Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer much slower than usual, almost unusable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 25th, 2015, 12:21 pm

Hello Ratagin,

A. Yes I had one problem; I was not able to install google chrome. I completed steps 1-5, but when I tried to install google chrome I got a "Installation Failed. The Google Chrome installer failed to start." error. I found this: https://www.youtube.com/watch?v=1PEGmk5hlTY . Should I delete the google registry keys so I can reinstall chrome?
Deleting the registry keys by instructions from youTube is not a good practice - it is a good chance to destroy your computer! The problem with Google Chrome installation is separate issue and it is not related to any malware legacy - we will return to it later...

D. In general my computer is operating slowly. I noticed it after originally backing up and creating a restore point. My recovery drive (D:) is completely full (8MB free of 14.6GB). Could this be slowing down my computer? My C: still has 6.51GB/218GB free.
In the normal situation the ratio between the total size of the disk and its occupied part should not exceed 10:1 - it means that when the free space is less than 10% it is possible reason to slow down the computer operations.

C: is FIXED (NTFS) - 218 GiB total, 8.302 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.537 GiB free.
It was the view on your hard drives at the moment of your first post here. The drive C: had 3.8% of free space and now it has even less - 2.9%. Your computer has one physical hard drive with size of 250 GB. Usually, the recovery drive is the hidden passive partition stored the set of data required for system recovery to the "Factory default" level. The recovery partition does not use by the user but in the conditions of limited space the system can use it by itself. Lets clean a little your main disk - please run the following:

OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

C. will come next post as explained above in A.
There is no connection between first 6 steps and step 7. Please run now the fresh OTL scan and post the result. Then I could give you next set of steps to do... :D

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL fresh scan
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 26th, 2015, 1:12 am

Hello!

A. No Problems
B.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 3686833 bytes
->Temporary Internet Files folder emptied: 1878225 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46522870 bytes
->Flash cache emptied: 660 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1366381 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 12902778 bytes

Total Files Cleaned = 63.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05252015_172209

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C. Can't tell yet :)

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 26th, 2015, 10:47 am

Hello Ratagin,

There is no connection between first 6 steps and step 7. Please run now the fresh OTL scan and post the result. Then I could give you next set of steps to do...
It looks like you skipped my request to run the fresh OTL scan - please do it now:

Step 1.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Then:
Could you please list here all Backup programs installed on your computer?
I need to understand which Backup systems you are using now, which of them you installed by yourself, and where your backup-ed data is kept (on the same hard drive or on external one).

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL fresh scan
  3. Answer for my question related to backups.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 26th, 2015, 2:09 pm

Hello,

A. No problems executing instructions.
B. See below. I didn't include the extras.txt, as I was not explicitly asked to. I can do that if necessary.
C. The backup I used at the at the beginning of this thread (May 21st) was directly linked forum in the instructions on backing up data: http://windows.microsoft.com/en-us/wind ... dows-vista Typically I just use dropbox and copy to flash drives/work computer any extremely important data. I plan in the next few weeks on getting an external hard drive.
D. Again, I haven't been using the computer extensively since beginning this troubleshooting help with you guys. Seems a bit faster than when we started on May 21st.

-Ratagin

OTL logfile created on: 5/26/2015 1:08:22 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 39.64% Memory free
7.12 Gb Paging File | 5.13 Gb Available in Paging File | 71.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 3.97 Gb Free Space | 1.82% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 0.01 Gb Free Space | 0.05% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/05/21 22:36:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2015/04/09 11:16:29 | 005,512,912 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/04/09 11:16:21 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/03 14:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/27 14:05:00 | 000,285,424 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/09 12:49:50 | 002,960,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/05 01:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/15 00:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2015/05/16 04:57:55 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\9ae8787cf9c9340184207c108026aceb\System.Web.ni.dll
MOD - [2015/04/15 19:14:13 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9ed54bd36f7a81d4731bb89a68d2331d\System.Runtime.Remoting.ni.dll
MOD - [2015/04/09 11:16:41 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/04/09 11:16:26 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/04/09 11:16:23 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2014/10/15 23:30:23 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a224433c0fb9281862f36823e86822fc\System.Xml.ni.dll
MOD - [2014/10/15 23:24:31 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf2c94955471d68d3708b1fbf613ae46\System.ni.dll
MOD - [2014/09/10 20:12:22 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2014/02/12 12:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 12:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/27 14:05:00 | 000,065,264 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
MOD - [2013/08/27 14:04:42 | 000,070,896 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/06/18 11:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/22 06:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2015/05/25 16:42:27 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/04/15 11:50:26 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/04/09 11:16:21 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/04/09 11:16:01 | 003,205,216 | ---- | M] (Avast Software) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2015/02/18 11:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/03 14:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/05/20 15:14:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/05/20 15:13:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/20 15:13:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/04/21 04:09:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk60x86.dll -- (yksvc)
SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\SftService.exe -- (SftService)
SRV - [2009/02/05 01:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Matt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aopvpsch)
DRV - [2015/04/14 09:37:50 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/04/14 09:37:42 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/04/09 11:16:48 | 000,208,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/04/09 11:16:48 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/04/09 11:16:47 | 000,427,736 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2015/04/09 11:16:47 | 000,073,440 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/04/09 11:16:47 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/04/09 11:16:47 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/04/09 11:16:46 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/04/09 11:16:11 | 000,788,272 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/04/09 11:16:01 | 000,220,240 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2015/02/09 02:40:42 | 000,035,144 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswTap.sys -- (aswTap)
DRV - [2012/04/17 08:25:02 | 000,027,080 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2010/07/02 17:22:15 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/19 17:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/12/30 22:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\SearchScopes\{B2FF4056-06AE-4490-86BC-CF3B31A3447D}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/09 11:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/05/25 16:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/05/25 16:41:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Matt\AppData\Roaming\Move Networks [2009/11/08 20:40:43 | 000,000,000 | ---D | M]

[2010/01/29 17:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2015/05/24 14:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\xossqs3u.default-1432488045684\extensions
[2015/05/25 16:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/05/25 16:42:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/09/20 23:50:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-245273635-629929200-1524352486-1000..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A414F2D-7DF2-4AE0-A070-24B0B179E9CB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07D3217-8717-4CCB-9A0A-20CC1ED7A59E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: ("ﲀ׬Ұ")
O34 - HKLM BootExecute: (@)
O34 - HKLM BootExecute: ("SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\inkscape.exe")
O34 - HKLM BootExecute: (\)
O34 - HKLM BootExecute: ("ጔ楉׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("槡׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("ጭ橹׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("欑׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("殩׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("፷汁׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("泙׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("浱׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("ጬ渉׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("溡׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: ("Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/05/25 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/05/25 16:28:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C6B93C2C-1492-451D-A0D9-56AB8B0BBB19}
[2015/05/24 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Google
[2015/05/24 17:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2015/05/24 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Old Firefox Data
[2015/05/23 18:42:55 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/05/23 18:42:07 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/05/23 18:42:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/05/23 18:42:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/05/23 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/05/23 18:37:07 | 021,546,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-2.1.6.1022.exe
[2015/05/22 20:36:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/05/21 22:36:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2015/05/21 22:25:40 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2015/05/21 22:16:11 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/05/21 22:12:54 | 002,720,009 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2015/05/21 21:41:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/05/19 20:13:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2015/05/14 20:12:17 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/05/14 20:12:17 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015/05/14 20:12:17 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015/05/14 20:12:17 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015/05/14 20:12:17 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015/05/14 20:12:17 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015/05/14 20:12:16 | 002,065,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/05/14 20:12:16 | 001,072,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/05/14 20:12:16 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015/05/14 20:08:52 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015/05/14 00:41:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/05/14 00:41:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/05/14 00:41:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/05/14 00:41:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/05/14 00:41:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/05/14 00:41:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/05/14 00:41:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/05/14 00:41:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/05/14 00:41:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/05/14 00:41:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/05/14 00:41:42 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/05/14 00:41:41 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/05/14 00:41:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/05/03 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2015/05/03 17:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2015/05/03 17:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2009/07/23 22:56:24 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Matt\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2015/05/26 12:56:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/26 12:56:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/26 12:50:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/05/26 12:50:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/26 09:00:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/26 09:00:17 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/05/25 17:21:07 | 000,013,824 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/05/24 17:32:31 | 000,642,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/05/24 17:32:31 | 000,119,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/05/24 15:05:59 | 000,925,876 | ---- | M] () -- C:\Users\Matt\Desktop\bookmarks_5_24_15.html
[2015/05/23 18:43:23 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/05/23 18:37:44 | 021,546,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-2.1.6.1022.exe
[2015/05/21 22:36:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2015/05/21 22:25:52 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2015/05/21 22:16:38 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MATT-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
[2015/05/21 22:13:06 | 002,720,009 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2015/05/21 21:39:52 | 002,223,104 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2015/05/21 08:45:23 | 002,241,291 | ---- | M] () -- C:\Users\Matt\Desktop\Malware removal.pdf
[2015/05/19 20:13:59 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2015/05/16 04:46:47 | 000,382,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/05/08 09:27:44 | 000,001,036 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/05/03 17:16:29 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2015/04/30 09:14:01 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

========== Files Created - No Company Name ==========

[2015/05/24 15:05:57 | 000,925,876 | ---- | C] () -- C:\Users\Matt\Desktop\bookmarks_5_24_15.html
[2015/05/21 22:16:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MATT-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
[2015/05/21 21:39:34 | 002,223,104 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2015/05/21 08:45:38 | 002,241,291 | ---- | C] () -- C:\Users\Matt\Desktop\Malware removal.pdf
[2015/05/03 17:16:29 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2015/02/09 02:41:03 | 000,208,024 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015/02/09 02:41:02 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015/02/09 02:41:02 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/09/19 11:18:56 | 000,632,320 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014/09/19 11:18:56 | 000,235,520 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014/05/04 16:47:45 | 000,021,482 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel
[2014/01/14 08:43:10 | 000,000,372 | ---- | C] () -- C:\Users\Matt\Documents - Shortcut.lnk
[2012/08/29 21:47:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/06 01:12:32 | 000,000,656 | ---- | C] () -- C:\Users\Matt\EQTimerSettings.ini
[2011/06/06 01:08:49 | 000,184,320 | ---- | C] () -- C:\Users\Matt\EQTimer.exe
[2011/06/06 01:08:49 | 000,027,539 | ---- | C] () -- C:\Users\Matt\EQTimerHelp.rtf
[2009/08/08 23:15:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/10 17:40:01 | 000,029,239 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\UserTile.png
[2009/06/01 18:08:08 | 000,013,824 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/01 14:35:19 | 000,006,756 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/17 22:02:58 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015/02/09 02:42:01 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVAST Software
[2009/07/08 04:07:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/05/26 01:06:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
[2009/11/12 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\EndNote
[2011/05/20 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Foxit Software
[2012/09/21 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\inkscape
[2009/07/03 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Nortel
[2013/09/06 07:46:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Notepad++
[2010/04/08 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OriginLab
[2013/09/06 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2010/11/22 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Synergy Software
[2015/05/03 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2010/12/10 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WaveMetrics

========== Files - Unicode (All) ==========
[2014/01/21 11:08:12 | 000,000,073 | ---- | M] ()(C:\Users\Matt\Desktop\??? (Matto).txt) -- C:\Users\Matt\Desktop\マット (Matto).txt
[2014/01/21 11:08:12 | 000,000,073 | ---- | C] ()(C:\Users\Matt\Desktop\??? (Matto).txt) -- C:\Users\Matt\Desktop\マット (Matto).txt
[2014/01/21 11:06:22 | 000,000,117 | ---- | M] ()(C:\Users\Matt\Desktop\??? (Matto) ???? - Japanese for Nano(??)particle(??).txt) -- C:\Users\Matt\Desktop\マット (Matto) ナノ粒子 - Japanese for Nano(ナノ)particle(粒子).txt
[2009/07/05 22:15:34 | 000,000,117 | ---- | C] ()(C:\Users\Matt\Desktop\??? (Matto) ???? - Japanese for Nano(??)particle(??).txt) -- C:\Users\Matt\Desktop\マット (Matto) ナノ粒子 - Japanese for Nano(ナノ)particle(粒子).txt

< End of report >
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 26th, 2015, 5:31 pm

Hello Ratagin,

Drive C: | 218.20 Gb Total Space | 3.97 Gb Free Space | 1.82% Space Free | Partition Type: NTFS
The situation is getting worse and worse - let's analyze all of your files and directories:

Create Listing of Files
I'd like to see the listings of all files and directories on the questionable hard disk C:
It will be easier and less error prone, if we create a batch file to do this... Please follow these steps:
  1. Copy all text in the quote box (below) to Notepad.
    @echo off
    dir C:\*.* /A:H /S /R /Q > "%userprofile%\desktop\C-DiskList-H.txt"
    dir C:\*.* /S /R /Q > "%userprofile%\desktop\C-DiskListAll.txt"
    Del %0
  2. Save the Notepad file on your desktop as C-DiskLists.bat... save type as "All Files"
    Image
    C-DiskLists.bat <<------------- you should see this on your Desktop.
  3. Double click on C-DiskLists.bat to execute it.
    A black CMD window will open, then disappear in a while - this is normal. The C-DiskLists.bat file will be deleted.
  4. The two files, C-DiskList-H.txt and C-DiskListAll.txt will appear on your desktop.
  5. Please attach both of them to your next reply - they are may be too big for usual contents placement.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Two attachments of C-DiskList-H.txt and C-DiskListAll.txt files
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 27th, 2015, 9:27 pm

A. Yes I did have problems. I was unable to upload the files. One of the files is large, 58.5MB, and the other small, 245KB. During uploading the large file I received an error:

Error 524 Ray ID: 1ed618cd2070040c • 2015-05-28 01:15:58 UTC
A timeout occurred

I thought that it was due to the large file size, but when I tried to upload the small file this orange text appears above the Subject field for posting a reply:
"Temporary folder could not be found. Please check your PHP installation."

Also, I moved >45GB of movies (TV shows, home videos, etc.) to an external hard drive I bought today, so hopefully that solves any problems with C: being overloaded. Although the "backup" partition is still full.

B. As stated in A. couldn't upload.

C. No change.
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 29th, 2015, 12:00 am

Hello Ratagin,

Sorry for delay! :( :oops:

Also, I moved >45GB of movies (TV shows, home videos, etc.) to an external hard drive I bought today, so hopefully that solves any problems with C: being overloaded.
Something like that I was going to suggest you after analyzing files and directory listings you cannot upload here. Anyway the result is good! :D

Although the "backup" partition is still full.
Lets try to do the same with this disk. I believe that listings from the D: will be much less in size.

Create Listing of Files
I'd like to see the listings of all files and directories on the questionable hard disk D:
It will be easier and less error prone, if we create a batch file to do this... Please follow these steps:
  1. Copy all text in the quote box (below) to Notepad.
    @echo off
    dir D:\*.* /A:H /S /R /Q > "%userprofile%\desktop\D-DiskList-H.txt"
    dir D:\*.* /S /R /Q > "%userprofile%\desktop\D-DiskListAll.txt"
    Del %0
  2. Save the Notepad file on your desktop as D-DiskLists.bat... save type as "All Files"
    Image
    D-DiskLists.bat <<------------- you should see this on your Desktop.
  3. Double click on D-DiskLists.bat to execute it.
    A black CMD window will open, then disappear in a while - this is normal. The C-DiskLists.bat file will be deleted.
  4. The two files, D-DiskList-H.txt and D-DiskListAll.txt will appear on your desktop.

Please try to attach both of them in your next reply firstly. Then if your trying will be failed again, please try to post their contents in your reply directly - may be in a few posts.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Two attachments or two contents of D-DiskList-H.txt and D-DiskListAll.txt files
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 29th, 2015, 10:00 am

Hello!
this is a quick one:
A. No problems executing instructions.
B. Attached
C. no
You do not have the required permissions to view the files attached to this post.
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 29th, 2015, 11:38 am

Hello Ratagin,

B. Attached
Bingo! :D Right now I can explain what happened with your computer and why your Recovery disk is full now.
  1. You opened this topic May 19, 2015.
  2. I started to help you next day and asked you to backup your data in my initial post:
    and you used that link and run your backup, by using the next link inside...
  3. Right now is not so important to know how you selected the disk D: as a backup target, but actually the backup process was never finished and complete - it filled up the whole free amount of space on the Recovery Disk
    . . .
    05/21/2015 09:23 AM 201,914,662 NT AUTHORITY\SYSTEM Backup files 9.zip
    50 File(s) 6,969,775,727 bytes

    At the beginning, as per your original DDS log, there were:
    D: is FIXED (NTFS) - 15 GiB total, 6.537 GiB free.
    The 6.537 GiB and 6,969,775,727 bytes are practically the same!

Please do the following:

Step 1.
Disable Windows Vista Backup
  1. Please select Start Menu, All ProgramsAccessoriesSystem ToolsBackup Status and Configuration.
  2. Choose the Back Up Now button from the left side of the Backup Status and Configuration window.
  3. Click the Turn Off button, found at the bottom of the window. If you’re assaulted by a UAC warning, click the Continue button or type the administrator’s password.
  4. Close the Backup Status and Configuration window.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    D:\MATT-PC\Backup Set 2015-05-21 085025
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 29th, 2015, 11:57 am

Hi pgmigg,

I can't get past step one. In Step 1, I finished number 2, but there is no "turn off" feature in my Backup Status and Configuration window.

I am not sure I have ever setup an auto backup to run or have ever seen it running automatically.

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 29th, 2015, 2:08 pm

Hello Ratagin,

can't get past step one. In Step 1, I finished number 2, but there is no "turn off" feature in my Backup Status and Configuration window.
OK! You have Windows Vista Home Basic. So.. well.. lets do it in the other way:

Step 1.
Disable Windows Vista Backup
  1. Please download Disable_Backup.reg file and save it on your Desktop.
  2. Right click the Disable_Backup.reg file and click on Merge.
  3. Click on the Run button for Security Warning pop-up.
  4. Click on Continue (UAC), then Yes, and then OK when prompted.
  5. When done, please reboot your computer.
  6. Then please delete Disable_Backup.reg file.

Then proceed with steps 2 and 3 from my previous post.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 30th, 2015, 7:52 am

Hello,

A. No problems.
B. See Below:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
D:\MATT-PC\Backup Set 2015-05-21 085025\Catalogs folder moved successfully.
D:\MATT-PC\Backup Set 2015-05-21 085025\Backup Files 2015-05-21 085025\Catalogs folder moved successfully.
D:\MATT-PC\Backup Set 2015-05-21 085025\Backup Files 2015-05-21 085025 folder moved successfully.
D:\MATT-PC\Backup Set 2015-05-21 085025 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 14338520 bytes
->Temporary Internet Files folder emptied: 649050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19548847 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2872118 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05292015_192643

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C. See Below:

C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Sony\EverQuest\dsetup.dll a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\BitTorrent-6.4c.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Matt\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Matt\Downloads\eqchangesv12 (1).zip Win32/GameHack.AP potentially unsafe application
C:\Users\Matt\Downloads\eqchangesv12 (2).zip Win32/GameHack.AP potentially unsafe application
C:\Users\Matt\Downloads\eqchangesv12.zip Win32/GameHack.AP potentially unsafe application
C:\Users\Matt\Downloads\eqchangesv13 (1).zip Win32/GameHack.AP potentially unsafe application
C:\Users\Matt\Downloads\eqchangesv13.zip Win32/GameHack.AP potentially unsafe application
C:\Users\Matt\Downloads\eqchangesv14.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv15.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv17.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv18.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv19.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv20.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv21.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv22.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv23.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv24.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv25.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv26.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv27.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\eqchangesv28.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\P99Files30.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\P99Files31.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\P99Files32.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\P99Files33.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Matt\Downloads\P99Files36.zip a variant of Win32/Packed.Themida potentially unwanted application
C:\_OTL\MovedFiles\05292015_192643\D_MATT-PC\Backup Set 2015-05-21 085025\Backup Files 2015-05-21 085025\Backup files 42.zip Win32/Somoto.G potentially unwanted application

D. Not yet.

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 30th, 2015, 5:54 pm

Hello Ratagin,

A. No problems.
Good job! :D Lets continue...

Step 1.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Processes > All <- Important
    • Extra Registry > Use SafeList
    • LOP check
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Sony\EverQuest\dsetup.dll
C:\Users\Matt\Downloads\CuteWriter.exe
C:\Users\Matt\Downloads\eqchangesv12.zip
C:\Users\Matt\Downloads\P99Files36.zip


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL fresh scan
  3. The resulting web links after online file scan by Virus Total or Jotti.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 30th, 2015, 9:10 pm

Hello pgmigg,

A. No problem.
B. See below:

OTL logfile created on: 5/30/2015 8:14:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 58.79% Memory free
7.12 Gb Paging File | 5.78 Gb Available in Paging File | 81.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 71.55 Gb Free Space | 32.79% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.54 Gb Free Space | 44.62% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2015/05/21 22:36:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2015/04/10 19:22:42 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2015/04/09 11:16:29 | 005,512,912 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/04/09 11:16:21 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/04/09 11:16:01 | 003,205,216 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2015/01/08 20:18:11 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2014/12/03 14:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/09/17 16:31:36 | 000,127,080 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2014/09/17 16:27:46 | 000,157,776 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
PRC - [2014/09/17 16:25:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2014/02/20 19:54:40 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2014/02/20 19:54:26 | 000,553,288 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2014/02/12 08:50:20 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2013/08/27 14:05:00 | 000,285,424 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011/08/30 15:05:02 | 000,390,504 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2010/11/04 12:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/06/09 12:49:50 | 002,960,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009/04/11 02:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 02:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2009/04/11 02:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 02:27:59 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
PRC - [2009/04/11 02:27:58 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
PRC - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/05 01:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/22 06:34:46 | 003,810,304 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/12/22 06:34:46 | 000,026,112 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/12/22 06:32:44 | 002,809,856 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/15 00:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/12/09 01:25:34 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/12/09 01:25:20 | 000,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/12/09 01:25:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/20 22:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008/01/20 22:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/20 22:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
PRC - [2006/11/02 05:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe


========== Modules (No Company Name) ==========

MOD - [2015/05/16 04:57:55 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\9ae8787cf9c9340184207c108026aceb\System.Web.ni.dll
MOD - [2015/05/14 19:09:46 | 012,935,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ad9feb3143717fe0e0a50f792718bbed\System.Windows.Forms.ni.dll
MOD - [2015/05/14 19:09:40 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d2acb5226fa8916ef6417139a742a09d\System.Core.ni.dll
MOD - [2015/05/14 19:09:36 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5023210ae4242a319712718fc6a23848\System.Configuration.ni.dll
MOD - [2015/05/14 19:04:29 | 001,947,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a177f894a19bf7fa3e5065aa26f3f026\Microsoft.VisualBasic.ni.dll
MOD - [2015/04/15 19:14:13 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9ed54bd36f7a81d4731bb89a68d2331d\System.Runtime.Remoting.ni.dll
MOD - [2015/04/15 19:12:09 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\19a83775eaa7f4de4c162a44d63f55bd\System.Runtime.Remoting.ni.dll
MOD - [2015/04/09 11:16:41 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/04/09 11:16:26 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/04/09 11:16:23 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2014/10/15 23:30:23 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a224433c0fb9281862f36823e86822fc\System.Xml.ni.dll
MOD - [2014/10/15 23:24:31 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf2c94955471d68d3708b1fbf613ae46\System.ni.dll
MOD - [2014/10/15 19:54:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 19:54:54 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 19:54:44 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/10 20:12:22 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2014/02/28 19:03:47 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 12:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 12:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/27 14:05:00 | 000,065,264 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
MOD - [2013/08/27 14:04:42 | 000,070,896 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/06/18 11:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/22 06:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2015/05/26 22:11:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/04/15 11:50:26 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/04/09 11:16:21 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/04/09 11:16:01 | 003,205,216 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2015/02/18 11:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/03 14:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/17 16:27:46 | 000,157,776 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe -- (Seagate MobileBackup Service)
SRV - [2014/09/17 16:25:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2009/05/20 15:14:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/05/20 15:13:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/20 15:13:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/04/21 04:09:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk60x86.dll -- (yksvc)
SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\SftService.exe -- (SftService)
SRV - [2009/02/05 01:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Matt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (av43mad1)
DRV - [2015/04/14 09:37:50 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/04/14 09:37:42 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/04/09 11:16:48 | 000,208,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/04/09 11:16:48 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/04/09 11:16:47 | 000,427,736 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2015/04/09 11:16:47 | 000,073,440 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/04/09 11:16:47 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/04/09 11:16:47 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/04/09 11:16:46 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/04/09 11:16:11 | 000,788,272 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/04/09 11:16:01 | 000,220,240 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2015/02/09 02:40:42 | 000,035,144 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswTap.sys -- (aswTap)
DRV - [2012/04/17 08:25:02 | 000,027,080 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2010/07/02 17:22:15 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/19 17:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/12/30 22:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\SearchScopes\{B2FF4056-06AE-4490-86BC-CF3B31A3447D}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/09 11:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/05/26 22:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/05/26 22:11:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Matt\AppData\Roaming\Move Networks [2009/11/08 20:40:43 | 000,000,000 | ---D | M]

[2010/01/29 17:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2015/05/24 14:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\xossqs3u.default-1432488045684\extensions
[2015/05/26 22:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/05/26 22:11:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/09/20 23:50:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-245273635-629929200-1524352486-1000..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKU\S-1-5-21-245273635-629929200-1524352486-1000..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A414F2D-7DF2-4AE0-A070-24B0B179E9CB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07D3217-8717-4CCB-9A0A-20CC1ED7A59E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: ("ﲀ׬Ұ")
O34 - HKLM BootExecute: (@)
O34 - HKLM BootExecute: ("SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\inkscape.exe")
O34 - HKLM BootExecute: (\)
O34 - HKLM BootExecute: ("ጔ楉׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("槡׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("ጭ橹׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("欑׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("殩׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("፷汁׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("泙׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("浱׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("ጬ渉׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("溡׭Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: ("Ұ")
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: ("C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/05/29 20:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2015/05/27 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Nero
[2015/05/27 10:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2015/05/27 10:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2015/05/27 10:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2015/05/27 10:14:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Seagate
[2015/05/27 10:07:09 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2015/05/26 22:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/05/26 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5524E667-5656-4C4E-A9E9-B7D4995CA901}
[2015/05/25 16:28:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C6B93C2C-1492-451D-A0D9-56AB8B0BBB19}
[2015/05/24 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Google
[2015/05/24 17:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2015/05/24 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Old Firefox Data
[2015/05/23 18:42:55 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/05/23 18:42:07 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/05/23 18:42:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/05/23 18:42:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/05/23 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/05/23 18:37:07 | 021,546,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-2.1.6.1022.exe
[2015/05/22 20:36:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/05/21 22:36:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2015/05/21 22:25:40 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2015/05/21 22:16:11 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/05/21 22:12:54 | 002,720,009 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2015/05/21 21:41:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/05/19 20:13:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2015/05/14 20:12:17 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/05/14 20:12:17 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015/05/14 20:12:17 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015/05/14 20:12:17 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015/05/14 20:12:17 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015/05/14 20:12:17 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015/05/14 20:12:16 | 002,065,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/05/14 20:12:16 | 001,072,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/05/14 20:12:16 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015/05/14 20:08:52 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015/05/14 00:41:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/05/14 00:41:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/05/14 00:41:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/05/14 00:41:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/05/14 00:41:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/05/14 00:41:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/05/14 00:41:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/05/14 00:41:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/05/14 00:41:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/05/14 00:41:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/05/14 00:41:42 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/05/14 00:41:41 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/05/14 00:41:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/05/03 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2015/05/03 17:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2015/05/03 17:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2009/07/23 22:56:24 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Matt\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2015/05/30 19:50:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/30 19:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/05/30 19:02:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/05/30 18:47:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/30 18:47:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/30 18:44:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/27 15:21:59 | 000,642,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/05/27 15:21:58 | 000,119,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/05/27 15:20:20 | 000,016,384 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/05/27 10:17:33 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2015/05/24 15:05:59 | 000,925,876 | ---- | M] () -- C:\Users\Matt\Desktop\bookmarks_5_24_15.html
[2015/05/23 18:43:23 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/05/23 18:37:44 | 021,546,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-2.1.6.1022.exe
[2015/05/21 22:36:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2015/05/21 22:25:52 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2015/05/21 22:16:38 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MATT-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
[2015/05/21 22:13:06 | 002,720,009 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2015/05/21 21:39:52 | 002,223,104 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2015/05/21 08:45:23 | 002,241,291 | ---- | M] () -- C:\Users\Matt\Desktop\Malware removal.pdf
[2015/05/19 20:13:59 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2015/05/16 04:46:47 | 000,382,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/05/08 09:27:44 | 000,001,036 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/05/03 17:16:29 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

========== Files Created - No Company Name ==========

[2015/05/27 10:17:33 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2015/05/24 15:05:57 | 000,925,876 | ---- | C] () -- C:\Users\Matt\Desktop\bookmarks_5_24_15.html
[2015/05/21 22:16:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MATT-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
[2015/05/21 21:39:34 | 002,223,104 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2015/05/21 08:45:38 | 002,241,291 | ---- | C] () -- C:\Users\Matt\Desktop\Malware removal.pdf
[2015/05/03 17:16:29 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2015/02/09 02:41:03 | 000,208,024 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015/02/09 02:41:02 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015/02/09 02:41:02 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/09/19 11:18:56 | 000,632,320 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014/09/19 11:18:56 | 000,235,520 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014/05/04 16:47:45 | 000,021,482 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel
[2014/01/14 08:43:10 | 000,000,372 | ---- | C] () -- C:\Users\Matt\Documents - Shortcut.lnk
[2012/08/29 21:47:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/06 01:12:32 | 000,000,656 | ---- | C] () -- C:\Users\Matt\EQTimerSettings.ini
[2011/06/06 01:08:49 | 000,184,320 | ---- | C] () -- C:\Users\Matt\EQTimer.exe
[2011/06/06 01:08:49 | 000,027,539 | ---- | C] () -- C:\Users\Matt\EQTimerHelp.rtf
[2009/08/08 23:15:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/10 17:40:01 | 000,029,239 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\UserTile.png
[2009/06/01 18:08:08 | 000,016,384 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/01 14:35:19 | 000,006,756 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/17 22:02:58 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015/02/09 02:42:01 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVAST Software
[2009/07/08 04:07:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/05/30 19:04:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
[2009/11/12 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\EndNote
[2011/05/20 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Foxit Software
[2012/09/21 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\inkscape
[2015/05/27 10:07:09 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2009/07/03 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Nortel
[2013/09/06 07:46:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Notepad++
[2010/04/08 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OriginLab
[2015/05/27 10:14:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Seagate
[2013/09/06 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2010/11/22 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Synergy Software
[2015/05/03 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2010/12/10 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WaveMetrics

========== Files - Unicode (All) ==========
[2014/01/21 11:08:12 | 000,000,073 | ---- | M] ()(C:\Users\Matt\Desktop\??? (Matto).txt) -- C:\Users\Matt\Desktop\マット (Matto).txt
[2014/01/21 11:08:12 | 000,000,073 | ---- | C] ()(C:\Users\Matt\Desktop\??? (Matto).txt) -- C:\Users\Matt\Desktop\マット (Matto).txt
[2014/01/21 11:06:22 | 000,000,117 | ---- | M] ()(C:\Users\Matt\Desktop\??? (Matto) ???? - Japanese for Nano(??)particle(??).txt) -- C:\Users\Matt\Desktop\マット (Matto) ナノ粒子 - Japanese for Nano(ナノ)particle(粒子).txt
[2009/07/05 22:15:34 | 000,000,117 | ---- | C] ()(C:\Users\Matt\Desktop\??? (Matto) ???? - Japanese for Nano(??)particle(??).txt) -- C:\Users\Matt\Desktop\マット (Matto) ナノ粒子 - Japanese for Nano(ナノ)particle(粒子).txt

< End of report >

C. See below for the 5 links:

https://www.virustotal.com/en/file/7b5a ... 433033965/

https://www.virustotal.com/en/file/0a18 ... 433034080/

https://www.virustotal.com/en/file/e770 ... 433034187/

https://www.virustotal.com/en/file/5a0e ... 433034306/

https://www.virustotal.com/en/file/ebab ... 433034403/

D. Cannot tell yet.

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 31st, 2015, 12:19 am

Hello Ratagin,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Sony\EverQuest\dsetup.dll 
    C:\Users\Matt\Downloads\BitTorrent-6.4c.exe
    C:\Users\Matt\Downloads\CuteWriter.exe
    C:\Users\Matt\Downloads\eqchangesv12 (1).zip
    C:\Users\Matt\Downloads\eqchangesv12 (2).zip
    C:\Users\Matt\Downloads\eqchangesv12.zip
    C:\Users\Matt\Downloads\eqchangesv13 (1).zip
    C:\Users\Matt\Downloads\eqchangesv13.zip 
    C:\Users\Matt\Downloads\eqchangesv14.zip
    C:\Users\Matt\Downloads\eqchangesv15.zip
    C:\Users\Matt\Downloads\eqchangesv17.zip
    C:\Users\Matt\Downloads\eqchangesv18.zip
    C:\Users\Matt\Downloads\eqchangesv19.zip
    C:\Users\Matt\Downloads\eqchangesv20.zip
    C:\Users\Matt\Downloads\eqchangesv21.zip
    C:\Users\Matt\Downloads\eqchangesv22.zip
    C:\Users\Matt\Downloads\eqchangesv23.zip 
    C:\Users\Matt\Downloads\eqchangesv24.zip
    C:\Users\Matt\Downloads\eqchangesv25.zip
    C:\Users\Matt\Downloads\eqchangesv26.zip
    C:\Users\Matt\Downloads\eqchangesv27.zip 
    C:\Users\Matt\Downloads\eqchangesv28.zip
    C:\Users\Matt\Downloads\P99Files30.zip
    C:\Users\Matt\Downloads\P99Files31.zip
    C:\Users\Matt\Downloads\P99Files32.zip 
    C:\Users\Matt\Downloads\P99Files33.zip
    C:\Users\Matt\Downloads\P99Files36.zip
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Hard Disk De-fragmentation by Defraggler
  1. Please download Defraggler by Piriform and safe the dfsetup219.exe to your Desktop.
  2. Close all open programs and Internet browsers.
  3. Right click on dfsetup219.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Click on Next on the opened welcome window.
  5. Uncheck all additional option excluding the first one "Add Desktop Shortcut". Then click on Next.
  6. Uncheck Piriform recommendation to "Install Google Chrome as my default browser". Then click on Install.
  7. When installation completed, please uncheck "View release Notes" and click on Finish.
  8. The Defraggler will be opened. Same time your default browser will be opened with suggestion to buy professional version of Defraggler - please close it.
  9. You will see some information about your local drive C:\ including Disk Health status: Good or Error.
  10. Please click on Analyze button in the left bottom corner. Be patient - the process may take a while...
  11. When scan finished, you will see Analyze Results - if the percent of fragmentation is equal or grater then 10, please click on Defrag button. Then wait...
    It may take a long period of time - even hours, depends on summary size of files saved on your hard drive and value of percent of fragmentation.
  12. After the occurrence of the inscription "Defrag Complete" please post in your next reply the Disk Health status and percent of fragmentation before and after de-fragmentation.

Step 3.
Download and reinstall Google Chrome
  1. Please download fresh copy of Google Chrome from Here and install it
  2. After installation will be completed successfully, please set the Google Chrome as your default browser and rebuild you Bookmarks were backup-ed or synced in the Step 4 before your previous unsuccessful try to install Google Chrome, by using the import option of the Bookmarks menu or automatically in case of sign to Google Account.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. The Disk Health status and percent of fragmentation before and after de-fragmentation.
  4. Status of installation of Google Chrome
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 92 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware