Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Milky White Screen/ Slow Starting Programs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 22nd, 2013, 10:48 am

At first my computer would hang up on the DOS screen "Press Ctrl-I button to enter config utility" when I started my computer. The cursor would just sit there and blink and I would have to manually shut it down, I would keep doing that until it would finally go to the "Starting Windows" screen. Sometimes I would have to re-start it only once or twice, other times five or six times. But now it's not doing that it goes directly to the "Starting Windows" screen when I start it up.
Once my desktop appears and I click on the IE8 Shortcut the little Microsoft "Donut" appears and sits there and spins and spins. The screen will go to a milky white then a message box will appear telling me my selected program is not responding do I want to continue or cancel the program. I found if I do nothing eventually the MSN homepage will appear. I have the very same problem with my Microsoft Outlook 2003 email program, whatever button I press on the donut appears then the screen goes milky white.
It takes a long time to make a folder, when I click on the button nothing will happen then all of a sudden the new box will appear. The same thing happens when I try to edit a description in eBays "Discription Box" what ever changes I am making will write over what is already there but very slowly making it very difficult to see what I am typing. Right now the curser is lagging about four to five letters behind what I am typing, very aggravating. The same thing will happen while back-spacing also.
When I use gmail the whole "topic" box will advance up the screen as I type to the point that I can't see what I am typing. Right now I am almost to a crawl as I am typing this. The curser will stop as I am typing then jump forward revealing the words that I have typed.
All the programs on my computer act up when I try to start them not just IE8. I also have trouble running YouTube type "how to" videos on some websites.
I hope this is enough info for you. Now as I am typing this the cursor is acting normal. (?)

Regards,

Jack



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660
Run by Benny at 14:22:39 on 2013-08-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1159 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICUA.EXE
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\explorer.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
uRun: [NETGEARGenie] "c:\program files\netgear genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [EPSON Stylus Photo R1900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticua.exe /fu "c:\windows\temp\E_S2DF8.tmp" /EF "HKCU"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B7E0A25E-29FC-4F75-B750-BA0CAC543E17} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 39224]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-9-25 195400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2013-2-11 520576]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-6-27 11680]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-6-27 69024]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-6-27 13728]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2013-7-25 1432080]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2012-6-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-6-6 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 Spyder4;Datacolor Spyder4;c:\windows\system32\drivers\dccmtr.sys [2011-7-12 12288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-19 1343400]
S4 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\samsung\pc auto backup\WiselinkPro.exe [2012-1-18 7262263]
.
=============== File Associations ===============
.
ShellExec: PortraitProfessional.exe: open="c:\program files\portrait professional studio 10\PortraitProfessionalStudio.exe" /P "%1"
.
=============== Created Last 30 ================
.
2013-08-14 20:41:33 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 20:41:23 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 20:41:23 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 20:41:23 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 20:41:23 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 20:41:12 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 20:41:11 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 20:41:11 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 20:41:08 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 20:41:05 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 20:41:01 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 20:41:00 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 21:08:42 -------- d-----w- c:\users\benny\appdata\local\join.me
.
==================== Find3M ====================
.
2013-08-06 19:43:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-06 19:43:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-20 05:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 05:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 14:22:57.82 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2012 4:01:57 PM
System Uptime: 8/21/2013 10:01:33 AM (4 hours ago)
.
Motherboard: Dell Inc. | | 0U7084
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS6
Adobe Photoshop Lightroom 4.4
Adobe Reader X (10.1.7)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archive Creator V3.5
AVG 2013
Bonjour
ColorChecker Passport 1.0.2
Creative ALchemy
Creative Audio Console
Creative MediaSource 5
Creative Movie Maker 1.0.6.0
Creative Software AutoUpdate
Creative WaveStudio 7
Epson Print CD
EPSON Printer Software
ICC Profiles
ieSpell
Image Magic
iSEEK AnswerWorks English Runtime
iTunes
join.me
Microsoft .NET Framework 4 Client Profile
Microsoft Office Basic Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Genie
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenAL
OverDrive Media Console
PC Auto Backup
PDF Settings CS6
PocketWizard Utility
Portrait Professional Studio 10.8
Power Vision Log Tuner
Power Vision Software
Quicken 2013
QuickTime
Recuva
SAMSUNG Intelli-studio
SAMSUNG Map Download Manager 1.0.0.5
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SEKONIC Data Transfer Software 3.0
SEKONIC Lightmeter L-758Series (Driver Removal)
Spyder4Pro
Topaz Detail 2
Update EPSON Stylus Photo R1900 icc profile Matte
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Wacom Tablet
WebTablet FB Plugin 32 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm
Advertisement
Register to Remove

Re: Milky White Screen/ Slow Starting Programs

Unread postby nunped » August 22nd, 2013, 6:35 pm

Hello Greyhound, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Milky White Screen/ Slow Starting Programs

Unread postby nunped » August 22nd, 2013, 7:12 pm

Hi Greyhound,

Step 1 - Junkware Removal Tool Image
  • Please download jrt.exe by thisisu and save it to your desktop. Alternate download here.
  • Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
  • Right-click jrt.exe and select "Run as Administrator"
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt and post in your next reply.

Step 2 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 3 - GMER Rootkit Scanner
Please download GMER Rootkit Scanner from Here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 23rd, 2013, 11:31 am

Thank you nunped for helping. Her is the JRT.txt.

Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Benny on Fri 08/23/2013 at 10:59:45.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3293216
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0A2E3C7D-3994-4A0C-B3A8-BBD4C0B6F931}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Benny\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Benny\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Benny\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/23/2013 at 11:02:22.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 23rd, 2013, 11:34 am

OTL.txt and Extras.txt.

OTL logfile created on: 8/23/2013 11:10:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benny\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.85% Memory free
4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.69 Gb Total Space | 93.80 Gb Free Space | 68.12% Space Free | Partition Type: NTFS

Computer Name: BENNY-PC | User Name: Benny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 11:05:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benny\Desktop\OTL.exe
PRC - [2013/07/25 13:40:02 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe
PRC - [2013/01/18 10:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/18 10:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/29 09:14:14 | 007,183,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2012/10/29 09:14:14 | 004,053,888 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
PRC - [2012/10/29 09:14:14 | 001,632,128 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2012/10/29 09:14:14 | 000,520,576 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
PRC - [2012/10/16 09:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/10/08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2012/09/25 02:06:14 | 000,195,400 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
PRC - [2012/09/25 02:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/04/10 06:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICUA.EXE
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2012/10/29 09:14:16 | 000,963,456 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2012/10/16 21:41:00 | 003,775,488 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/10/16 09:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/10/11 20:57:28 | 008,295,424 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/10/11 20:57:28 | 001,553,408 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2012/10/11 20:57:28 | 001,188,352 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/10/11 20:57:28 | 001,132,032 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/10/11 20:57:28 | 001,062,400 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/10/11 20:57:28 | 000,920,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2012/10/11 20:57:28 | 000,702,464 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2012/10/11 20:57:28 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/10/11 20:57:28 | 000,504,832 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/10/11 20:57:28 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/10/11 20:57:28 | 000,478,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dll
MOD - [2012/10/11 20:57:28 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/10/11 20:57:28 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/10/11 20:57:28 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/10/11 20:57:28 | 000,150,528 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/10/11 20:57:28 | 000,138,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/10/11 20:57:28 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/10/11 20:57:28 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/10/11 20:57:28 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dll
MOD - [2012/10/11 20:57:28 | 000,083,968 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/10/11 20:57:28 | 000,082,432 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/10/11 20:57:28 | 000,076,288 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/09/25 02:06:14 | 001,233,389 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2012/09/25 02:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2012/05/11 02:24:16 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/05/11 02:24:16 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/05/11 02:24:16 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/05/11 02:24:16 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/05/11 02:24:16 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/05/11 02:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/05/11 02:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/05/09 22:34:06 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/05/09 22:34:06 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dll


========== Services (SafeList) ==========

SRV - [2013/08/06 15:43:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 13:40:02 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/29 09:14:14 | 000,520,576 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV - [2012/09/25 02:06:14 | 000,195,400 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe -- (NETGEARGenieDaemon)
SRV - [2012/07/19 20:14:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/06 19:12:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/06/06 18:57:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/18 12:58:40 | 007,262,263 | ---- | M] (Samsung) [Disabled | Stopped] -- C:\Program Files\SAMSUNG\PC Auto Backup\WiselinkPro.exe -- (WiselinkPro)
SRV - [2011/11/14 05:16:38 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Benny\AppData\Local\Temp\7zS7A44\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/01/09 13:32:39 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/10/12 10:54:52 | 000,013,728 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2012/10/12 10:20:38 | 000,069,024 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2012/10/12 10:20:38 | 000,011,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/06/02 15:56:38 | 000,012,288 | ---- | M] (Datacolor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dccmtr.sys -- (Spyder4)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0A2E3C7D-3994-4A0C-B3A8-BBD4C0B6F931}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 DB A2 97 1F 44 CD 01 [binary data]
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)



O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001..\Run: [EPSON Stylus Photo R1900 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICUA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..Trusted Domains: google.com ([b.mail] https in Trusted sites)
O15 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7E0A25E-29FC-4F75-B750-BA0CAC543E17}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d1621f42-c170-11e1-b569-0011118993f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d1621f42-c170-11e1-b569-0011118993f4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 11:05:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benny\Desktop\OTL.exe
[2013/08/23 10:59:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/23 10:48:44 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Benny\Desktop\JRT.exe
[2013/08/21 14:18:06 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Benny\Desktop\dds.scr
[2013/08/14 22:30:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/14 22:30:44 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/14 22:30:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/08/14 22:30:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/14 22:30:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/14 22:30:41 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/14 22:30:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/08/14 22:30:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/14 22:30:41 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/08/14 22:30:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/08/14 16:41:12 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 16:41:11 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 16:41:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 16:41:00 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/30 15:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/25 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Local\join.me

========== Files - Modified Within 30 Days ==========

[2013/08/23 11:06:46 | 000,377,856 | ---- | M] () -- C:\Users\Benny\Desktop\946bhmf4.exe
[2013/08/23 11:05:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benny\Desktop\OTL.exe
[2013/08/23 10:48:49 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Benny\Desktop\JRT.exe
[2013/08/23 10:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/23 10:22:34 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 10:22:34 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 10:17:55 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/23 10:17:55 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/23 10:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 10:11:59 | 1609,162,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/22 22:50:48 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/08/22 22:50:48 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/08/22 22:50:48 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/08/22 22:50:48 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/08/22 22:50:48 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/08/21 14:18:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Benny\Desktop\dds.scr
[2013/08/18 21:43:38 | 022,282,240 | ---- | M] () -- C:\Users\Benny\QDATA1_20050923.QDF
[2013/08/18 19:39:40 | 001,489,664 | ---- | M] () -- C:\Users\Benny\QDATA1_20050923OFXLOG.DAT
[2013/08/06 15:43:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/06 15:43:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/30 15:41:56 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/25 23:13:37 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/25 23:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/25 23:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/25 23:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/25 23:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/25 23:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/25 23:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/25 23:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/25 22:49:14 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/25 21:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/25 17:08:43 | 000,001,062 | ---- | M] () -- C:\Users\Benny\Desktop\join.me.lnk
[2013/07/25 04:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

========== Files Created - No Company Name ==========

[2013/08/23 11:06:40 | 000,377,856 | ---- | C] () -- C:\Users\Benny\Desktop\946bhmf4.exe
[2013/07/25 17:08:43 | 000,001,062 | ---- | C] () -- C:\Users\Benny\Desktop\join.me.lnk
[2013/07/25 17:08:43 | 000,001,062 | ---- | C] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2013/01/23 18:23:08 | 000,026,900 | ---- | C] () -- C:\Users\Benny\AppData\Local\dt.dat
[2012/10/13 16:29:06 | 000,001,456 | ---- | C] () -- C:\Users\Benny\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/06/29 18:22:18 | 000,004,608 | ---- | C] () -- C:\Users\Benny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/18 16:02:17 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/06/18 16:02:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/06/18 16:02:17 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/06/18 16:02:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/06/18 16:02:17 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/06/18 16:02:17 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/06/18 16:02:17 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/06/18 16:02:17 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/06/18 16:02:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/06/18 16:02:17 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/06/18 16:02:17 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/06/18 16:02:17 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/06/18 16:02:17 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/06/18 16:02:17 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/06/18 16:02:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/06/18 16:02:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/06/07 21:43:04 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/06/06 18:57:27 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012/06/06 18:57:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012/06/06 17:52:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/16 11:58:12 | 000,513,312 | ---- | C] () -- C:\Users\Benny\Alpaca ValleyOFXOLD.DAT
[2009/05/16 11:58:12 | 000,334,032 | ---- | C] () -- C:\Users\Benny\Alpaca ValleyOFXLOG.DAT
[2009/04/22 20:40:35 | 001,489,664 | ---- | C] () -- C:\Users\Benny\QDATA1_20050923OFXLOG.DAT
[2009/04/22 20:40:35 | 000,515,200 | ---- | C] () -- C:\Users\Benny\QDATA1_20050923OFXOLD.DAT
[2008/10/05 17:29:39 | 000,000,697 | ---- | C] () -- C:\Users\Benny\PCTuneUp.config
[2008/09/17 16:19:50 | 000,000,493 | ---- | C] () -- C:\Users\Benny\Application Data.xmp
[2007/12/10 20:17:46 | 000,000,000 | ---- | C] () -- C:\Users\Benny\netstat-na
[2007/12/08 13:06:58 | 000,000,210 | ---- | C] () -- C:\Users\Benny\5023.lps
[2007/03/03 00:28:45 | 000,000,000 | ---- | C] () -- C:\Users\Benny\ini.tpl
[2007/01/14 13:37:37 | 000,000,000 | ---- | C] () -- C:\Users\Benny\Alpaca Valley.NPC
[2006/12/24 23:08:06 | 002,719,744 | ---- | C] () -- C:\Users\Benny\Alpaca Valley.QDF
[2006/12/24 20:02:18 | 000,001,480 | ---- | C] () -- C:\Users\Benny\Alpaca Valley Suris.IDX
[2006/12/24 19:44:15 | 000,015,360 | ---- | C] () -- C:\Users\Benny\Alpaca Valley Suris.QEL
[2006/12/24 19:44:15 | 000,000,032 | ---- | C] () -- C:\Users\Benny\Alpaca Valley Suris.QPH
[2006/11/11 22:37:40 | 000,000,000 | ---- | C] () -- C:\Users\Benny\qhpplupu.tpl
[2005/10/25 21:16:22 | 000,000,000 | ---- | C] () -- C:\Users\Benny\QDATA1_20050923.NPC
[2005/10/25 21:16:21 | 022,282,240 | ---- | C] () -- C:\Users\Benny\QDATA1_20050923.QDF

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


OTL Extras logfile created on: 8/23/2013 11:11:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benny\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.85% Memory free
4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.69 Gb Total Space | 93.80 Gb Free Space | 68.12% Space Free | Partition Type: NTFS

Computer Name: BENNY-PC | User Name: Benny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035F962C-0A83-453E-8A2D-309F91ECFE33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33A23C2C-3F5E-4ACD-974C-7A4F626729C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4DABA978-3638-462F-BF7A-63441E2BC3B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5309D875-643F-4357-8AD8-8FE213C9BDF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5849A9DA-408B-4CD2-A211-60F19EF67033}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5A23352F-CDD5-43F4-8B88-FB5FE519FA0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65EECB25-4AE9-4E8F-9935-B237A5FD7BBB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{666545AB-0B76-4AD8-8039-97053D8DA92F}" = lport=137 | protocol=17 | dir=in | app=system |
"{94F557BE-351C-4EFA-9AB7-724DE4025B38}" = rport=138 | protocol=17 | dir=out | app=system |
"{97BEC2AE-7C65-475D-8DAA-A1BFDCBF376A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BDBCF0C-2485-40BD-8F06-DBFC7F71425C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EDE216C-1608-4E72-8343-4A78E7EC8961}" = lport=139 | protocol=6 | dir=in | app=system |
"{A37886E6-C69A-463B-8915-B24F2CD9163A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6E0DDFC-3F38-42B6-A912-84D1585C6A10}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7EE952E-5D60-45D0-9D8A-0B9CB9D01D54}" = lport=445 | protocol=6 | dir=in | app=system |
"{C626C209-D872-4DDF-92F1-5B467096D073}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF86FAEA-10D4-429E-9FB7-6E40145CF0DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2D18A5C-3EA7-4F7D-8113-33046787920D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA7A83F2-DFE4-4167-AD9E-B13B586CA46A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDAAE274-C7CC-49F0-B8E9-A3055FDB1DE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DECF2D01-5A5C-416F-980B-EFABF2C56F0D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E034A321-8D18-4143-8197-697348935039}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD34B640-41DA-4E0A-BAA1-4F9B333A3D6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E9337C-CB43-4E99-931C-B12D6970F1B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{0D5D6528-11E6-425C-B9A2-4700F6F2AC9F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{0E434E9B-6357-40F1-8EED-E5D8DF51381A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{118EDF83-14B0-45A1-BABA-27183346D4FF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{150B1A6A-491E-4DE4-8CEA-4C59778F0C7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16E74C21-39AA-47F6-8711-E73D45483BDE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{29EB1276-06F7-4F9E-9194-EC80D2582230}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32EB3107-66AA-46FF-BBDA-E75C4CF685EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{338D171C-0A9D-4985-9084-89192AE66141}" = protocol=6 | dir=out | app=system |
"{3B694FD8-18D7-41FE-BF73-03DECA754160}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EA5A7A1-E15C-49CD-8AA0-1C722A1B0AC9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{49A61FA6-2AB9-47DF-B399-5D77EA22394B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{616F84CA-665C-4A9B-9E11-691AA9B2F31E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F1BAF1C-3AD9-42D4-BC02-4849AF474D6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{710FE1DF-A8B2-490D-B40A-595E03F3C6F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7918A672-E3E7-41C6-B284-5C39B1666534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A1C7094-C0DB-4011-BA48-6F10476D9A1B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9A12A9C1-860B-4027-93DF-4E0D6A364DAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA8F0A9C-168B-457B-B1D0-B9F95DE42A89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AD15FAD6-2421-476C-9879-4C6FBFCA1281}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{BD345BDD-6A7F-4615-8DE2-24519074F0F7}" = protocol=6 | dir=in | app=c:\users\benny\appdata\local\temp\7zs7a44\hppiw.exe |
"{C669B8B4-FADE-4A4A-81F6-A8D25B4B2E6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8E1ADEC-86A7-40D9-928B-0C5BA0B823A2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D1652E7A-965D-4D6E-B291-161F696AAC62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0BF2110-FE67-453B-8CA5-1C37D2DF88D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E918D4CC-3154-47F9-BA44-2DD1D8C0682A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBBBEB26-C83E-461B-8B0D-9DFB0A1098D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F853CB49-903F-4A6A-8E74-39F1C4E3F771}" = protocol=17 | dir=in | app=c:\users\benny\appdata\local\temp\7zs7a44\hppiw.exe |
"{FA329B61-F68B-42E9-834B-D39BDCBEA0E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD48284B-B844-467C-9E79-77918C78910C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FEB4F6FD-21D4-4B0F-86E7-0F2B0ADAC73E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FFC7F48E-7FC2-4B85-A78C-BDEC14CBAB6A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"TCP Query User{075BECE6-4A85-4D91-A928-80CADBB89D79}C:\program files\microsoft office\office11\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office11\outlook.exe |
"TCP Query User{4C885013-16AF-4A91-86E2-5CDCAA867D58}C:\program files\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files\netgear genie\bin\netgeargenie.exe |
"TCP Query User{D0C41DE9-6D6A-41F6-ABEE-C829CA185610}C:\program files\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files\netgear genie\bin\netgeargenie.exe |
"UDP Query User{1636EE29-68C5-498F-9735-09975DB3C98B}C:\program files\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files\netgear genie\bin\netgeargenie.exe |
"UDP Query User{5D844F88-C817-4CD7-A672-B15B82BAB6AB}C:\program files\microsoft office\office11\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office11\outlook.exe |
"UDP Query User{9D028A4D-FAF4-4859-8FEC-EF543C0C7BCA}C:\program files\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files\netgear genie\bin\netgeargenie.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F30944E-EA6F-483E-A985-63C462991135}" = Archive Creator V3.5
"{15F2F81B-B5AE-44D7-A050-7E4CEB810817}" = Update EPSON Stylus Photo R1900 icc profile Matte
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup
"{6B5298BF-E2AD-495B-AF7F-DDA046F50027}" = SEKONIC Data Transfer Software 3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Profiles
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8D5132A-0E69-4EDC-B4CB-8C13E0B75865}" = PocketWizard Utility
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1E60806-3F15-4057-BB55-698FAF71E811}" = Power Vision Log Tuner
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5F3B90B-B1E0-4661-8D41-59159D94F460}" = Power Vision Software
"{FA6F726E-AA8D-492A-B18A-A5945C337FCE}" = Adobe Photoshop Lightroom 4.4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Console
"AVG" = AVG 2013
"ColorChecker Passport_is1" = ColorChecker Passport 1.0.2
"Creative Movie Maker" = Creative Movie Maker 1.0.6.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EPSON Printer and Utilities" = EPSON Printer Software
"ieSpell" = ieSpell
"InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup
"Intelli-studio" = SAMSUNG Intelli-studio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NETGEAR Genie" = NETGEAR Genie
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PortraitProfessionalStudio10_is1" = Portrait Professional Studio 10.8
"Recuva" = Recuva
"SAMSUNG Map Download Manager" = SAMSUNG Map Download Manager 1.0.0.5
"SearchProtect" = Search Protect by conduit
"SK__COMM&0A41&7001" = SEKONIC Lightmeter L-758Series (Driver Removal)
"Spyder4Pro" = Spyder4Pro
"Topaz Detail 2" = Topaz Detail 2
"Tweaks Image Magic" = Image Magic
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WaveStudio 7" = Creative WaveStudio 7
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 8/23/2013 11:15:53 AM | Computer Name = Benny-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WSearch service.

Error - 8/23/2013 11:16:14 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:16:41 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:17:06 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:17:11 AM | Computer Name = Benny-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WSearch service.

Error - 8/23/2013 11:17:32 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:17:58 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:18:22 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:18:47 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 8/23/2013 11:19:10 AM | Computer Name = Benny-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.


< End of report >
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby nunped » August 23rd, 2013, 5:27 pm

Hi Greyhound,

Can you post the log from GMER?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 24th, 2013, 6:42 pm

nunped I will as soon as it stops running. How long should this program take, it's been running for about 30 hours now. It's on Software\Microsoft\Windows\Current\Version\Shell Folders.

Jack
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby nunped » August 24th, 2013, 6:51 pm

Hi Greyhound,

It's not supposed to take that long...
Stop it and let's try a different one:

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 24th, 2013, 7:20 pm

It just finished, hope this is what you need if not let me know.

MER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-24 19:16:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. 137.84GB
Running: 946bhmf4.exe; Driver: C:\Users\Benny\AppData\Local\Temp\fgloqpog.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8FF995D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8FF99700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8FF99010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8FF99300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8FF993E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8FF99120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8FF99210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8FF994D0]

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@ScheduledInstallDate 2013-08-24 07:00:00
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog@CurrentStreamLog 398

---- EOF - GMER 2.1 ----
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 24th, 2013, 7:59 pm

nunped I ran the KDSSKiller scan and nothing was found.
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby nunped » August 25th, 2013, 1:07 pm

Hi Greyhound,

Good job :)

You have AVG disabled. Please enable it unless I instruct you otherwise.

Uninstall Program
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    Search Protect by Conduit
  • Select the program and click on Uninstall to uninstall it.
  • Reboot your computer after this.

SystemLook
Please download SystemLook from the link below and save it to your Desktop.
For 32 bit Systems
  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    *searchprotect*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    *searchprotect*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    conduit
    searchprotect
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please, give me an update of your computer's performance.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 26th, 2013, 11:45 am

SystemLook 04.09.10 by jpshortstuff
Log created at 11:15 on 26/08/2013 by Benny
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Users\Benny\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [14:59 23/08/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*trolltech*"
No files found.

Searching for "*conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [17:44 20/01/2012] [17:44 20/01/2012] 976934130CD5C5DBD2DC977B298DF525
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [18:33 20/01/2012] [18:33 20/01/2012] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\Benny\AppData\Roaming\Adobe\Lightroom\Modules\Perfect Effects 4.lrplugin\ONLRConduitService.lua --a---- 60550 bytes [22:43 30/01/2013] [19:45 16/11/2012] 5CA6065912BC6DAFD37D8C59F3D37A7B
C:\Users\Benny\AppData\Roaming\Adobe\Lightroom\Modules\Perfect Effects 4.lrplugin\ONLRConduitUtils.lua --a---- 58587 bytes [22:43 30/01/2013] [19:45 16/11/2012] 5F76BF7DD265883EA53476C8BD2D1D64
C:\Users\UpdatusUser\AppData\Roaming\Adobe\Lightroom\Modules\Perfect Effects 4.lrplugin\ONLRConduitService.lua --a---- 60550 bytes [22:43 30/01/2013] [19:45 16/11/2012] 5CA6065912BC6DAFD37D8C59F3D37A7B
C:\Users\UpdatusUser\AppData\Roaming\Adobe\Lightroom\Modules\Perfect Effects 4.lrplugin\ONLRConduitUtils.lua --a---- 58587 bytes [22:43 30/01/2013] [19:45 16/11/2012] 5F76BF7DD265883EA53476C8BD2D1D64

Searching for "*searchprotect*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*conduit*"
No folders found.

Searching for "*searchprotect*"
C:\SearchProtect d------ [22:53 20/05/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"F3D40CFE251A7E745871EEF02610FAFE"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"F3D40CFE251A7E745871EEF02610FAFE"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"

Searching for "searchprotect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
"command"="C:\Program Files\SearchProtect\bin\cltmng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
"item"="SearchProtectAll"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

-= EOF =-

numped it still takes about 2 to 3 min. for a program to start after I have clicked on the "shortcut". Same with email, when I click on a new email it takes a while for it to open. I always get the "not responding" message but the email will open. When I deleted "Conduit" I did get the message that it "an error might have occurred while trying to uninstall Search Protect by conduit. It might have already been uninstalled. Would you like to remove Search Protect by Conduit from the Program Features List, Yes or No". Of course I said yes so it is gone from the programs list. Once the programs open everything seems to run ok it just take awhile for them to open.

Regards,
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby nunped » August 26th, 2013, 3:35 pm

Hi Greyhound,

Let's try to clean what the scans show.

Step 1 - Fix with OTL
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0A2E3C7D-3994-4A0C-B3A8-BBD4C0B6F931}
IE - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O15 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..Trusted Domains: google.com ([b.mail] https in Trusted sites)
O15 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-978283739-3063703639-3213916884-1001\..Trusted Domains: google.com ([www] https in Trusted sites)
O33 - MountPoints2\{d1621f42-c170-11e1-b569-0011118993f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d1621f42-c170-11e1-b569-0011118993f4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

:reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-

:files
C:\SearchProtect
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 26th, 2013, 4:36 pm

numped her is the scan from OTL. It did reboot my computer and now when I clicked on the IE8 shortcut the web fired right up just like it should and I didn't have to wait on the email link either, things are looking up. I will post the ESET scan as soon as I run it.

ll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Registry key HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\b.mail\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\mail\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1621f42-c170-11e1-b569-0011118993f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1621f42-c170-11e1-b569-0011118993f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1621f42-c170-11e1-b569-0011118993f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1621f42-c170-11e1-b569-0011118993f4}\ not found.
File J:\LaunchU3.exe -a not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-978283739-3063703639-3213916884-1001\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
========== FILES ==========
C:\SearchProtect\ffprotect folder moved successfully.
C:\SearchProtect folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Benny\Desktop\cmd.bat deleted successfully.
C:\Users\Benny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benny
->Temp folder emptied: 1404496276 bytes
->Temporary Internet Files folder emptied: 232356047 bytes
->Flash cache emptied: 7173 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 479882857 bytes
RecycleBin emptied: 187114164 bytes

Total Files Cleaned = 2,197.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08262013_161700

Files\Folders moved on Reboot...
C:\Users\Benny\AppData\Local\Temp\7zS7A44\HPSLPSVC32.DLL moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Milky White Screen/ Slow Starting Programs

Unread postby Greyhound » August 26th, 2013, 6:04 pm

numped I ran the ESET online scanner, no threats were found.

Jack
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware