Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer might just be done?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer might just be done?

Unread postby pgmigg » August 20th, 2015, 1:27 am

Hello kyfeez,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Program Files\Best Buy Software Installer
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Software Installer
    C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Best Buy Software Installer
    C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    C:\ProgramData\HP\Installer\Temp\hpoBufferChm.log
    C:\Users\All Users\HP\Installer\Temp\hpoBufferChm.log
    C:\ProgramData\HP\Installer\Temp\hpoNetwork64.log
    C:\Users\All Users\HP\Installer\Temp\hpoNetwork64.log
    C:\Users\Kyle\AppData\Local\Best_Buy®
    C:\Users\Kyle\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Best Buy Software Installer-28052015-213249
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Best Buy]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Best Buy Software Installer Setup.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9\SourceList]
    "PackageName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Best Buy Software Installer_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Best Buy Software Installer_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
    "SBOEM0"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Software Installer\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Best Buy Software Installer\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\028C3B3A3500B2444963214CDD2359AD]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D074A5E448A0CA4DA5CC090C4B2FA4D]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1000BC4D3D94C204296D1CFCBA5162D6]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\100C1A05836CF6240BF6FE3A863828A2]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1577308B0F7CF0A469A5DE0848B64CA8]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B0067A7ABE0D7D48BF57DAB7D1897F5]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28C99001F51FCB44BA82AC4CBEAC26DC]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\303019DAC69920C4283E7B28942DD1E3]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B27724C6B66244A8F717C303D65B10]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47409E46858B32344925D29206C111C4]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C134D1C7880A1C47B43F21768F62CE4]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6093757074DB7FA43BCC2D06DEDC8F59]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\757E9F7CB3CA9D045A5EB0F280272A98]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88FABA9C671BDE143922F8A2D5CFA374]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94A7068D97D465046A4740581B6D285D]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95A1AA5AC8A7F924EB7CEE22AD59F523]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99353F66DCBBE5548BE2E5D66C88CA3D]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9FD2DB9FB22C86649843835BE8E531E3]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCF33EFB5B0036A4984208EEB7073A36]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5C5F73FAEC6A643A2BA1EF418A94D6]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDE19E37A5998EC4AB6ACF0CB9F23EA9]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CED4D327E1936674F9A802913970BAE0]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEEAFB017403A4B42898B339D7833DC0]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8878E9FAC269394992476C606E4A588]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA4F65F1E52FDB049853DED67D7F3EC1]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAEDB92C08DF3CB46BA3FAF536660347]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB916A5CDA208BB419B66FF0D3C7057F]
    "7664CBBF125287E41BDB78607F4745B9"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]
    "DisplayName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy Software Installer]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}]
    "UninstallString"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Best Buy Software Installer]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Best Buy Software Installer]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Best Buy Software Installer]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\4AA7AEE2302C09b43AF491BFE71F8CC1]
    "BufferChm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\SourceList]
    "PackageName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\SourceList]
    "LastUsedSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\SourceList\Net]
    "1"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Install\{68FCE472-CCC6-4113-A478-3D29FC934EA0}]
    "Filename"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Install\{68FCE472-CCC6-4113-A478-3D29FC934EA0}]
    "section"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\Features]
    "BufferChm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\InstallProperties]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\SourceList]
    "PackageName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\SourceList]
    "LastUsedSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\SourceList\Net]
    "1"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Install\{56BFC392-6123-442B-BF39-AE5B14C70D79}]
    "Filename"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\73FBFE5025E0975478C5E7FED0BFF4BC\InstallProperties]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\73FBFE5025E0975478C5E7FED0BFF4BC\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}]
    "DisplayName"=-
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of a OTL.txt log file after OTL fresh scan
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Computer might just be done?

Unread postby kyfeez » August 20th, 2015, 7:24 pm

I had no problems doing the instructions. I don't see much more improvement since the initial post. Overall, the computer is still kind of slow. Everything like closing tabs, scrolling down, basically anything takes more time than it should.

OTL Fix

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\Best Buy Software Installer folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Software Installer folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\E691D26A\B0C1279A folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\E691D26A folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\964A8323\B0C1279A folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\964A8323 folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\7737F528\B0C1279A folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\7737F528 folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\3C4D17D1\B0C1279A folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\3C4D17D1 folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE folder moved successfully.
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71} folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Best Buy Software Installer not found.
File\Folder C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71} not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
C:\ProgramData\HP\Installer\Temp\hpoBufferChm.log moved successfully.
File\Folder C:\Users\All Users\HP\Installer\Temp\hpoBufferChm.log not found.
C:\ProgramData\HP\Installer\Temp\hpoNetwork64.log moved successfully.
File\Folder C:\Users\All Users\HP\Installer\Temp\hpoNetwork64.log not found.
C:\Users\Kyle\AppData\Local\Best_Buy®\Best_Buy_Software_Install_Url_elvbhqmfqgz5xjhmzmrpdc3hgqwx5mjl\2.1.0.29 folder moved successfully.
C:\Users\Kyle\AppData\Local\Best_Buy®\Best_Buy_Software_Install_Url_elvbhqmfqgz5xjhmzmrpdc3hgqwx5mjl folder moved successfully.
C:\Users\Kyle\AppData\Local\Best_Buy® folder moved successfully.
C:\Users\Kyle\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Best Buy Software Installer-28052015-213249 folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Best Buy\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Best Buy Software Installer Setup.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9\\ProductName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7664CBBF125287E41BDB78607F4745B9\SourceList\\PackageName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Best Buy Software Installer_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Best Buy Software Installer_RASMANCS\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn\\SBOEM0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\028C3B3A3500B2444963214CDD2359AD not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D074A5E448A0CA4DA5CC090C4B2FA4D not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1000BC4D3D94C204296D1CFCBA5162D6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\100C1A05836CF6240BF6FE3A863828A2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1577308B0F7CF0A469A5DE0848B64CA8 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B0067A7ABE0D7D48BF57DAB7D1897F5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28C99001F51FCB44BA82AC4CBEAC26DC not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\303019DAC69920C4283E7B28942DD1E3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B27724C6B66244A8F717C303D65B10 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47409E46858B32344925D29206C111C4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C134D1C7880A1C47B43F21768F62CE4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6093757074DB7FA43BCC2D06DEDC8F59 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\757E9F7CB3CA9D045A5EB0F280272A98 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88FABA9C671BDE143922F8A2D5CFA374 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94A7068D97D465046A4740581B6D285D not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95A1AA5AC8A7F924EB7CEE22AD59F523 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99353F66DCBBE5548BE2E5D66C88CA3D not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9FD2DB9FB22C86649843835BE8E531E3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCF33EFB5B0036A4984208EEB7073A36 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5C5F73FAEC6A643A2BA1EF418A94D6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDE19E37A5998EC4AB6ACF0CB9F23EA9 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CED4D327E1936674F9A802913970BAE0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEEAFB017403A4B42898B339D7833DC0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8878E9FAC269394992476C606E4A588 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA4F65F1E52FDB049853DED67D7F3EC1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAEDB92C08DF3CB46BA3FAF536660347 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB916A5CDA208BB419B66FF0D3C7057F not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7664CBBF125287E41BDB78607F4745B9\InstallProperties not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\InstallLocation not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\Publisher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\DisplayName not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy Software Installer\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\UninstallString deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Best Buy Software Installer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Best Buy Software Installer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Best Buy Software Installer\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\4AA7AEE2302C09b43AF491BFE71F8CC1\\BufferChm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\\ProductName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\SourceList\\PackageName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\SourceList\\LastUsedSource deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\SourceList\Net\\1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Install\{68FCE472-CCC6-4113-A478-3D29FC934EA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Install\{68FCE472-CCC6-4113-A478-3D29FC934EA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\Features not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1\InstallProperties not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}\\InstallSource deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\\ProductName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\SourceList\\PackageName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\SourceList\\LastUsedSource deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\73FBFE5025E0975478C5E7FED0BFF4BC\SourceList\Net\\1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Install\{56BFC392-6123-442B-BF39-AE5B14C70D79} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\73FBFE5025E0975478C5E7FED0BFF4BC\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\73FBFE5025E0975478C5E7FED0BFF4BC\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB} not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 149 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28699306 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 341862 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08202015_163205

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
kyfeez
Regular Member
 
Posts: 41
Joined: April 16th, 2011, 9:46 pm

Re: Computer might just be done?

Unread postby kyfeez » August 20th, 2015, 7:25 pm

OTL Scan

OTL logfile created on: 8/20/2015 4:42:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 64.57% Memory free
7.49 Gb Paging File | 6.01 Gb Available in Paging File | 80.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.61 Gb Total Space | 189.35 Gb Free Space | 65.84% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/08/19 12:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
PRC - [2015/07/21 16:38:11 | 006,109,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/07/21 16:37:40 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2015/07/21 16:38:39 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/07/21 16:37:55 | 000,102,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/07/21 16:37:42 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/07/21 16:37:40 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/07/21 16:34:39 | 004,047,768 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2015/07/16 14:21:50 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/05/25 12:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/08/21 10:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/11 17:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 20:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/30 00:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/08/14 09:33:23 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/08 10:40:58 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/07/21 16:38:54 | 000,150,160 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/07/21 16:38:53 | 000,274,808 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/07/21 16:38:52 | 000,447,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/07/21 16:38:52 | 000,090,968 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/07/21 16:38:52 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/07/21 16:38:52 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/07/21 16:38:50 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/07/21 16:36:58 | 001,048,856 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/07/21 16:36:47 | 000,115,152 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\ngvss.sys -- (ngvss)
DRV:64bit: - [2015/07/21 16:34:39 | 000,273,824 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/09 12:11:58 | 000,943,616 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 20:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 13:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/04/19 15:42:10 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {82A1F2B0-2D24-416D-B723-47106ED11AFB}
IE:64bit: - HKLM\..\SearchScopes\{82A1F2B0-2D24-416D-B723-47106ED11AFB}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E11114A6-3164-4382-B836-CC521E3FD068}
IE - HKLM\..\SearchScopes\{E11114A6-3164-4382-B836-CC521E3FD068}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09262013
IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\..\SearchScopes\{B3E1E95F-1224-4D5F-8BB6-C86585C73E37}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS391US391
IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\..\SearchScopes\{E11114A6-3164-4382-B836-CC521E3FD068}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120414,6902,0,28,0"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:2.4.0.134
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Kyle\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015/06/14 19:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/07/21 16:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/07/08 10:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/07/19 22:12:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015/06/14 19:03:15 | 000,000,000 | ---D | M]

[2010/09/11 14:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2010/09/11 14:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2015/07/20 11:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\nmqiqnsu.default\extensions
[2015/07/20 11:16:40 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\nmqiqnsu.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2015/08/12 11:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/07/08 10:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/07/08 10:41:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.506.11355_0\
CHR - Extension: No name found = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb\1_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3970152658-4062035479-1312505081-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38E3A524-E1F1-46E8-90CB-709DFB227BCC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CEE222B-174A-4819-82A1-10803F290558}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{466cf9d6-099e-11e0-a5d7-00266c485774}\Shell - "" = AutoRun
O33 - MountPoints2\{466cf9d6-099e-11e0-a5d7-00266c485774}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/08/19 18:18:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/08/19 12:36:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2015/08/19 12:14:43 | 004,404,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\tdsskiller.exe
[2015/08/19 11:51:08 | 001,791,580 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Kyle\Desktop\JRT.exe
[2015/08/19 11:37:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/08/16 21:41:22 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2015/08/12 11:32:01 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/08/12 11:32:01 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/08/12 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2015/08/12 11:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2015/08/12 11:04:47 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Kyle\Desktop\revosetup.exe
[2015/08/11 23:04:07 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2015/08/11 23:04:07 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll
[2015/08/11 23:04:07 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll
[2015/08/11 23:04:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2015/08/11 23:04:07 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll
[2015/08/11 23:04:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\acmigration.dll
[2015/08/11 23:04:06 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2015/08/11 23:04:06 | 000,017,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CompatTelRunner.exe
[2015/08/11 23:03:53 | 005,568,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2015/08/11 23:03:52 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2015/08/11 23:03:50 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2015/08/11 23:03:49 | 003,934,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2015/08/11 23:03:46 | 003,989,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2015/08/11 23:03:44 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2015/08/11 23:03:44 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2015/08/11 23:03:43 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2015/08/11 23:03:43 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2015/08/11 23:03:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2015/08/11 23:03:43 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2015/08/11 23:03:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2015/08/11 23:03:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2015/08/11 23:03:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2015/08/11 23:03:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2015/08/11 23:03:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2015/08/11 23:03:42 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2015/08/11 23:03:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\auditpol.exe
[2015/08/11 23:03:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2015/08/11 23:03:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\auditpol.exe
[2015/08/11 23:03:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptbase.dll
[2015/08/11 23:03:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2015/08/11 23:03:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2015/08/11 23:03:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2015/08/11 23:03:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2015/08/11 23:03:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmmsp.dll
[2015/08/11 23:03:40 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2015/08/11 23:03:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2015/08/11 23:03:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2015/08/11 23:03:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015/08/11 23:03:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015/08/11 23:03:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015/08/11 23:03:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2015/08/11 23:03:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015/08/11 23:03:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015/08/11 23:03:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015/08/11 23:03:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015/08/11 23:03:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/08/11 23:03:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/08/11 23:03:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015/08/11 23:03:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015/08/11 23:03:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015/08/11 23:03:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015/08/11 23:03:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015/08/11 23:03:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015/08/11 23:03:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2015/08/11 23:03:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2015/08/11 23:03:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apisetschema.dll
[2015/08/11 23:03:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015/08/11 23:03:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015/08/11 23:03:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015/08/11 23:03:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015/08/11 23:03:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015/08/11 23:03:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015/08/11 23:03:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015/08/11 23:03:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015/08/11 23:03:33 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll
[2015/08/11 23:03:33 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll
[2015/08/11 23:03:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2015/08/11 23:03:30 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll
[2015/08/11 23:03:30 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll
[2015/08/11 23:03:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msobjs.dll
[2015/08/11 23:03:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msobjs.dll
[2015/08/11 23:03:06 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2015/08/11 23:03:05 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2015/08/11 23:03:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2015/08/11 23:03:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2015/08/11 23:03:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2015/08/11 23:03:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2015/08/11 23:02:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\basesrv.dll
[2015/08/11 23:01:25 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2015/08/11 23:01:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2015/08/11 23:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2015/08/11 23:01:25 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2015/08/11 23:01:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2015/08/11 23:01:23 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2015/08/11 23:01:22 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/08/11 23:01:22 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2015/08/11 23:01:21 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2015/08/11 23:01:18 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2015/08/11 23:01:18 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2015/08/11 23:01:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2015/08/11 23:01:17 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2015/08/11 23:01:17 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2015/08/11 23:01:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2015/08/11 23:01:16 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2015/08/11 23:01:16 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2015/08/11 23:01:16 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2015/08/11 23:01:16 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2015/08/11 23:01:16 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2015/08/11 23:01:14 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2015/08/11 23:01:14 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2015/08/11 23:01:13 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2015/08/11 23:01:12 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2015/08/11 23:01:12 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2015/08/11 23:01:11 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2015/08/11 23:01:11 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2015/08/11 23:01:11 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2015/08/11 23:01:11 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2015/08/11 23:01:09 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2015/08/11 23:01:09 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2015/08/11 23:01:08 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2015/08/11 23:01:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2015/08/11 23:01:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2015/08/11 23:01:07 | 005,923,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2015/08/11 23:01:07 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2015/08/11 23:01:05 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2015/08/11 23:01:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2015/08/11 23:01:05 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2015/08/11 22:58:30 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2015/08/11 22:58:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll
[2015/08/11 22:58:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll
[2015/08/11 22:58:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2015/08/11 22:58:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2015/08/11 22:58:20 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2015/08/11 22:58:18 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2015/08/11 22:58:18 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2015/08/11 22:58:15 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2015/08/11 22:58:15 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2015/08/11 22:58:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2015/08/11 22:58:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2015/08/11 22:58:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2015/08/11 22:58:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2015/08/11 22:58:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2015/08/11 22:58:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\notepad.exe
[2015/08/11 22:57:53 | 003,154,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2015/08/11 22:57:53 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2015/08/11 22:57:53 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2015/08/11 22:57:53 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2015/08/11 22:57:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2015/08/11 22:57:53 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2015/08/11 22:57:53 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2015/08/11 22:57:52 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2015/08/11 22:57:51 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2015/08/11 22:57:51 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2015/08/11 22:57:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2015/08/11 22:57:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2015/08/11 22:57:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2015/08/11 22:57:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2015/08/11 22:57:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wu.upgrade.ps.dll
[2015/08/11 22:57:33 | 000,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mcupdate_GenuineIntel.dll
[2015/07/27 14:20:10 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\4900
[2015/06/14 19:36:36 | 005,581,664 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

========== Files - Modified Within 30 Days ==========

[2015/08/20 16:46:16 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/08/20 16:46:16 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/08/20 16:42:43 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/08/20 16:42:40 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/08/20 16:36:56 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/20 16:36:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/08/20 16:36:16 | 3016,884,224 | -HS- | M] () -- C:\hiberfil.sys
[2015/08/19 22:09:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/08/19 19:13:40 | 000,165,376 | ---- | M] () -- C:\Users\Kyle\Desktop\SystemLook_x64.exe
[2015/08/19 12:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2015/08/19 12:14:47 | 004,404,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\tdsskiller.exe
[2015/08/19 11:51:09 | 001,791,580 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Kyle\Desktop\JRT.exe
[2015/08/19 11:36:19 | 001,585,664 | ---- | M] () -- C:\Users\Kyle\Desktop\adwcleaner_5.002.exe
[2015/08/16 21:41:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2015/08/14 09:33:22 | 000,778,440 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/08/14 09:33:22 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/08/12 11:53:43 | 004,891,592 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2015/08/12 11:26:50 | 000,000,161 | ---- | M] () -- C:\windows\WININIT.INI
[2015/08/12 11:05:14 | 000,001,279 | ---- | M] () -- C:\Users\Kyle\Desktop\Revo Uninstaller.lnk
[2015/08/12 11:04:50 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Kyle\Desktop\revosetup.exe
[2015/08/10 18:58:30 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/08/10 18:58:30 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/08/10 18:58:30 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/08/04 13:30:21 | 000,246,569 | ---- | M] () -- C:\Users\Kyle\Desktop\Physics Test.jpg
[2015/07/30 12:06:57 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2015/07/30 12:06:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2015/07/30 12:06:42 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2015/07/30 12:06:39 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2015/07/30 12:06:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2015/07/30 12:06:34 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2015/07/30 11:57:08 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2015/07/30 11:57:02 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2015/07/30 10:52:53 | 000,372,736 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2015/07/30 10:49:55 | 000,299,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2015/07/30 07:13:38 | 000,103,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/07/30 07:13:11 | 000,124,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/07/28 14:09:44 | 000,017,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\CompatTelRunner.exe
[2015/07/28 14:05:53 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll
[2015/07/28 14:05:50 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2015/07/28 14:05:47 | 000,437,760 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll
[2015/07/28 14:05:45 | 001,116,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll
[2015/07/28 14:05:44 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2015/07/28 14:05:44 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\acmigration.dll
[2015/07/28 13:55:14 | 001,148,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2015/07/26 23:08:27 | 000,173,372 | ---- | M] () -- C:\Users\Public\Documents\Kyle Sherwin Cover Letter.pdf
[2015/07/26 22:59:02 | 000,188,758 | ---- | M] () -- C:\Users\Public\Documents\Kyle J. Sherwin Resume.pdf

========== Files Created - No Company Name ==========

[2015/08/19 19:13:39 | 000,165,376 | ---- | C] () -- C:\Users\Kyle\Desktop\SystemLook_x64.exe
[2015/08/19 11:36:15 | 001,585,664 | ---- | C] () -- C:\Users\Kyle\Desktop\adwcleaner_5.002.exe
[2015/08/12 11:26:26 | 000,000,161 | ---- | C] () -- C:\windows\WININIT.INI
[2015/08/12 11:05:14 | 000,001,279 | ---- | C] () -- C:\Users\Kyle\Desktop\Revo Uninstaller.lnk
[2015/08/04 13:30:21 | 000,246,569 | ---- | C] () -- C:\Users\Kyle\Desktop\Physics Test.jpg
[2014/06/01 23:11:20 | 000,003,584 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/06 14:58:49 | 000,000,218 | ---- | C] () -- C:\Users\Kyle\AppData\Local\recently-used.xbel
[2011/10/30 23:16:38 | 000,001,456 | ---- | C] () -- C:\Users\Kyle\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/02/25 17:26:47 | 000,000,109 | ---- | C] () -- C:\Users\Kyle\webct_upload_applet.properties
[2011/02/14 16:28:58 | 000,000,036 | ---- | C] () -- C:\Users\Kyle\AppData\Local\housecall.guid.cache

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/07/10 11:51:25 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/07/10 11:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/10/18 11:38:29 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVAST Software
[2015/08/12 11:16:05 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Electronic Arts
[2015/06/14 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Epson
[2012/10/12 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Motorola
[2014/09/27 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Sling Media
[2011/03/27 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Toshiba
[2013/05/27 22:28:20 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Windows Live Writer

< End of report >
kyfeez
Regular Member
 
Posts: 41
Joined: April 16th, 2011, 9:46 pm

Re: Computer might just be done?

Unread postby pgmigg » August 21st, 2015, 1:22 am

Hello kyfeez,

I don't see much more improvement since the initial post. Overall, the computer is still kind of slow. Everything like closing tabs, scrolling down, basically anything takes more time than it should.
I do not expect that each iteration gives relief for your system - my regular question about changes in computer behavior is needed to be sure that I know every change which may occur in you system.

Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\ProgramData\pclunst.exe
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Malwarebytes' Anti-Malware
  1. Please download Malwarebytes' Anti-Malware and save to your desktop.
  2. Right-click on mbam-setup.exe and select "Run as administrator... ", then follow the prompts to install the program.
  3. At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  4. Then click Finish.
  5. You'll see an alert that "Databases out of date" Click the "Update Now" button.
  6. Press the Scan icon on the top bar of the MBAM interface, make sure Threat Scan is selected.
  7. Press the Start Scan button.
  8. When the scan is finished:
  9. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  10. If infections were found, click the Quarantine all button.
  11. Press the View detailed log >> link to display the results log.
  12. Press the Copy to Clipboard button.
  13. Copy and paste the scan results in your next reply and exit MBAM.

Step 3.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2015-05-... file
  4. Contents of the ESETScan.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer might just be done?

Unread postby kyfeez » August 22nd, 2015, 1:51 am

I executed the instructions without much of a problem and don't see changes with the computer

OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\ProgramData\pclunst.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14286 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 371736885 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4028 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 333704 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 355.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08202015_234713

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
kyfeez
Regular Member
 
Posts: 41
Joined: April 16th, 2011, 9:46 pm

Re: Computer might just be done?

Unread postby kyfeez » August 22nd, 2015, 1:52 am

Malware Bytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/21/2015
Scan Time: 12:01 AM
Logfile: Malware bytes.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.21.02
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kyle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389717
Time Elapsed: 48 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.PCCleaners, C:\Users\Kyle\Downloads\app3_Install_eng_v.exe, No Action By User, [d1a5050695f6d5616555fac3f20fd729],

Physical Sectors: 0
(No malicious items detected)


(end)
kyfeez
Regular Member
 
Posts: 41
Joined: April 16th, 2011, 9:46 pm

Re: Computer might just be done?

Unread postby kyfeez » August 22nd, 2015, 1:53 am

Eset

C:\ProgramData\comcastModemRelease\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\All Users\comcastModemRelease\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Kyle\Downloads\app3_Install_eng_v.exe a variant of Win32/PCCleaners.A potentially unwanted application
C:\Users\Kyle\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Kyle\Downloads\LimeWireWin.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\_OTL\MovedFiles\08192015_181820\C_Users\Kyle\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\_OTL\MovedFiles\08202015_234713\C_ProgramData\pclunst.exe a variant of Win32/PCCleaners.A potentially unwanted application
kyfeez
Regular Member
 
Posts: 41
Joined: April 16th, 2011, 9:46 pm

Re: Computer might just be done?

Unread postby pgmigg » August 22nd, 2015, 7:18 am

Hello kyfeez,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 0.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Users\Kyle\Downloads\app3_Install_eng_v.exe
    C:\Users\Kyle\Downloads\LimeWireWin.exe
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Please close it.

Step 1.
A couple of programs you have are out of dates:
  1. Adobe Reader XI - the newest version called Adobe Reader DC.
    Update Adobe Reader
    Your version of Adobe Reader XI is out-of-date. There are serious security issues with older versions of Adobe Reader.
    I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
    Then use the Reader for viewing PDF files - you can use the Acrobat software for your other needs.

    Remove Program(s)
    1. Click on Start, then click the Start Search box on the Start Menu.
    2. Copy and paste the value below into the open text entry box:
      (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
      Code: Select all
       appwiz.cpl 
      and press Enter - the Unistall or change a program list will be opened.
    3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
      Adobe Reader XI
    4. Take extra care in answering questions posed by any Uninstaller.
    5. When the program(s) have been uninstalled, please close Control Panel.

    Download and Install Adobe Reader DC
    1. Please go to downloading page of Adobe Reader DC...Copyright © Adobe Systems Inc.
    2. Please select Windows 7 as your operating system, English as your language, and Reader DC 2015... as a version.
    3. Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
      1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
        Adobe DLM software removal instructions available here, if wanted.
      2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
      3. When the installation is complete, please Close and re-open your Internet browser.

    Adobe Reader DC - recommended (safety) program settings
    When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
    • Javascript - Uncheck Enable Acrobat Javascript.
    • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
    • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.
  2. Mozilla Firefox 39.0 (x86 en-US) - the newest version is 40.0.2
    To update it, please do the following:
    1. Open the browser.
    2. At the Menu Bar please select Help
    3. Then select About Firefox - it will update your self automatically.
    4. Allow updater to restart browser. Then you are done.

Step 2.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 5.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Lets talk a little bit more about defense software.
Right now you have an effective and balanced protection, consisting of three components:
  • Avast Free - antivirus, anti-malware, home network protection (firewall), browser protection, etc.
  • Windows Defender - anti-spyware
  • MBAM - scanner and cleaner when needed
Running - more than one antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.


Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer might just be done?

Unread postby kyfeez » August 22nd, 2015, 11:47 pm

Thank you so much for the help. My computer is faster than when I started. It is still somewhat slow though. I know it is not malware related but do you have any other suggestions as far as that goes? I appreciate all the other help. Thank you.
kyfeez
Regular Member
 
Posts: 41
Joined: April 16th, 2011, 9:46 pm

Re: Computer might just be done?

Unread postby pgmigg » August 23rd, 2015, 11:27 pm

Hello kyfeez,

Thank you so much for the help.
You are very welcome! :)

My computer is faster than when I started. It is still somewhat slow though. I know it is not malware related but do you have any other suggestions as far as that goes?

There are a lot of reasons why the computer may be slower...

Actually, the speed of your computer depends on using of internal resources - CPU time and memory consumption by different processes. There are a lot of processes - part of them are system processes and another part - your working processes. Some of the non-system processes are not needed at all but they are loaded on startup time automatically. Probably the good idea to check such processes to be sure that no one which is not really needed will be not loaded.

Stay save, ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer might just be done?

Unread postby Wingman » August 26th, 2015, 10:31 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware