you in a few weeks about an old laptop we have. It's basically unusable also. It would be great to get it cleaned up and running again! Thank you again, Chuck! Cassi Link to post Share on other sites
flashh4 Posted October 13, 2013 Report Share Posted October 13, 2013 Cassi, your welcome !! I would be glad to assist you in cleaning that other computer ! When you are ready just start another topic !If you see our add in the want ads please acknowledge our assistance, it's good "pr" for BestTechie !! ThanksChuck I will lock this in 5 days !! Link to post Share on other sites
flashh4 Posted October 18, 2013 Report Share Posted October 18, 2013 Locking this, mission accomplished .....clean !!If you need this re-opened please PM me or another Mod !! ThanksChuck Link to post Share on other sites
Recommended Posts