Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows 7 runs very slow and fails update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows 7 runs very slow and fails update

Unread postby ottersea » November 4th, 2014, 12:38 pm

Do not know if this can be addressed here or not. About a month ago my Gforce video care died. So bought a new on to go in the PCIe slot instead of the regular PCI slot. Anyway while it do work to an extend it would lock up windows. So took it out and uninstalled the drivers. Since that time windows has been running very slow and now today when I tried to install some windows update some of them failed to install. Also when I rebooted I got the message "Failure configuring windows update, reverting changes". I assume this is because some of the updates failed to install. What can I do to clean this up other then reinstalling windows 7 Thanks.

DDS File:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.51.2
Run by admin at 10:26:49 on 2014-11-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.760 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Pwrchute\ups.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Windows\system\HsMgr.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_0_0
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [PowerPanel Personal Edition User Interaction] c:\program files\cyberpower powerpanel personal edition\pppeuser.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Brdefprn] c:\program files\brother\brhl3070\Brdefprn.exe -d
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
TCP: NameServer = 192.168.0.1 205.171.3.66
TCP: Interfaces\{33515D04-C487-4948-88A3-747F31F757B8} : DHCPNameServer = 192.168.0.1 205.171.3.66
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\xnpoh7le.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.irmysearch.aflt - dnldstr_14_14_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 984936944
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0DtGyByDtCtAtGtCtCtC0BtGtC0ByCyE0CyEyE0FyEtCyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtCyB0E0D0DtBtGtCzyyCtDtGyB0DzzyEtGtCyE0BtAtGyB0CyCzztA0CyBtDtAtCyByC2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dn ... 936944&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dn ... 936944&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dn ... 944&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0030673EA2CF145F
FF - user.js: extensions.mysearchdial.instlDay - 16161
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.011:26:28
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldstr_14_14_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 984936944
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0DtGyByDtCtAtGtCtCtC0BtGtC0ByCyE0CyEyE0FyEtCyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtCyB0E0D0DtBtGtCzyyCtDtGyB0DzzyEtGtCyE0BtAtGyB0CyCzztA0CyBtDtAtCyByC2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-19 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-19 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-31 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-31 414520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-6 209408]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-3 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-31 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-3 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-10-3 50344]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2014-1-8 108032]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-31 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-31 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-2-27 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-2-27 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-2-27 168384]
R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2014-2-7 1760256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-31 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\sctdriverv1011.sys [2011-12-12 202800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2013-2-11 32896]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-12 108032]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-10-19 32928]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-4-1 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-31 1343400]
.
=============== Created Last 30 ================
.
2014-11-02 20:09:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2014-11-02 20:09:50 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2014-11-02 20:09:50 -------- d-----w- c:\windows\system32\Lang
2014-11-02 19:59:27 1002008 ----a-w- c:\windows\system32\igxpun.exe
2014-11-02 19:40:40 -------- d-----w- c:\program files\Microsoft ASP.NET
2014-10-31 16:58:18 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9c39e8f8-65c3-4478-a50c-e838bae280ba}\mpengine.dll
2014-10-20 16:55:55 -------- d-----w- c:\program files\coolpro2
2014-10-20 04:04:19 -------- d-----w- c:\users\admin\appdata\local\ATI
2014-10-20 04:02:46 0 ----a-w- c:\windows\ativpsrm.bin
2014-10-20 03:59:23 -------- d-----w- c:\programdata\AMD
2014-10-20 03:56:43 -------- d-----w- c:\program files\AMD
2014-10-20 03:56:35 995342 ----a-w- c:\windows\system32\amdocl_as32.exe
2014-10-20 03:56:35 83968 ----a-w- c:\windows\system32\OpenVideo.dll
2014-10-20 03:56:35 798734 ----a-w- c:\windows\system32\amdocl_ld32.exe
2014-10-20 03:56:35 57344 ----a-w- c:\windows\system32\OpenCL.dll
2014-10-20 03:56:35 24860160 ----a-w- c:\windows\system32\amdocl.dll
2014-10-20 03:56:35 200704 ----a-w- c:\windows\system32\clinfo.exe
2014-10-20 03:56:35 114688 ----a-w- c:\windows\system32\coinst_13.251.dll
2014-10-20 03:56:34 73728 ----a-w- c:\windows\system32\OVDecode.dll
2014-10-20 03:56:00 -------- d-----w- c:\program files\common files\ATI Technologies
2014-10-20 03:54:32 -------- d-----w- c:\programdata\Package Cache
2014-10-19 22:17:01 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-10-19 22:16:21 32928 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-10-19 22:16:21 32416 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-10-19 22:14:47 -------- d-----w- C:\NVIDIA
2014-10-11 21:13:45 -------- d-----w- c:\windows\Downloaded Installations
2014-10-08 00:03:35 -------- d-----w- C:\rei
2014-10-07 23:57:10 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2014-10-07 23:57:10 450560 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2014-10-07 23:57:10 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2014-10-07 23:57:10 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2014-10-07 23:57:10 270336 ----a-w- c:\windows\system32\NCTAudioDisplay2.dll
2014-10-07 23:57:10 237568 ----a-w- c:\windows\system32\lame_enc.dll
2014-10-07 23:57:10 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2014-10-07 23:57:10 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2014-10-07 23:57:10 1040384 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2014-10-07 23:57:09 4057200 ----a-w- c:\windows\system32\wmfdist.exe
2014-10-07 23:57:09 -------- d-----w- c:\program files\FreeCDRipper
2014-10-07 19:29:22 -------- d-----w- c:\users\admin\appdata\roaming\AVAST Software
.
==================== Find3M ====================
.
2014-11-03 16:42:10 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-10-28 11:35:00 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-18 23:12:40 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-18 23:12:40 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-03 14:45:01 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-03 14:45:01 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-03 14:45:01 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-03 14:45:01 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-03 14:45:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-03 14:45:01 43152 ----a-w- c:\windows\avastSS.scr
2014-10-03 14:45:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-03 14:45:01 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-13 21:17:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2014-09-13 21:17:43 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-05 01:52:10 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 01:47:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 10:28:47.78 ===============


Attach File:
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume4
Install Date: 1/31/2013 1:15:42 PM
System Uptime: 11/4/2014 9:37:59 AM (1 hours ago)
.
Motherboard: BIOSTAR Group | | G31-M7 TE
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2615/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 65.729 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 49.428 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 492.653 GiB free.
F: is FIXED (NTFS) - 56 GiB total, 30.529 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: AnvSoft Virtual Sound Device
Device ID: ROOT\MEDIA\0000
Manufacturer: AnvSoft Inc.
Name: AnvSoft Virtual Sound Device
PNP Device ID: ROOT\MEDIA\0000
Service: anvsnddrv
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
ABBYY FineReader 4.0 Sprint
Adobe Acrobat 4.0, 5.0
Adobe Acrobat 7.0 Professional - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader XI (11.0.09)
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AMD Catalyst Install Manager
AMD Wireless Display v3.0
AnswerWorks 5.0 English Runtime
Any Video Recorder version 1.0.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Xonar DG Audio Driver
AutoUpdate
avast! Free Antivirus
Binreader
Brother HL-3070CW
calibre
Catalyst Control Center InstallProxy
Common
Content Transfer
Contents
Cool Edit Pro 2.0
Corel VideoStudio Essentials X4
CyberPower PowerPanel Personal Edition 1.3.3
Data Lifeguard Diagnostic for Windows 1.24
Detroit Iron Information Systems
DeviceIO
DiskCheckup v3.2
DivX
Driver Support
DriverUpdate
DVD Identifier
Easycalculationnew
eCalc Calculator
Extended Update
Free CD Ripper 3.1
Freemake Video Converter version 4.1.4
GIMP 2.8.4
Google Earth
Google Update Helper
HandBrake 0.9.8
ICA
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet Explorer Toolbar 4.7 by SweetPacks
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 13
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MediaFACE
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft ASP.NET MVC 4 Runtime
Microsoft Calculator Plus
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Mozilla Firefox 33.0.2 (x86 en-US)
Mozilla Maintenance Service
Mp4 to Mpeg Converter 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDVD-VR Recorder
NWZ-E350 WALKMAN Guide
OpenAL
OpenOffice.org 3.4.1
Password Safe
PC Wizard 2013.2.12
PowerChute plus 5.2
PureHD
Quicken 2008
QuickTime 7
Replay Video Capture 6
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
ScanWizard 5
SCT Device Updater
SCTDriversV1011x86
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Setup
Share
SightSpeed (remove only)
Sonic MyDVD-VR
Spybot - Search & Destroy
Suite Specific
System Requirements Lab Detection
ViewSonic Monitor Drivers
VIO
Visioneer PaperPort Viewer 5.0
VLC media player 2.0.5
VSClassic
VSPro
Windows 7 Codec Pack 4.0.7
Windows Media Encoder 9 Series
WinPatrol
Xingtone Ringtone Maker
Yahoo Browser Settings
.
==== Event Viewer Messages From Past Week ========
.
11/4/2014 9:38:55 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
11/4/2014 9:38:37 AM, Error: Service Control Manager [7000] - The ASPI32 service failed to start due to the following error: The system cannot find the file specified.
11/4/2014 9:38:05 AM, Error: Application Popup [876] - Driver DLACDBHM.SYS has been blocked from loading.
11/4/2014 9:30:16 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The request could not be performed because of an I/O device error.
11/3/2014 8:53:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
11/3/2014 8:52:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
11/3/2014 8:52:44 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\clay\AppData\Local\Microsoft\Windows\UsrClass.dat'.
11/3/2014 8:52:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
11/3/2014 8:51:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
11/3/2014 8:21:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Windows 7 (KB2984972).
11/3/2014 8:21:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2968294).
11/3/2014 8:21:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2987107).
11/3/2014 8:21:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Update for Windows 7 (KB2952664).
11/3/2014 8:21:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Windows 7 (KB3000061).
11/3/2014 8:21:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Windows 7 (KB2977292).
11/3/2014 8:21:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2979570).
11/3/2014 8:21:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100).
11/3/2014 7:58:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Update for Windows 7 (KB3000988).
11/3/2014 7:56:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045d: Security Update for Windows 7 (KB3000869).
11/3/2014 7:41:49 AM, Error: Service Control Manager [7023] -
11/3/2014 5:58:59 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
11/3/2014 11:18:39 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
11/3/2014 10:30:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
11/3/2014 10:29:44 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
11/3/2014 10:18:49 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {7D1933CB-86F6-4A98-8628-01BE94C9A575} and APPID {F290BFB2-1864-45B1-8804-2654194A87E7} to the user ottersea\clay SID (S-1-5-21-3128821885-2795174726-813518338-1007) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/2/2014 8:12:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
11/2/2014 2:33:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
11/2/2014 2:33:37 PM, Error: Service Control Manager [7000] - The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/2/2014 2:03:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Windows 7 (KB3000061).
11/2/2014 2:00:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2979570).
11/2/2014 11:55:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/2/2014 1:50:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100).
11/2/2014 1:49:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Windows 7 (KB2977292).
11/2/2014 1:49:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2987107).
11/2/2014 1:44:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2968294).
11/2/2014 1:43:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Windows 7 (KB2984972).
11/2/2014 1:41:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Security Update for Windows 7 (KB3000869).
11/1/2014 3:17:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/1/2014 3:17:48 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2014 3:17:04 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
11/1/2014 3:11:22 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm
Advertisement
Register to Remove

Re: Windows 7 runs very slow and fails update

Unread postby Gary R » November 6th, 2014, 2:19 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Windows 7 runs very slow and fails update

Unread postby Gary R » November 6th, 2014, 2:24 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi ottersea

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are clear signs of an infection on your computer, this may or may not be causing the problems you are experiencing. We need to remove it first, and then see if your problems persist.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;mysearchdial

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • FRST.txt
  • Attach.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 6th, 2014, 3:50 pm

Hit a snag. FRST64 comes back as not compatible with my system. I assume that this is for a 64 bit system while I have windows 7 32 bit system. I could not find that on the download site. Where do I get the correct program?Thanks
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby Cypher » November 6th, 2014, 4:22 pm

Hi,
This should work for you.. For 32 bit Systems
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 6th, 2014, 8:15 pm

AdwCleaner.txt

# AdwCleaner v3.311 - Report created 06/11/2014 at 13:41:15
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : admin - OTTERSEA
# Running from : C:\Users\admin\Desktop\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\user.js
File Found : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\searchplugins\ask-search.xml
File Found : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\user.js
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\admin\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\admin\Documents\Updater
Folder Found : C:\Users\clay\AppData\Local\Temp\apn
Folder Found : C:\Users\clay\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\RadioRage_4j
Folder Found : C:\Users\clay\Documents\Updater

***** [ Scheduled Tasks ] *****

Task Found : AmiUpdXp
Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMScanRunOnce
Task Found : Driver Support-RTMUpdater
Task Found : driverupdate startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41829420-151B-4920-B8A5-16BE4601B42A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found : HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B01F3F08771A494439EC8990D0180939
Key Found : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\prefs.js ]

Line Found : user_pref("browser.search.order.1", "Mysearchdial");
Line Found : user_pref("extensions.ORJ-V7.DataStore.toolbar", "{\"BLACKLIST_SUBDOMAINS_OF\":[\"join.me\",\"Bing.com\",\"Hotmail.com\",\"Live.com\",\"ebay.com\",\"bing.com\",\"yahoo.com\",\"cnn.com\",\"live.com\",\[...]
Line Found : user_pref("extensions.crossrider.bic", "13d0ed38832deb281670789b95b2b303");
Line Found : user_pref("extensions.irmysearch.aflt", "dnldstr_14_14_ff");
Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0Dt[...]
Line Found : user_pref("extensions.irmysearch.cr", "984936944");
Line Found : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Found : user_pref("extensions.mysearchdial.AL", 2);
Line Found : user_pref("extensions.mysearchdial.aflt", "dnldstr_14_14_ff");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0[...]
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.cr", "984936944");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "061CB25D872B8ADF20008F2AE6C44E88");
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Czut[...]
Line Found : user_pref("extensions.mysearchdial.id", "0030673EA2CF145F");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16161");
Line Found : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Found : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCy[...]
Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.011:26:28");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Cz[...]
Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.sg", "none");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.011:26:28");
Line Found : user_pref("extensions.toolbar_ORJ-V7@apn.ask.com.install-event-fired", true);

[ File : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtA[...]
Line Found : user_pref("extensions.crossrider.bic", "13d0ed11b7a613285dad0cc85dc840a8");
Line Found : user_pref("extensions.irmysearch.aflt", "dnldstr_14_14_ff");
Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0Dt[...]
Line Found : user_pref("extensions.irmysearch.cr", "984936944");
Line Found : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Found : user_pref("extensions.mysearchdial.AL", 2);
Line Found : user_pref("extensions.mysearchdial.aflt", "dnldstr_14_14_ff");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0[...]
Line Found : user_pref("extensions.mysearchdial.cr", "984936944");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Czut[...]
Line Found : user_pref("extensions.mysearchdial.id", "0030673EA2CF145F");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16161");
Line Found : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Cz[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.011:26:28");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1391022654737");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "72936");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");

*************************

AdwCleaner[R0].txt - [12353 octets] - [06/11/2014 13:41:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12414 octets] ##########
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 6th, 2014, 8:16 pm

FRST.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by admin (administrator) on OTTERSEA on 06-11-2014 17:00:07
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & clay (Available profiles: admin & clay)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(APC) C:\Program Files\Pwrchute\ups.exe
() C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
() C:\Windows\system\HsMgr.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
() C:\Windows\system\HsMgr.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [Cmaudio8788] => RunDll32 cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [Brdefprn] => C:\Program Files\Brother\BRHL3070\Brdefprn.exe [45056 2009-07-08] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-03] (AVAST Software)
HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [307200 2004-11-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-3128821885-2795174726-813518338-1007\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Users\clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3003CF1CFDFFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {A9A9224E-76E1-4118-AF0B-020DB03B0716} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN17307067991731683
SearchScopes: HKCU - {C4859E43-2DCE-4FDD-8843-F60102E2A3F5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN13416767035876247&UM=2
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default
FF NewTab:
FF SearchEngineOrder.1: Mysearchdial
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\user.js
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\searchplugins\Mysearchdial.xml
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-31]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-08]
CHR HKLM\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-07-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-24] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
S3 Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-11-26] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-11-26] (Sonic Solutions) [File not signed]
S2 RoxLiveShare9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-11-27] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-27] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-27] (Sonic Solutions) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 UPS; C:\Program Files\Pwrchute\ups.exe [487465 1999-12-20] (APC) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2012-05-17] (AnvSoft Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-03] ()
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-08-09] (Sonic Solutions) [File not signed]
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [50688 2006-11-27] (Sonic Solutions) [File not signed]
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [202800 2011-12-12] (Jungo)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-11-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 getbus; \??\C:\Users\admin\AppData\Local\Temp\getbus.sys [X]
S3 MSICDSetup; \??\H:\CDriver.sys [X]
S4 NVHDA; system32\drivers\nvhda32v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 16:23 - 2014-11-06 17:00 - 00019395 _____ () C:\Users\admin\Desktop\FRST.txt
2014-11-06 16:21 - 2014-11-06 17:00 - 00000000 ____D () C:\FRST
2014-11-06 16:19 - 2014-11-06 16:19 - 01106432 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2014-11-06 14:26 - 2014-11-06 14:26 - 00012131 _____ () C:\Users\clay\AppData\Local\recently-used.xbel
2014-11-06 13:52 - 2014-11-06 13:42 - 00012495 _____ () C:\Users\admin\Desktop\AdwCleaner[R0].txt
2014-11-06 13:41 - 2014-11-06 13:42 - 00000000 ____D () C:\AdwCleaner
2014-11-06 13:36 - 2014-11-06 13:36 - 01375089 _____ () C:\Users\admin\Desktop\adwcleaner_3.311.exe
2014-11-06 13:30 - 2014-11-06 13:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OTTERSEA-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-11-06 13:29 - 2014-11-06 13:29 - 00000000 ____D () C:\RegBackup
2014-11-06 13:27 - 2014-11-06 13:27 - 00002146 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-06 13:27 - 2014-11-06 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-06 13:27 - 2014-11-06 13:27 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-06 13:26 - 2014-11-06 13:26 - 04215584 _____ () C:\Users\admin\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-04 10:31 - 2014-11-04 10:30 - 00021441 _____ () C:\Users\clay\Desktop\DDS.txt
2014-11-04 10:31 - 2014-11-04 10:30 - 00013016 _____ () C:\Users\clay\Desktop\Attach.txt
2014-11-04 10:30 - 2014-11-04 10:30 - 00000000 ____D () C:\Trouble shooting
2014-11-04 10:29 - 2014-11-04 10:29 - 00013016 _____ () C:\Users\admin\Desktop\attach.txt
2014-11-04 10:29 - 2014-11-04 10:28 - 00021441 _____ () C:\Users\admin\Desktop\dds.txt
2014-11-04 10:25 - 2014-11-04 10:25 - 00688992 ____R (Swearware) C:\Users\clay\Desktop\dds.scr
2014-11-03 11:15 - 2014-11-03 11:15 - 00985600 _____ () C:\Users\admin\Downloads\MicrosoftFixit50123.msi
2014-11-02 14:09 - 2014-11-02 14:09 - 00000000 ____D () C:\Windows\system32\Lang
2014-11-02 14:09 - 2014-11-02 14:09 - 00000000 ____D () C:\Program Files\Intel
2014-11-02 14:09 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2014-11-02 14:09 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-11-02 14:09 - 2009-09-23 11:47 - 00121232 _____ () C:\Windows\system32\IScrNB.bmp
2014-11-02 13:59 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2014-11-02 13:40 - 2014-11-02 13:40 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-10-31 09:57 - 2014-10-31 09:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-21 13:56 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-21 13:56 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-21 13:56 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-21 13:21 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 13:20 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-21 13:20 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 13:20 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 13:20 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 13:20 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 13:20 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 13:20 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 13:20 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-21 13:20 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 13:20 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-21 13:20 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-21 13:20 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-21 13:20 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-21 13:20 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-21 13:20 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 13:20 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 13:20 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-21 13:20 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 13:20 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-21 13:20 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-21 13:20 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-21 13:20 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-21 13:20 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-21 13:20 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-21 13:20 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-21 13:20 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 13:20 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-21 13:20 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 13:20 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 13:20 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 13:20 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 13:20 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-21 13:20 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 13:20 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 13:20 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 13:19 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-21 13:19 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 13:19 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-21 13:19 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-21 13:19 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-21 13:19 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-20 10:57 - 2014-10-20 17:21 - 00000930 _____ () C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
2014-10-20 10:57 - 2014-10-20 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
2014-10-20 10:55 - 2014-10-20 11:25 - 00000000 ____D () C:\Program Files\coolpro2
2014-10-20 08:53 - 2014-10-20 08:53 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2014-10-20 07:50 - 2014-10-20 07:50 - 00058442 _____ () C:\Windows\system32\CCCInstall_201410200850430927.log
2014-10-19 22:10 - 2014-10-19 22:10 - 00000000 ____D () C:\Users\clay\AppData\Roaming\ATI
2014-10-19 22:10 - 2014-10-19 22:10 - 00000000 ____D () C:\Users\clay\AppData\Local\ATI
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\Users\admin\AppData\Roaming\ATI
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\Users\admin\AppData\Local\ATI
2014-10-19 22:02 - 2014-10-19 22:02 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-10-19 21:59 - 2014-10-20 07:55 - 00000000 ____D () C:\ProgramData\AMD
2014-10-19 21:59 - 2014-10-19 21:59 - 00059287 _____ () C:\Windows\system32\CCCInstall_201410192259058349.log
2014-10-19 21:56 - 2014-10-19 21:56 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-10-19 21:56 - 2014-10-19 21:56 - 00000000 ____D () C:\Program Files\AMD
2014-10-19 21:56 - 2013-12-06 15:38 - 00995342 _____ () C:\Windows\system32\amdocl_as32.exe
2014-10-19 21:56 - 2013-12-06 15:38 - 00798734 _____ () C:\Windows\system32\amdocl_ld32.exe
2014-10-19 21:56 - 2013-12-06 15:38 - 00200704 _____ () C:\Windows\system32\clinfo.exe
2014-10-19 21:56 - 2013-12-06 15:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo.dll
2014-10-19 21:56 - 2013-12-06 15:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode.dll
2014-10-19 21:56 - 2013-12-06 15:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2014-10-19 21:56 - 2013-12-06 15:33 - 00057344 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-19 21:56 - 2013-12-06 15:26 - 00114688 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2014-10-19 21:56 - 2013-12-06 15:13 - 00550456 _____ () C:\Windows\system32\atiapfxx.blb
2014-10-19 21:56 - 2013-12-06 14:28 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-10-19 21:56 - 2013-12-06 14:28 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2014-10-19 21:56 - 2013-09-26 15:14 - 00083552 _____ () C:\Windows\system32\ativce02.dat
2014-10-19 21:56 - 2013-09-12 10:31 - 00233776 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-10-19 21:56 - 2013-09-12 10:30 - 00234036 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-10-19 21:56 - 2011-09-12 16:06 - 00003917 _____ () C:\Windows\system32\atipblag.dat
2014-10-19 21:54 - 2014-10-19 21:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 18:44 - 2014-10-19 18:44 - 00310480 _____ () C:\Windows\Minidump\101914-23421-01.dmp
2014-10-19 17:02 - 2014-10-19 17:03 - 00000000 ____D () C:\Users\clay\AppData\Local\NVIDIA Corporation
2014-10-19 17:02 - 2014-10-19 17:02 - 00000000 ____D () C:\Users\clay\AppData\Local\NVIDIA
2014-10-19 16:18 - 2014-10-20 07:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-19 16:17 - 2014-10-20 08:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-19 16:16 - 2014-09-04 13:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-10-19 16:16 - 2014-09-04 13:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2014-10-19 16:14 - 2014-10-19 16:14 - 00000000 ____D () C:\NVIDIA
2014-10-18 21:03 - 2014-10-18 21:03 - 00337648 _____ () C:\Windows\Minidump\101814-45968-01.dmp
2014-10-18 20:42 - 2014-11-06 03:22 - 00004323 _____ () C:\Windows\setupact.log
2014-10-18 20:02 - 2014-10-18 20:02 - 00425432 _____ () C:\Windows\Minidump\101814-22859-01.dmp
2014-10-18 18:57 - 2014-10-18 18:57 - 00268128 _____ () C:\Windows\Minidump\101814-20984-01.dmp
2014-10-18 17:27 - 2014-10-18 17:27 - 00417464 _____ () C:\Windows\Minidump\101814-32890-01.dmp
2014-10-18 16:08 - 2014-10-18 16:08 - 00287152 _____ () C:\Windows\Minidump\101814-38937-01.dmp
2014-10-11 15:13 - 2014-10-11 15:13 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-10-11 10:29 - 2014-10-11 10:29 - 00009037 _____ () C:\Windows\system32\RunLegacyCPLElevated.exe.Z-missing.txt
2014-10-07 19:53 - 2014-10-07 19:53 - 00002108 _____ () C:\Users\admin\AppData\Local\rx_audio.Cache
2014-10-07 19:06 - 2014-10-07 19:06 - 00000000 _____ () C:\Users\admin\AppData\Local\rx_image.Cache
2014-10-07 18:03 - 2014-10-07 18:03 - 00000000 ____D () C:\rei
2014-10-07 17:57 - 2014-10-07 17:57 - 00000933 _____ () C:\Users\admin\Desktop\Free CD Ripper.lnk
2014-10-07 17:57 - 2014-10-07 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free CD Ripper
2014-10-07 17:57 - 2014-10-07 17:57 - 00000000 ____D () C:\Program Files\FreeCDRipper
2014-10-07 17:57 - 2004-12-08 12:21 - 01843200 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioFile2.dll
2014-10-07 17:57 - 2004-12-08 10:38 - 01040384 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioInformation2.dll
2014-10-07 17:57 - 2004-12-03 09:37 - 00335872 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioVisualization2.dll
2014-10-07 17:57 - 2004-12-01 13:43 - 00315392 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioPlayer2.dll
2014-10-07 17:57 - 2004-11-04 11:31 - 00835584 _____ (NCT) C:\Windows\system32\NCTAudioCDGrabber2.dll
2014-10-07 17:57 - 2004-08-02 14:09 - 00450560 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioTransform2.dll
2014-10-07 17:57 - 2004-05-20 13:24 - 00196608 _____ (NCT Company Ltd.) C:\Windows\system32\NCTWMAFile2.dll
2014-10-07 17:57 - 2004-05-20 11:58 - 00270336 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioDisplay2.dll
2014-10-07 17:57 - 2003-08-07 13:01 - 00237568 _____ () C:\Windows\system32\lame_enc.dll
2014-10-07 17:57 - 2002-10-28 15:11 - 04057200 _____ (Microsoft Corporation) C:\Windows\system32\wmfdist.exe
2014-10-07 17:54 - 2014-10-07 18:00 - 00000111 _____ () C:\Windows\Reimage.ini
2014-10-07 17:00 - 2014-10-07 17:00 - 00131072 ____H () C:\Windows\Minidump\100714-71843-01.dmp
2014-10-07 14:10 - 2014-10-07 14:11 - 01430269 _____ () C:\Users\admin\Downloads\IG31C-M7S_080425_B.zip
2014-10-07 13:29 - 2014-10-07 13:29 - 00000000 ____D () C:\Users\admin\AppData\Roaming\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 16:46 - 2013-01-31 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 16:38 - 2013-01-31 16:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 16:18 - 2014-04-01 10:40 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-06 16:18 - 2014-04-01 10:40 - 00000394 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-11-06 16:18 - 2013-01-31 16:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 16:18 - 2013-01-31 13:43 - 00000394 _____ () C:\Windows\Brownie.ini
2014-11-06 15:29 - 2013-01-31 15:06 - 01222147 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 14:26 - 2013-03-06 09:49 - 00000000 ____D () C:\Users\clay\.gimp-2.8
2014-11-06 14:26 - 2010-11-20 15:01 - 00799230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 13:53 - 2013-01-31 14:05 - 00000000 ____D () C:\Program Files\CyberPower PowerPanel Personal Edition
2014-11-06 13:20 - 2013-01-31 13:15 - 00000000 ____D () C:\Users\admin
2014-11-06 13:01 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-11-06 06:48 - 2013-02-01 09:13 - 00000000 ____D () C:\Users\clay\AppData\Local\PasswordSafe
2014-11-06 06:37 - 2013-11-25 16:10 - 00000000 ___RD () C:\Users\clay\Dropbox
2014-11-06 06:37 - 2013-11-25 16:00 - 00000000 ____D () C:\Users\clay\AppData\Roaming\Dropbox
2014-11-06 03:45 - 2009-07-13 22:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 03:45 - 2009-07-13 22:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 03:28 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-06 03:22 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 03:22 - 2009-07-13 22:33 - 00354304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-06 03:19 - 2014-05-15 21:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-05 11:32 - 2009-07-13 20:04 - 00000697 _____ () C:\Windows\win.ini
2014-11-05 11:32 - 2009-07-13 20:04 - 00000241 _____ () C:\Windows\system.ini
2014-11-03 08:38 - 2013-02-01 09:12 - 00000000 ____D () C:\Program Files\Password Safe
2014-11-03 08:35 - 2013-02-01 18:22 - 00000000 ____D () C:\Users\admin\AppData\Local\PasswordSafe
2014-11-02 13:49 - 2013-08-08 08:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-02 13:44 - 2013-02-02 13:54 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-01 14:05 - 2013-01-31 15:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-28 05:35 - 2013-01-31 13:52 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 16:49 - 2013-01-31 16:15 - 00002012 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-24 17:35 - 2013-01-31 17:42 - 00000000 ____D () C:\Users\clay
2014-10-22 09:23 - 2010-11-20 15:48 - 00342534 _____ () C:\Windows\PFRO.log
2014-10-21 12:32 - 2013-08-05 11:46 - 00000000 ____D () C:\Network Share
2014-10-20 17:19 - 2013-01-31 15:01 - 00000000 ____D () C:\Temp
2014-10-19 21:20 - 2013-03-03 15:41 - 00000000 ____D () C:\Program Files\Pwrchute
2014-10-19 18:44 - 2013-01-31 15:04 - 00000000 ____D () C:\Windows\Minidump
2014-10-19 18:44 - 2013-01-31 15:03 - 326499530 _____ () C:\Windows\MEMORY.DMP
2014-10-19 16:17 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Help
2014-10-19 16:12 - 2013-03-26 14:35 - 00000455 _____ () C:\Users\admin\AppData\Roaming\Safer-Networking.log
2014-10-18 17:14 - 2013-02-04 11:07 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-10-18 17:12 - 2013-01-31 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-18 17:12 - 2013-01-31 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-15 09:52 - 2013-01-31 13:43 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-10-07 19:57 - 2013-01-31 14:45 - 00000000 ____D () C:\ProgramData\Roxio
2014-10-07 19:06 - 2013-01-31 14:51 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Roxio

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\temp\kfd_1mxh.dll
C:\Users\admin\AppData\Local\temp\nv3DVStreaming.dll
C:\Users\admin\AppData\Local\temp\nvStInst.exe
C:\Users\clay\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz_ckc2.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 01:03

==================== End Of Log ============================
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 6th, 2014, 8:19 pm

The instructions say to attach Attach.txt file. There was no attach.txt but was a addition.txt which is what I have here

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by admin at 2014-11-06 17:00:57
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version: - )
Adobe Acrobat 4.0, 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{294E0B98-299B-62A4-47C7-131A2D9E220F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any Video Recorder version 1.0.2 (HKLM\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.2 - anvsoft, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Binreader (HKLM\...\{3D47B2C0-8748-4450-99AE-0746A5A74C8E}) (Version: 1.0.0 - Binreader)
Brother HL-3070CW (HKLM\...\{0D59A112-5C14-4B2A-A538-96AAFFF8B7EB}) (Version: 1.00 - Brother)
calibre (HKLM\...\{D9A85F14-FFA5-40B1-8402-80D510D48D01}) (Version: 1.8.0 - Kovid Goyal)
Common (Version: 14.0.1.13 - Corel Corporation) Hidden
Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
Contents (Version: 14.0.1.13 - Corel Corporation) Hidden
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version: - )
Corel VideoStudio Essentials X4 (HKLM\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.0.1.13 - Corel Corporation)
CyberPower PowerPanel Personal Edition 1.3.3 (HKLM\...\{972F23F4-F293-4074-853D-125A59EB356D}) (Version: 1.3.3 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Detroit Iron Information Systems (HKLM\...\Detroit Iron) (Version: - )
DeviceIO (Version: 14.0.1.13 - Corel Corporation) Hidden
DiskCheckup v3.2 (HKLM\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
DriverUpdate (HKLM\...\{65C92136-6AF0-4E70-88D2-D19E739CE285}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
Easycalculationnew (HKCU\...\cbdf2b67858b697e) (Version: 1.0.0.0 - Easycalculationnew)
eCalc Calculator (HKLM\...\eCalc Calculator) (Version: - Aspen Labs, LLC)
Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Free CD Ripper 3.1 (HKLM\...\Free CD Ripper_is1) (Version: - FocusSoft.net)
Freemake Video Converter version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
ICA (Version: 14.0.1.13 - Corel Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
IPM_VS_Pro (Version: 13.0 - Corel Corporation) Hidden
ISCOM (Version: 14.0.1.13 - Corel Corporation) Hidden
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013F0}) (Version: 7.0.130 - Oracle)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaFACE (HKCU\...\InstallShield_{B42F56DC-A1AC-4634-953A-6EBB5BF26B8C}) (Version: 5.0 - Fellowes)
MediaFACE (Version: 5.0 - Fellowes) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft PowerPoint Viewer 97 (HKLM\...\PPTView97) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp4 to Mpeg Converter 1.0 (HKLM\...\{17302AA8-090C-40F4-A501-52F62CD0316B}_is1) (Version: 1.0 - BadBoy Media)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD-VR Recorder (Version: 1.0 - Sonic) Hidden
NWZ-E350 WALKMAN Guide (HKLM\...\{9D7E5329-5751-435B-B585-0EFF51783A20}) (Version: 2.1.0.17210 - Sony Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Password Safe (HKLM\...\Password Safe) (Version: - )
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID)
PowerChute plus 5.2 (HKLM\...\PowerChute plus) (Version: - )
PureHD (Version: 14.0.1.13 - Corel Corporation) Hidden
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.6.7 - Intuit)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Replay Video Capture 6 (HKLM\...\Replay Video Capture6.0.6.1) (Version: 6.0.6.1 - Applian Technologies Inc.)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Roxio)
Roxio Easy Media Creator 9 Suite (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.546 - Roxio)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
SCT Device Updater (HKLM\...\{1E05E69C-38E3-40A8-96BA-07900EE62F4F}) (Version: 2.9.8.91 - SCT)
SCTDriversV1011x86 (HKLM\...\{85E589A5-FBF0-4CC5-9E58-CA2E1E54DBBF}) (Version: 11.0.0 - SCT Performance LLC)
Setup (Version: 14.0.1.13 - Corel Corporation) Hidden
Share (Version: 14.0.1.13 - Corel Corporation) Hidden
SightSpeed (remove only) (HKLM\...\SightSpeed) (Version: 5.0 (5018) - SightSpeed Inc.)
Sonic MyDVD-VR (HKLM\...\InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}) (Version: 1.0 - Sonic)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
VIO (Version: 14.0.1.13 - Corel Corporation) Hidden
Visioneer PaperPort Viewer 5.0 (HKLM\...\Visioneer PaperPort Viewer 5.0) (Version: - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VSClassic (Version: 14.0.1.13 - Corel Corporation) Hidden
VSPro (Version: 14.0.1.13 - Corel Corporation) Hidden
Windows 7 Codec Pack 4.0.7 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.0.7 - Windows 7 Codec Pack)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
Xingtone Ringtone Maker (HKLM\...\{625304B0-2976-473B-AD81-5CA376093F03}) (Version: 4.2.19 - Xingtone)
Yahoo Browser Settings (HKLM\...\Yahoo Browser Settings) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\admin\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\clay\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2013-03-23 13:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03354E1D-7B8D-4BA8-89F5-CA636B389981} - System32\Tasks\{5EBF4140-54B9-4B3D-BD53-AECA1EDF3CED} => H:\SETUP.EXE
Task: {0E99DAEF-7F4D-4F98-98E8-FD425F7CF44E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {12656E81-D354-4E27-B794-773E43429BC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {349B9891-841A-481D-96D1-4ECBA9EC4AFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35C77DA8-E1E8-48CE-9329-55C65BA16F90} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-28] (PC Drivers Headquarters)
Task: {500F5BF7-44D8-4FC7-837C-E04FA361B98E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {5B53E1B3-80C0-4391-A5F8-916026445DEB} - System32\Tasks\DriverUpdate Startup => C:\Program Files\DriverUpdate\DriverUpdate.exe [2014-01-15] (SlimWare Utilities, Inc.)
Task: {643DB51F-3C51-4344-827A-EF188E754CD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {650BE38A-4808-4F44-82A8-3985D01843D1} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-28] (PC Drivers Headquarters)
Task: {8AD780FB-7794-464E-9489-8AD44843952D} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-28] (PC Drivers Headquarters)
Task: {99C56217-1DA0-487E-9A75-14811735AC46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {A86B2CB2-127A-4BBE-9569-A5FBFE9C1902} - \AmiUpdXp No Task File <==== ATTENTION
Task: {B8AFA5C5-FF16-4579-A9A5-1BCADBA405FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-03] (AVAST Software)
Task: {BD0959BF-B0DB-471E-8EC5-C580844C0A97} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-28] (PC Drivers Headquarters)
Task: {DF02B24D-51F7-441C-BF56-252A7EA26DF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {EFC60955-B686-4C73-AF66-6963C885A9C4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

1997-06-12 23:00 - 1997-06-12 23:00 - 00022016 _____ () C:\Windows\system32\docobj.dll
2014-10-03 08:45 - 2014-10-03 08:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-05 22:59 - 2014-11-05 22:59 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110501\algo.dll
2014-11-06 07:22 - 2014-11-06 07:22 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110600\algo.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00028791 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00057453 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00102515 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00053364 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00057455 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00032880 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 00434255 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 01019904 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-27 07:31 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-27 07:31 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-27 07:31 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-27 07:31 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-02-27 07:31 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-03-03 15:41 - 1999-12-20 09:49 - 00217088 _____ () C:\Program Files\Pwrchute\rengs.dll
2005-04-04 17:58 - 2005-04-04 17:58 - 03502080 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-08-06 14:42 - 2006-11-01 07:58 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2014-02-07 09:26 - 2008-07-11 01:04 - 00200704 ____N () C:\Windows\system\HsMgr.exe
2014-10-03 08:45 - 2014-10-03 08:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-07 10:34 - 2009-04-30 14:56 - 00344064 _____ () C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
2014-11-06 06:36 - 2014-11-06 06:36 - 00043008 _____ () c:\users\clay\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz_ckc2.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\clay\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-07 09:26 - 2011-04-19 00:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2013-02-27 07:31 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-10-31 09:57 - 2014-10-31 09:57 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\admin\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\admin\Documents\AdobeStockPhotos:Roxio EMC Stream
AlternateDataStreams: C:\Users\admin\Documents\Any Video Recorder:Roxio EMC Stream
AlternateDataStreams: C:\Users\admin\Documents\MP42MPEG:Roxio EMC Stream
AlternateDataStreams: C:\Users\admin\Documents\ProcAlyzer Dumps:Roxio EMC Stream
AlternateDataStreams: C:\Users\admin\Documents\Updater:Roxio EMC Stream
AlternateDataStreams: C:\Users\admin\Documents\Version Cue:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\AdobeStockPhotos:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\Calibre Library:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\Corel VideoStudio Pro:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\Eidos:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\MP42MPEG:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\My Kindle Content:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\My Safes:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\Quicken:Roxio EMC Stream
AlternateDataStreams: C:\Users\clay\Documents\Updater:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Password Safe.lnk => C:\Windows\pss\Password Safe.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => "c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsWnd => C:\Program Files\Brownie\BrstsWnd.exe Autorun
MSCONFIG\startupreg: ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke => "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3298568\plugins\TBVerifier.dll",RunConduitFloatingPlugin nobnjjknonbflhaiepehfnncjhigejke
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

========================= Accounts: ==========================

admin (S-1-5-21-3128821885-2795174726-813518338-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3128821885-2795174726-813518338-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3128821885-2795174726-813518338-1004 - Limited - Enabled)
clay (S-1-5-21-3128821885-2795174726-813518338-1007 - Limited - Enabled) => C:\Users\clay
Guest (S-1-5-21-3128821885-2795174726-813518338-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3128821885-2795174726-813518338-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: AnvSoft Virtual Sound Device
Description: AnvSoft Virtual Sound Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: AnvSoft Inc.
Service: anvsnddrv
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 01:00:44 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (11/06/2014 01:00:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (11/06/2014 03:23:03 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (11/06/2014 03:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 10:06:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 10:06:07 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/05/2014 08:20:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 05:30:20 AM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (1048) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090).

Error: (11/05/2014 05:30:20 AM) (Source: ESENT) (EventID: 471) (User: )
Description: wuaueng.dll (1048) SUS20ClientDataStore: Unable to rollback operation #8548 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -510. All future database updates will be rejected.

Error: (11/05/2014 05:30:20 AM) (Source: ESENT) (EventID: 492) (User: )
Description: wuaueng.dll (1048) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.


System errors:
=============
Error: (11/06/2014 05:01:31 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:31 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:27 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:25 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:17 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:17 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:01:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (11/06/2014 05:00:56 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.


Microsoft Office Sessions:
=========================
Error: (11/06/2014 01:00:44 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (11/06/2014 01:00:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (11/06/2014 03:23:03 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (11/06/2014 03:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 10:06:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 10:06:07 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/05/2014 08:20:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 05:30:20 AM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll1048SUS20ClientDataStore: 0-1090

Error: (11/05/2014 05:30:20 AM) (Source: ESENT) (EventID: 471) (User: )
Description: wuaueng.dll1048SUS20ClientDataStore: 8548C:\Windows\SoftwareDistribution\DataStore\DataStore.edb-510

Error: (11/05/2014 05:30:20 AM) (Source: ESENT) (EventID: 492) (User: )
Description: wuaueng.dll1048SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 65%
Total physical RAM: 2038.3 MB
Available physical RAM: 709.98 MB
Total Pagefile: 4076.61 MB
Available Pagefile: 1955.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.63 MB

==================== Drives ================================

Drive c: (Sata1) (Fixed) (Total:465.76 GB) (Free:64.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (IDE1) (Fixed) (Total:111.79 GB) (Free:49.42 GB) NTFS
Drive e: (Sata 3) (Fixed) (Total:931.51 GB) (Free:492.09 GB) NTFS
Drive f: (IDE2) (Fixed) (Total:55.91 GB) (Free:30.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: DB4FDB4F)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 55.9 GB) (Disk ID: 22311402)
Partition 1: (Not Active) - (Size=55.9 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 280AAAAC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1CF51CF5)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 6th, 2014, 8:20 pm

Search.txt


Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by admin at 2014-11-06 17:11:58
Running from C:\Users\admin\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;mysearchdial" ===========


===================== Search result for "Searchnu" ==========

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.babylon.com":"q","search.utorrent.com":"","search.bittorrent.com":"","search.bearshare.com":"q","search.bearshare.net":"q","searchya.com":"q","int.search-results.com":"q","search.searchcompletion.com":"q","www.adoresearch.com":"q","www.searchcore.net":"q","googosearch.info":"terms","bar.searchqu.com":"q","search.speedbit.com":"q","search.toggle.com":"q","click.searchnation.net":"query","isearch.whitesmoke.com":"q","search.handycafe.com":"q","searchassist.babylon.com":"q","searchnation.net":"query","video.searchcompletion.com":"q","www.searchbrowsing.com":"q","search.anchorfree.net":"q","search.hotspotshield.com":"q","dts.search-results.com":"q","uk.search-results.com":"q","search.chatzum.com":"q","search.phpnuke.org":"q","www.i-mysearch.com":"q","search.smartaddressbar.com":"q","www.search-guru.com":"q","searchgby.com":"","thespecialsearch.com":"q","search.bpath.com":"q","start.funmoods.com":"s","fr.search-results.com":"q","de.search-results.com":"q","it.search-results.com":"q","es.search-results.com":"q","search.imesh.com":"q","search.swagbucks.com":"q","isearch.avg.com":"q","search.avg.com":"q","search.yippy.com":"query","cludr.com":"q","search.vmn.net":"q","www.gigablast.com":"q","www.metacrawler.com":"q","www.webcrawler.com":"q","www.ixquick.com":"","www.search.com":"q","www.excite.com":"q","duckduckgo.com":"q","search.lycos.com":"q","webfetch.com":"q","monstercrawler.com":"q","go.com":"p","hotbot.com":"keyword","home.myplaycity.com":"s","www.findamo.com":"q","search.gboxapp.com":"q","start.iplay.com":"q","home.speedbit.com":"q","search.alot.com":"q","search.searchplusnetwork.com":"q","www.searchqu.net":"","us.yhs4.search.yahoo.com":"p","search.insiteapp.com":"q","somoto.com":"q","blekko.com":"","uk.yhs4.search.yahoo.com":"p","fr.yhs4.search.yahoo.com":"p","suggestor.netliker.com":"","search.netliker.com":"","insta-search.com":"q","www.fast-search.biz":"q","start.facemoods.com":"s","search.coolnovo.com":"","chromeplus.info":"q","in.yhs4.search.yahoo.com":"p","in.yhs.search.yahoo.com":"p","www.searchble.com":"keyword","home.allgameshome.com":"s","forsearch.net":"q","allssearch.com":"q","search.snap.do":"q","us.yhs.search.yahoo.com":"p","uk.yhs.search.yahoo.com":"p","fr.yhs.search.yahoo.com":"p","search.smartsearchbox.net":"","search.seznam.cz":"q","search.funmoods.com":"s","search.avira.com":"q","search.jzip.com":"q","search.findeer.com":"","search-faster.com":"","dnssearch.rr.com":"search","search.rr.com":"q","search.kalloutsearch4.com":"q","kalloutsearch4.com":"Keywords","search.rapidns.net":"SearchQuery","websearch.4shared.com":"q","images.search.conduit.com":"q","search.cpchero.biz":"q","search.kikin.com":"q","www.engine-search.biz":"q","www.mysearchresults.com":"q","search.vdc.com.vn":"SearchQuery","search.charter.net":"search","search-vbc.com":"keywords","search.pch.com":"q","search.pantip.com":"","www.startsearcher.com":"q","search.icafemanager.com":"q","aolsearcht10.search.aol.com":"q","search.free.fr":"","www.similarsitesearch.com":"URL","qoqole.com":"q","www.claro-search.com":"q","isearch.claro-search.com":"q","www.uncoverthenet.com/search":"q","www.searchcanvas.com":"q","search.etoolkit.com":"q","www.searchalgo.com":"q","bestsearchall.com":"q","bestorganicsearch.com":"q","mysearchproperties.com":"q","search.treasuretrooper.com":"q","btsearch.name":"q","optu.search-help.net":"search","search.clinck.in":"q","search.shareazaweb.net":"q","search.solarmash.com":"q","search.surfcanyon.com":"q","search.tedata.net":"SearchQuery","www.gooofullsearch.com":"keywords","www.alnaddy.com":"q","searchsafer.com":"q","www.searchqu.com":"q","searchfunmoods.com":"s","www.searchfunmoods.com":"s","www.searchya.com":"q","search.lphant.net":"","searchremagnified.com":"","www.pagequeryresults.com":"","www.searchqueryresults.com":"","domainhelp.search.com":"q","search.b1.org":"q","search.pontofrio.com.br":"q","search.maxonline.com.sg":"q","search.us.com":"k","www.picsearch.com":"q","www.search-document.com":"q","www.searchsafer.com":"q","www.website-unavailable.com":"q","fantastigames.metacrawler.com":"q","search.appsarefun.info":"","www.searchamong.com":"query","www.savevalet.com":"q","www.navegaki.com.br":"q","my.rally.io":"","isearch.glarysoft.com":"q","websearch.mocaflix.com":"s","search.fastaddressbar.com":"s","search.certified-toolbar.com":"q","www.delta-search.com":"q","mysearch.avg.com":"q","www1.search-results.com":"q","search.searchya.com":"q","websearch.just-browse.info":"s","search.fbdownloader.com":"q","search.startnow.com":"q","search.protectedsearch.com":"q","start.iminent.com":"q","websearch.pu-results.info":"s"}|||8641363892386984"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.babylon.com":"q","search.utorrent.com":"","search.bittorrent.com":"","search.bearshare.com":"q","search.bearshare.net":"q","searchya.com":"q","int.search-results.com":"q","search.searchcompletion.com":"q","www.adoresearch.com":"q","www.searchcore.net":"q","googosearch.info":"terms","bar.searchqu.com":"q","search.speedbit.com":"q","search.toggle.com":"q","click.searchnation.net":"query","isearch.whitesmoke.com":"q","search.handycafe.com":"q","searchassist.babylon.com":"q","searchnation.net":"query","video.searchcompletion.com":"q","www.searchbrowsing.com":"q","search.anchorfree.net":"q","search.hotspotshield.com":"q","dts.search-results.com":"q","uk.search-results.com":"q","search.chatzum.com":"q","search.phpnuke.org":"q","www.i-mysearch.com":"q","search.smartaddressbar.com":"q","www.search-guru.com":"q","searchgby.com":"","thespecialsearch.com":"q","search.bpath.com":"q","start.funmoods.com":"s","fr.search-results.com":"q","de.search-results.com":"q","it.search-results.com":"q","es.search-results.com":"q","search.imesh.com":"q","search.swagbucks.com":"q","isearch.avg.com":"q","search.avg.com":"q","search.yippy.com":"query","cludr.com":"q","search.vmn.net":"q","www.gigablast.com":"q","www.metacrawler.com":"q","www.webcrawler.com":"q","www.ixquick.com":"","www.search.com":"q","www.excite.com":"q","duckduckgo.com":"q","search.lycos.com":"q","webfetch.com":"q","monstercrawler.com":"q","go.com":"p","hotbot.com":"keyword","home.myplaycity.com":"s","www.findamo.com":"q","search.gboxapp.com":"q","start.iplay.com":"q","home.speedbit.com":"q","search.alot.com":"q","search.searchplusnetwork.com":"q","www.searchqu.net":"","us.yhs4.search.yahoo.com":"p","search.insiteapp.com":"q","somoto.com":"q","blekko.com":"","uk.yhs4.search.yahoo.com":"p","fr.yhs4.search.yahoo.com":"p","suggestor.netliker.com":"","search.netliker.com":"","insta-search.com":"q","www.fast-search.biz":"q","start.facemoods.com":"s","search.coolnovo.com":"","chromeplus.info":"q","in.yhs4.search.yahoo.com":"p","in.yhs.search.yahoo.com":"p","www.searchble.com":"keyword","home.allgameshome.com":"s","forsearch.net":"q","allssearch.com":"q","search.snap.do":"q","us.yhs.search.yahoo.com":"p","uk.yhs.search.yahoo.com":"p","fr.yhs.search.yahoo.com":"p","search.smartsearchbox.net":"","search.seznam.cz":"q","search.funmoods.com":"s","search.avira.com":"q","search.jzip.com":"q","search.findeer.com":"","search-faster.com":"","dnssearch.rr.com":"search","search.rr.com":"q","search.kalloutsearch4.com":"q","kalloutsearch4.com":"Keywords","search.rapidns.net":"SearchQuery","websearch.4shared.com":"q","images.search.conduit.com":"q","search.cpchero.biz":"q","search.kikin.com":"q","www.engine-search.biz":"q","www.mysearchresults.com":"q","search.vdc.com.vn":"SearchQuery","search.charter.net":"search","search-vbc.com":"keywords","search.pch.com":"q","search.pantip.com":"","www.startsearcher.com":"q","search.icafemanager.com":"q","aolsearcht10.search.aol.com":"q","search.free.fr":"","www.similarsitesearch.com":"URL","qoqole.com":"q","www.claro-search.com":"q","isearch.claro-search.com":"q","www.uncoverthenet.com/search":"q","www.searchcanvas.com":"q","search.etoolkit.com":"q","www.searchalgo.com":"q","bestsearchall.com":"q","bestorganicsearch.com":"q","mysearchproperties.com":"q","search.treasuretrooper.com":"q","btsearch.name":"q","optu.search-help.net":"search","search.clinck.in":"q","search.shareazaweb.net":"q","search.solarmash.com":"q","search.surfcanyon.com":"q","search.tedata.net":"SearchQuery","www.gooofullsearch.com":"keywords","www.alnaddy.com":"q","searchsafer.com":"q","www.searchqu.com":"q","searchfunmoods.com":"s","www.searchfunmoods.com":"s","www.searchya.com":"q","search.lphant.net":"","searchremagnified.com":"","www.pagequeryresults.com":"","www.searchqueryresults.com":"","domainhelp.search.com":"q","search.b1.org":"q","search.pontofrio.com.br":"q","search.maxonline.com.sg":"q","search.us.com":"k","www.picsearch.com":"q","www.search-document.com":"q","www.searchsafer.com":"q","www.website-unavailable.com":"q","fantastigames.metacrawler.com":"q","search.appsarefun.info":"","www.searchamong.com":"query","www.savevalet.com":"q","www.navegaki.com.br":"q","my.rally.io":"","isearch.glarysoft.com":"q","websearch.mocaflix.com":"s","search.fastaddressbar.com":"s","search.certified-toolbar.com":"q","www.delta-search.com":"q","mysearch.avg.com":"q","www1.search-results.com":"q","search.searchya.com":"q","websearch.just-browse.info":"s","search.fbdownloader.com":"q","search.startnow.com":"q","search.protectedsearch.com":"q","start.iminent.com":"q","websearch.pu-results.info":"s"}|||8641363892386984"


===================== Search result for "whitesmoke" ==========

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files\WhiteSmoke_B\prxtbWhit.dll"="02/27/2013 9:24 AM"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.babylon.com":"q","search.utorrent.com":"","search.bittorrent.com":"","search.bearshare.com":"q","search.bearshare.net":"q","searchya.com":"q","int.search-results.com":"q","search.searchcompletion.com":"q","www.adoresearch.com":"q","www.searchcore.net":"q","googosearch.info":"terms","bar.searchqu.com":"q","search.speedbit.com":"q","search.toggle.com":"q","click.searchnation.net":"query","isearch.whitesmoke.com":"q","search.handycafe.com":"q","searchassist.babylon.com":"q","searchnation.net":"query","video.searchcompletion.com":"q","www.searchbrowsing.com":"q","search.anchorfree.net":"q","search.hotspotshield.com":"q","dts.search-results.com":"q","uk.search-results.com":"q","search.chatzum.com":"q","search.phpnuke.org":"q","www.i-mysearch.com":"q","search.smartaddressbar.com":"q","www.search-guru.com":"q","searchgby.com":"","thespecialsearch.com":"q","search.bpath.com":"q","start.funmoods.com":"s","fr.search-results.com":"q","de.search-results.com":"q","it.search-results.com":"q","es.search-results.com":"q","search.imesh.com":"q","search.swagbucks.com":"q","isearch.avg.com":"q","search.avg.com":"q","search.yippy.com":"query","cludr.com":"q","search.vmn.net":"q","www.gigablast.com":"q","www.metacrawler.com":"q","www.webcrawler.com":"q","www.ixquick.com":"","www.search.com":"q","www.excite.com":"q","duckduckgo.com":"q","search.lycos.com":"q","webfetch.com":"q","monstercrawler.com":"q","go.com":"p","hotbot.com":"keyword","home.myplaycity.com":"s","www.findamo.com":"q","search.gboxapp.com":"q","start.iplay.com":"q","home.speedbit.com":"q","search.alot.com":"q","search.searchplusnetwork.com":"q","www.searchqu.net":"","us.yhs4.search.yahoo.com":"p","search.insiteapp.com":"q","somoto.com":"q","blekko.com":"","uk.yhs4.search.yahoo.com":"p","fr.yhs4.search.yahoo.com":"p","suggestor.netliker.com":"","search.netliker.com":"","insta-search.com":"q","www.fast-search.biz":"q","start.facemoods.com":"s","search.coolnovo.com":"","chromeplus.info":"q","in.yhs4.search.yahoo.com":"p","in.yhs.search.yahoo.com":"p","www.searchble.com":"keyword","home.allgameshome.com":"s","forsearch.net":"q","allssearch.com":"q","search.snap.do":"q","us.yhs.search.yahoo.com":"p","uk.yhs.search.yahoo.com":"p","fr.yhs.search.yahoo.com":"p","search.smartsearchbox.net":"","search.seznam.cz":"q","search.funmoods.com":"s","search.avira.com":"q","search.jzip.com":"q","search.findeer.com":"","search-faster.com":"","dnssearch.rr.com":"search","search.rr.com":"q","search.kalloutsearch4.com":"q","kalloutsearch4.com":"Keywords","search.rapidns.net":"SearchQuery","websearch.4shared.com":"q","images.search.conduit.com":"q","search.cpchero.biz":"q","search.kikin.com":"q","www.engine-search.biz":"q","www.mysearchresults.com":"q","search.vdc.com.vn":"SearchQuery","search.charter.net":"search","search-vbc.com":"keywords","search.pch.com":"q","search.pantip.com":"","www.startsearcher.com":"q","search.icafemanager.com":"q","aolsearcht10.search.aol.com":"q","search.free.fr":"","www.similarsitesearch.com":"URL","qoqole.com":"q","www.claro-search.com":"q","isearch.claro-search.com":"q","www.uncoverthenet.com/search":"q","www.searchcanvas.com":"q","search.etoolkit.com":"q","www.searchalgo.com":"q","bestsearchall.com":"q","bestorganicsearch.com":"q","mysearchproperties.com":"q","search.treasuretrooper.com":"q","btsearch.name":"q","optu.search-help.net":"search","search.clinck.in":"q","search.shareazaweb.net":"q","search.solarmash.com":"q","search.surfcanyon.com":"q","search.tedata.net":"SearchQuery","www.gooofullsearch.com":"keywords","www.alnaddy.com":"q","searchsafer.com":"q","www.searchqu.com":"q","searchfunmoods.com":"s","www.searchfunmoods.com":"s","www.searchya.com":"q","search.lphant.net":"","searchremagnified.com":"","www.pagequeryresults.com":"","www.searchqueryresults.com":"","domainhelp.search.com":"q","search.b1.org":"q","search.pontofrio.com.br":"q","search.maxonline.com.sg":"q","search.us.com":"k","www.picsearch.com":"q","www.search-document.com":"q","www.searchsafer.com":"q","www.website-unavailable.com":"q","fantastigames.metacrawler.com":"q","search.appsarefun.info":"","www.searchamong.com":"query","www.savevalet.com":"q","www.navegaki.com.br":"q","my.rally.io":"","isearch.glarysoft.com":"q","websearch.mocaflix.com":"s","search.fastaddressbar.com":"s","search.certified-toolbar.com":"q","www.delta-search.com":"q","mysearch.avg.com":"q","www1.search-results.com":"q","search.searchya.com":"q","websearch.just-browse.info":"s","search.fbdownloader.com":"q","search.startnow.com":"q","search.protectedsearch.com":"q","start.iminent.com":"q","websearch.pu-results.info":"s"}|||8641363892386984"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\Trolltech]

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.babylon.com":"q","search.utorrent.com":"","search.bittorrent.com":"","search.bearshare.com":"q","search.bearshare.net":"q","searchya.com":"q","int.search-results.com":"q","search.searchcompletion.com":"q","www.adoresearch.com":"q","www.searchcore.net":"q","googosearch.info":"terms","bar.searchqu.com":"q","search.speedbit.com":"q","search.toggle.com":"q","click.searchnation.net":"query","isearch.whitesmoke.com":"q","search.handycafe.com":"q","searchassist.babylon.com":"q","searchnation.net":"query","video.searchcompletion.com":"q","www.searchbrowsing.com":"q","search.anchorfree.net":"q","search.hotspotshield.com":"q","dts.search-results.com":"q","uk.search-results.com":"q","search.chatzum.com":"q","search.phpnuke.org":"q","www.i-mysearch.com":"q","search.smartaddressbar.com":"q","www.search-guru.com":"q","searchgby.com":"","thespecialsearch.com":"q","search.bpath.com":"q","start.funmoods.com":"s","fr.search-results.com":"q","de.search-results.com":"q","it.search-results.com":"q","es.search-results.com":"q","search.imesh.com":"q","search.swagbucks.com":"q","isearch.avg.com":"q","search.avg.com":"q","search.yippy.com":"query","cludr.com":"q","search.vmn.net":"q","www.gigablast.com":"q","www.metacrawler.com":"q","www.webcrawler.com":"q","www.ixquick.com":"","www.search.com":"q","www.excite.com":"q","duckduckgo.com":"q","search.lycos.com":"q","webfetch.com":"q","monstercrawler.com":"q","go.com":"p","hotbot.com":"keyword","home.myplaycity.com":"s","www.findamo.com":"q","search.gboxapp.com":"q","start.iplay.com":"q","home.speedbit.com":"q","search.alot.com":"q","search.searchplusnetwork.com":"q","www.searchqu.net":"","us.yhs4.search.yahoo.com":"p","search.insiteapp.com":"q","somoto.com":"q","blekko.com":"","uk.yhs4.search.yahoo.com":"p","fr.yhs4.search.yahoo.com":"p","suggestor.netliker.com":"","search.netliker.com":"","insta-search.com":"q","www.fast-search.biz":"q","start.facemoods.com":"s","search.coolnovo.com":"","chromeplus.info":"q","in.yhs4.search.yahoo.com":"p","in.yhs.search.yahoo.com":"p","www.searchble.com":"keyword","home.allgameshome.com":"s","forsearch.net":"q","allssearch.com":"q","search.snap.do":"q","us.yhs.search.yahoo.com":"p","uk.yhs.search.yahoo.com":"p","fr.yhs.search.yahoo.com":"p","search.smartsearchbox.net":"","search.seznam.cz":"q","search.funmoods.com":"s","search.avira.com":"q","search.jzip.com":"q","search.findeer.com":"","search-faster.com":"","dnssearch.rr.com":"search","search.rr.com":"q","search.kalloutsearch4.com":"q","kalloutsearch4.com":"Keywords","search.rapidns.net":"SearchQuery","websearch.4shared.com":"q","images.search.conduit.com":"q","search.cpchero.biz":"q","search.kikin.com":"q","www.engine-search.biz":"q","www.mysearchresults.com":"q","search.vdc.com.vn":"SearchQuery","search.charter.net":"search","search-vbc.com":"keywords","search.pch.com":"q","search.pantip.com":"","www.startsearcher.com":"q","search.icafemanager.com":"q","aolsearcht10.search.aol.com":"q","search.free.fr":"","www.similarsitesearch.com":"URL","qoqole.com":"q","www.claro-search.com":"q","isearch.claro-search.com":"q","www.uncoverthenet.com/search":"q","www.searchcanvas.com":"q","search.etoolkit.com":"q","www.searchalgo.com":"q","bestsearchall.com":"q","bestorganicsearch.com":"q","mysearchproperties.com":"q","search.treasuretrooper.com":"q","btsearch.name":"q","optu.search-help.net":"search","search.clinck.in":"q","search.shareazaweb.net":"q","search.solarmash.com":"q","search.surfcanyon.com":"q","search.tedata.net":"SearchQuery","www.gooofullsearch.com":"keywords","www.alnaddy.com":"q","searchsafer.com":"q","www.searchqu.com":"q","searchfunmoods.com":"s","www.searchfunmoods.com":"s","www.searchya.com":"q","search.lphant.net":"","searchremagnified.com":"","www.pagequeryresults.com":"","www.searchqueryresults.com":"","domainhelp.search.com":"q","search.b1.org":"q","search.pontofrio.com.br":"q","search.maxonline.com.sg":"q","search.us.com":"k","www.picsearch.com":"q","www.search-document.com":"q","www.searchsafer.com":"q","www.website-unavailable.com":"q","fantastigames.metacrawler.com":"q","search.appsarefun.info":"","www.searchamong.com":"query","www.savevalet.com":"q","www.navegaki.com.br":"q","my.rally.io":"","isearch.glarysoft.com":"q","websearch.mocaflix.com":"s","search.fastaddressbar.com":"s","search.certified-toolbar.com":"q","www.delta-search.com":"q","mysearch.avg.com":"q","www1.search-results.com":"q","search.searchya.com":"q","websearch.just-browse.info":"s","search.fbdownloader.com":"q","search.startnow.com":"q","search.protectedsearch.com":"q","start.iminent.com":"q","websearch.pu-results.info":"s"}|||8641363892386984"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke]
"command"=""C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3298568\plugins\TBVerifier.dll",RunConduitFloatingPlugin nobnjjknonbflhaiepehfnncjhigejke"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\7EC4B149D5F3E3448A7B654A022DAEDF]
"File"="iSyncConduit.dll"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://search.conduit.com/?SearchSource=10&CUI=UN17307067991731683&ctid=CT3279141]

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.babylon.com":"q","search.utorrent.com":"","search.bittorrent.com":"","search.bearshare.com":"q","search.bearshare.net":"q","searchya.com":"q","int.search-results.com":"q","search.searchcompletion.com":"q","www.adoresearch.com":"q","www.searchcore.net":"q","googosearch.info":"terms","bar.searchqu.com":"q","search.speedbit.com":"q","search.toggle.com":"q","click.searchnation.net":"query","isearch.whitesmoke.com":"q","search.handycafe.com":"q","searchassist.babylon.com":"q","searchnation.net":"query","video.searchcompletion.com":"q","www.searchbrowsing.com":"q","search.anchorfree.net":"q","search.hotspotshield.com":"q","dts.search-results.com":"q","uk.search-results.com":"q","search.chatzum.com":"q","search.phpnuke.org":"q","www.i-mysearch.com":"q","search.smartaddressbar.com":"q","www.search-guru.com":"q","searchgby.com":"","thespecialsearch.com":"q","search.bpath.com":"q","start.funmoods.com":"s","fr.search-results.com":"q","de.search-results.com":"q","it.search-results.com":"q","es.search-results.com":"q","search.imesh.com":"q","search.swagbucks.com":"q","isearch.avg.com":"q","search.avg.com":"q","search.yippy.com":"query","cludr.com":"q","search.vmn.net":"q","www.gigablast.com":"q","www.metacrawler.com":"q","www.webcrawler.com":"q","www.ixquick.com":"","www.search.com":"q","www.excite.com":"q","duckduckgo.com":"q","search.lycos.com":"q","webfetch.com":"q","monstercrawler.com":"q","go.com":"p","hotbot.com":"keyword","home.myplaycity.com":"s","www.findamo.com":"q","search.gboxapp.com":"q","start.iplay.com":"q","home.speedbit.com":"q","search.alot.com":"q","search.searchplusnetwork.com":"q","www.searchqu.net":"","us.yhs4.search.yahoo.com":"p","search.insiteapp.com":"q","somoto.com":"q","blekko.com":"","uk.yhs4.search.yahoo.com":"p","fr.yhs4.search.yahoo.com":"p","suggestor.netliker.com":"","search.netliker.com":"","insta-search.com":"q","www.fast-search.biz":"q","start.facemoods.com":"s","search.coolnovo.com":"","chromeplus.info":"q","in.yhs4.search.yahoo.com":"p","in.yhs.search.yahoo.com":"p","www.searchble.com":"keyword","home.allgameshome.com":"s","forsearch.net":"q","allssearch.com":"q","search.snap.do":"q","us.yhs.search.yahoo.com":"p","uk.yhs.search.yahoo.com":"p","fr.yhs.search.yahoo.com":"p","search.smartsearchbox.net":"","search.seznam.cz":"q","search.funmoods.com":"s","search.avira.com":"q","search.jzip.com":"q","search.findeer.com":"","search-faster.com":"","dnssearch.rr.com":"search","search.rr.com":"q","search.kalloutsearch4.com":"q","kalloutsearch4.com":"Keywords","search.rapidns.net":"SearchQuery","websearch.4shared.com":"q","images.search.conduit.com":"q","search.cpchero.biz":"q","search.kikin.com":"q","www.engine-search.biz":"q","www.mysearchresults.com":"q","search.vdc.com.vn":"SearchQuery","search.charter.net":"search","search-vbc.com":"keywords","search.pch.com":"q","search.pantip.com":"","www.startsearcher.com":"q","search.icafemanager.com":"q","aolsearcht10.search.aol.com":"q","search.free.fr":"","www.similarsitesearch.com":"URL","qoqole.com":"q","www.claro-search.com":"q","isearch.claro-search.com":"q","www.uncoverthenet.com/search":"q","www.searchcanvas.com":"q","search.etoolkit.com":"q","www.searchalgo.com":"q","bestsearchall.com":"q","bestorganicsearch.com":"q","mysearchproperties.com":"q","search.treasuretrooper.com":"q","btsearch.name":"q","optu.search-help.net":"search","search.clinck.in":"q","search.shareazaweb.net":"q","search.solarmash.com":"q","search.surfcanyon.com":"q","search.tedata.net":"SearchQuery","www.gooofullsearch.com":"keywords","www.alnaddy.com":"q","searchsafer.com":"q","www.searchqu.com":"q","searchfunmoods.com":"s","www.searchfunmoods.com":"s","www.searchya.com":"q","search.lphant.net":"","searchremagnified.com":"","www.pagequeryresults.com":"","www.searchqueryresults.com":"","domainhelp.search.com":"q","search.b1.org":"q","search.pontofrio.com.br":"q","search.maxonline.com.sg":"q","search.us.com":"k","www.picsearch.com":"q","www.search-document.com":"q","www.searchsafer.com":"q","www.website-unavailable.com":"q","fantastigames.metacrawler.com":"q","search.appsarefun.info":"","www.searchamong.com":"query","www.savevalet.com":"q","www.navegaki.com.br":"q","my.rally.io":"","isearch.glarysoft.com":"q","websearch.mocaflix.com":"s","search.fastaddressbar.com":"s","search.certified-toolbar.com":"q","www.delta-search.com":"q","mysearch.avg.com":"q","www1.search-results.com":"q","search.searchya.com":"q","websearch.just-browse.info":"s","search.fbdownloader.com":"q","search.startnow.com":"q","search.protectedsearch.com":"q","start.iminent.com":"q","websearch.pu-results.info":"s"}|||8641363892386984"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A9A9224E-76E1-4118-AF0B-020DB03B0716}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN17307067991731683"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN13416767035876247&UM=2"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}]
"FaviconURL"="http://search.conduit.com/favicon.ico"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\WinPatrol\Services]
"Search Protect by Conduit Updater"="700"


===================== Search result for "mysearchdial" ==========

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\Startup]
"cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial"="04/02/2014 8:24 AM"

[HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\Detected\Startup]
"cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial"="04/02/2014 8:28 AM"

====== End Of Search ======
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby Gary R » November 7th, 2014, 2:17 am

OK, please do the following ....

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java 7 Update 13
Java 7 Update 51
Spybot - Search & Destroy


Old versions of Java can be exploited, and Spybot may interfere with the infection removal process (it can be re-installed when we've finished cleaning your machine)

Reboot your computer when you've uninstalled them all.

Next ....

I notice you've disabled a number of programs from starting using MSConfig.

MSConfig is not meant to be used this way, it is only supposed to be used as a way of helping to troubleshoot problematic programs. If you don't want these programs to run at startup let me know and I'll arrange a suitable permanent solution for you.

In the meantime please re-enable all the items you've disabled ...

  • Click start, and in the Search program and files box tpe MSConfig then hit return
  • A System Configuration window will open.
  • Click on the Startup tab
  • Click on Enable All
  • Click OK

Now reboot your computer to implement the changes.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {A9A9224E-76E1-4118-AF0B-020DB03B0716} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN17307067991731683
SearchScopes: HKCU - {C4859E43-2DCE-4FDD-8843-F60102E2A3F5} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN13416767035876247&UM=2
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\searchplugins\Mysearchdial.xml
CHR HKLM\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-07-22]
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\admin\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\clay\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)
Task: {A86B2CB2-127A-4BBE-9569-A5FBFE9C1902} - \AmiUpdXp No Task File <==== ATTENTION
C:\Program Files\Conduit
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\IEHelper" /v "C:\Program Files\WhiteSmoke_B\prxtbWhit.dll" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\Trolltech" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A9A9224E-76E1-4118-AF0B-020DB03B0716}" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\WinPatrol\Services" /v "Search Protect by Conduit Updater" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\Startup" /v "cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\Detected\Startup" /v "cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial" /f
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • Fixlog.txt
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 7th, 2014, 1:48 pm

There is no AdwCleaner[s1]. txt but there is a AdwCleaner9[s0].txt which is want I am attaching.

# AdwCleaner v3.311 - Report created 07/11/2014 at 11:19:07
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : admin - OTTERSEA
# Running from : C:\Users\admin\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\admin\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\admin\Documents\Updater
Folder Deleted : C:\Users\clay\AppData\Local\Temp\apn
Folder Deleted : C:\Users\clay\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\clay\Documents\Updater
Folder Deleted : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\RadioRage_4j
File Deleted : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\searchplugins\ask-search.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\user.js
File Deleted : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMScanRunOnce
Task Deleted : Driver Support-RTMUpdater
Task Deleted : driverupdate startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41829420-151B-4920-B8A5-16BE4601B42A}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B01F3F08771A494439EC8990D0180939
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 en-US)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.ORJ-V7.DataStore.toolbar", "{\"BLACKLIST_SUBDOMAINS_OF\":[\"join.me\",\"Bing.com\",\"Hotmail.com\",\"Live.com\",\"ebay.com\",\"bing.com\",\"yahoo.com\",\"cnn.com\",\"live.com\",\[...]
Line Deleted : user_pref("extensions.crossrider.bic", "13d0ed38832deb281670789b95b2b303");
Line Deleted : user_pref("extensions.irmysearch.aflt", "dnldstr_14_14_ff");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0Dt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "984936944");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldstr_14_14_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0[...]
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "984936944");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "061CB25D872B8ADF20008F2AE6C44E88");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "0030673EA2CF145F");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16161");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCy[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.011:26:28");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.011:26:28");
Line Deleted : user_pref("extensions.toolbar_ORJ-V7@apn.ask.com.install-event-fired", true);

[ File : C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\sraicmh4.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtA[...]
Line Deleted : user_pref("extensions.crossrider.bic", "13d0ed11b7a613285dad0cc85dc840a8");
Line Deleted : user_pref("extensions.irmysearch.aflt", "dnldstr_14_14_ff");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0Dt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "984936944");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldstr_14_14_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzztA0ByByDtBtCtGzyyDtA0[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "984936944");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "0030673EA2CF145F");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16161");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtA0E0AtB0C0FtCyEyD0FtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.011:26:28");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1391022654737");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "72936");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");

*************************

AdwCleaner[R0].txt - [12495 octets] - [06/11/2014 13:41:15]
AdwCleaner[R1].txt - [12679 octets] - [07/11/2014 11:16:35]
AdwCleaner[S0].txt - [12859 octets] - [07/11/2014 11:19:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12920 octets] ##########
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 7th, 2014, 1:51 pm

Fislog.txt file

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014
Ran by admin at 2014-11-07 11:38:12 Run:1
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin & clay)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {A9A9224E-76E1-4118-AF0B-020DB03B0716} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN17307067991731683
SearchScopes: HKCU - {C4859E43-2DCE-4FDD-8843-F60102E2A3F5} URL = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN13416767035876247&UM=2
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\searchplugins\Mysearchdial.xml
CHR HKLM\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-07-22]
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\admin\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\clay\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)
Task: {A86B2CB2-127A-4BBE-9569-A5FBFE9C1902} - \AmiUpdXp No Task File <==== ATTENTION
C:\Program Files\Conduit
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\IEHelper" /v "C:\Program Files\WhiteSmoke_B\prxtbWhit.dll" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\Trolltech" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A9A9224E-76E1-4118-AF0B-020DB03B0716}" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\WinPatrol\Services" /v "Search Protect by Conduit Updater" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\Startup" /v "cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\Detected\Startup" /v "cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial" /f
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3128821885-2795174726-813518338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9A9224E-76E1-4118-AF0B-020DB03B0716}" => Key deleted successfully.
"HKCR\CLSID\{A9A9224E-76E1-4118-AF0B-020DB03B0716}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" => Key deleted successfully.
"HKCR\CLSID\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" => Key not found.
"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\searchplugins\Mysearchdial.xml" => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\nobnjjknonbflhaiepehfnncjhigejke" => Key deleted successfully.
C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\nobnjjknonbflhaiepehfnncjhigejke" => Key deleted successfully.
"C:\Users\admin\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx" => File/Directory not found.
"HKU\S-1-5-21-3128821885-2795174726-813518338-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}" => Key deleted successfully.
"HKU\S-1-5-21-3128821885-2795174726-813518338-1007_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86B2CB2-127A-4BBE-9569-A5FBFE9C1902}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key not found.
"C:\Program Files\Conduit" => File/Directory not found.

========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Updater By SweetPacks =========



========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\IEHelper" /v "C:\Program Files\WhiteSmoke_B\prxtbWhit.dll" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\Trolltech" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nobnjjknonbflhaiepehfnncjhigejke" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A9A9224E-76E1-4118-AF0B-020DB03B0716}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4859E43-2DCE-4FDD-8843-F60102E2A3F5}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\WinPatrol\Services" /v "Search Protect by Conduit Updater" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1000\Software\BillP Studios\Detected\Startup" /v "cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_USERS\S-1-5-21-3128821885-2795174726-813518338-1007\Software\BillP Studios\Detected\Startup" /v "cmd.exe /c rd /s /q C:\Users\admin\AppData\Roaming\mysearchdial" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====


The computer seems to boot faster now but I still get runtime errors on bootup. Both the errors have to to with Roxio which is why I had them to not boot on startup. How do I change the startup menu if I can;t use ipconfig? Thanks
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby Gary R » November 7th, 2014, 7:31 pm

The computer seems to boot faster now but I still get runtime errors on bootup. Both the errors have to to with Roxio which is why I had them to not boot on startup. How do I change the startup menu if I can;t use ipconfig? Thanks


We can stop them from starting on startup by removing them from the appropriate Registry Keys. To do that, I first need you to run a new scan for me with FRST.

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning this time just 1 log will open on your Desktop, FRST.txt
    • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Windows 7 runs very slow and fails update

Unread postby ottersea » November 8th, 2014, 12:39 pm

FRST.txt


can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by admin (administrator) on OTTERSEA on 08-11-2014 10:38:16
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & clay (Available profiles: admin & clay)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(APC) C:\Program Files\Pwrchute\ups.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
() C:\Windows\system\HsMgr.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
() C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(Dropbox, Inc.) C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
() C:\Windows\system\HsMgr.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
() C:\Windows\System32\C2MP\UPDATE~1.EXE
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [Cmaudio8788] => RunDll32 cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [Brdefprn] => C:\Program Files\Brother\BRHL3070\Brdefprn.exe [45056 2009-07-08] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-03] (AVAST Software)
HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-27] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1121016 2006-11-15] (Roxio)
HKLM\...\Run: [MediaFace Integration] => C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe [53248 2009-02-02] (Fellowes, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\Media Experience\DMXLauncher.exe [102400 2006-11-14] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [(default)] => [X]
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [307200 2004-11-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-3128821885-2795174726-813518338-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-3128821885-2795174726-813518338-1007\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\System32\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Users\clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3003CF1CFDFFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default
FF NewTab:
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xnpoh7le.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-31]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-24] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
S3 Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-11-26] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-11-26] (Sonic Solutions) [File not signed]
S2 RoxLiveShare9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2006-11-27] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-27] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-27] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 UPS; C:\Program Files\Pwrchute\ups.exe [487465 1999-12-20] (APC) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2012-05-17] (AnvSoft Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-03] ()
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-08-09] (Sonic Solutions) [File not signed]
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [50688 2006-11-27] (Sonic Solutions) [File not signed]
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [202800 2011-12-12] (Jungo)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-11-07] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 getbus; \??\C:\Users\admin\AppData\Local\Temp\getbus.sys [X]
S3 MSICDSetup; \??\H:\CDriver.sys [X]
S4 NVHDA; system32\drivers\nvhda32v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 10:38 - 2014-11-08 10:38 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-11-07 21:25 - 2014-11-07 21:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\clay\Downloads\spybot-2.4.exe
2014-11-07 18:53 - 2014-11-07 18:53 - 00000000 ____D () C:\Users\clay\Desktop\Old Firefox Data
2014-11-07 18:47 - 2014-11-07 18:51 - 35285328 _____ () C:\Users\clay\Downloads\Firefox Setup 32.0.3.exe
2014-11-06 22:18 - 2014-11-06 22:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-06 17:11 - 2014-11-06 17:11 - 00032529 _____ () C:\Users\admin\Desktop\Search.txt
2014-11-06 17:00 - 2014-11-06 17:01 - 00034548 _____ () C:\Users\admin\Desktop\Addition.txt
2014-11-06 16:23 - 2014-11-08 10:38 - 00017700 _____ () C:\Users\admin\Desktop\FRST.txt
2014-11-06 16:21 - 2014-11-08 10:38 - 00000000 ____D () C:\FRST
2014-11-06 16:19 - 2014-11-08 10:38 - 01107968 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2014-11-06 14:26 - 2014-11-06 14:26 - 00012131 _____ () C:\Users\clay\AppData\Local\recently-used.xbel
2014-11-06 13:52 - 2014-11-06 13:42 - 00012495 _____ () C:\Users\admin\Desktop\AdwCleaner[R0].txt
2014-11-06 13:41 - 2014-11-07 11:19 - 00000000 ____D () C:\AdwCleaner
2014-11-06 13:36 - 2014-11-06 13:36 - 01375089 _____ () C:\Users\admin\Desktop\adwcleaner_3.311.exe
2014-11-06 13:30 - 2014-11-06 13:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OTTERSEA-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-11-06 13:29 - 2014-11-06 13:29 - 00000000 ____D () C:\RegBackup
2014-11-06 13:27 - 2014-11-06 13:27 - 00002146 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-06 13:27 - 2014-11-06 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-06 13:27 - 2014-11-06 13:27 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-06 13:26 - 2014-11-06 13:26 - 04215584 _____ () C:\Users\admin\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-04 10:31 - 2014-11-04 10:30 - 00021441 _____ () C:\Users\clay\Desktop\DDS.txt
2014-11-04 10:31 - 2014-11-04 10:30 - 00013016 _____ () C:\Users\clay\Desktop\Attach.txt
2014-11-04 10:30 - 2014-11-07 11:34 - 00000000 ____D () C:\Trouble shooting
2014-11-04 10:29 - 2014-11-04 10:29 - 00013016 _____ () C:\Users\admin\Desktop\attach.txt
2014-11-04 10:29 - 2014-11-04 10:28 - 00021441 _____ () C:\Users\admin\Desktop\dds.txt
2014-11-04 10:25 - 2014-11-04 10:25 - 00688992 ____R (Swearware) C:\Users\clay\Desktop\dds.scr
2014-11-03 11:15 - 2014-11-03 11:15 - 00985600 _____ () C:\Users\admin\Downloads\MicrosoftFixit50123.msi
2014-11-02 14:09 - 2014-11-02 14:09 - 00000000 ____D () C:\Windows\system32\Lang
2014-11-02 14:09 - 2014-11-02 14:09 - 00000000 ____D () C:\Program Files\Intel
2014-11-02 14:09 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2014-11-02 14:09 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-11-02 14:09 - 2009-09-23 11:47 - 00121232 _____ () C:\Windows\system32\IScrNB.bmp
2014-11-02 13:59 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2014-11-02 13:40 - 2014-11-02 13:40 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-21 13:56 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-21 13:56 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-21 13:56 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-21 13:21 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 13:20 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-21 13:20 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 13:20 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 13:20 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 13:20 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 13:20 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 13:20 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 13:20 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-21 13:20 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 13:20 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-21 13:20 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-21 13:20 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-21 13:20 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-21 13:20 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-21 13:20 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 13:20 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 13:20 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-21 13:20 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 13:20 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-21 13:20 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-21 13:20 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-21 13:20 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-21 13:20 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-21 13:20 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-21 13:20 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-21 13:20 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 13:20 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-21 13:20 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 13:20 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 13:20 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 13:20 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 13:20 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-21 13:20 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 13:20 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 13:20 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 13:19 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-21 13:19 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 13:19 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-21 13:19 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-21 13:19 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-21 13:19 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-21 13:19 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-20 10:57 - 2014-10-20 17:21 - 00000930 _____ () C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
2014-10-20 10:57 - 2014-10-20 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
2014-10-20 10:55 - 2014-10-20 11:25 - 00000000 ____D () C:\Program Files\coolpro2
2014-10-20 08:53 - 2014-10-20 08:53 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2014-10-20 07:50 - 2014-10-20 07:50 - 00058442 _____ () C:\Windows\system32\CCCInstall_201410200850430927.log
2014-10-19 22:10 - 2014-10-19 22:10 - 00000000 ____D () C:\Users\clay\AppData\Roaming\ATI
2014-10-19 22:10 - 2014-10-19 22:10 - 00000000 ____D () C:\Users\clay\AppData\Local\ATI
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\Users\admin\AppData\Roaming\ATI
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\Users\admin\AppData\Local\ATI
2014-10-19 22:02 - 2014-10-19 22:02 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-10-19 21:59 - 2014-10-20 07:55 - 00000000 ____D () C:\ProgramData\AMD
2014-10-19 21:59 - 2014-10-19 21:59 - 00059287 _____ () C:\Windows\system32\CCCInstall_201410192259058349.log
2014-10-19 21:56 - 2014-10-19 21:56 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-10-19 21:56 - 2014-10-19 21:56 - 00000000 ____D () C:\Program Files\AMD
2014-10-19 21:56 - 2013-12-06 15:38 - 00995342 _____ () C:\Windows\system32\amdocl_as32.exe
2014-10-19 21:56 - 2013-12-06 15:38 - 00798734 _____ () C:\Windows\system32\amdocl_ld32.exe
2014-10-19 21:56 - 2013-12-06 15:38 - 00200704 _____ () C:\Windows\system32\clinfo.exe
2014-10-19 21:56 - 2013-12-06 15:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo.dll
2014-10-19 21:56 - 2013-12-06 15:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode.dll
2014-10-19 21:56 - 2013-12-06 15:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2014-10-19 21:56 - 2013-12-06 15:33 - 00057344 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-19 21:56 - 2013-12-06 15:26 - 00114688 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2014-10-19 21:56 - 2013-12-06 15:13 - 00550456 _____ () C:\Windows\system32\atiapfxx.blb
2014-10-19 21:56 - 2013-12-06 14:28 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-10-19 21:56 - 2013-12-06 14:28 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2014-10-19 21:56 - 2013-09-26 15:14 - 00083552 _____ () C:\Windows\system32\ativce02.dat
2014-10-19 21:56 - 2013-09-12 10:31 - 00233776 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-10-19 21:56 - 2013-09-12 10:30 - 00234036 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-10-19 21:56 - 2011-09-12 16:06 - 00003917 _____ () C:\Windows\system32\atipblag.dat
2014-10-19 21:54 - 2014-10-19 21:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 18:44 - 2014-10-19 18:44 - 00310480 _____ () C:\Windows\Minidump\101914-23421-01.dmp
2014-10-19 17:02 - 2014-10-19 17:03 - 00000000 ____D () C:\Users\clay\AppData\Local\NVIDIA Corporation
2014-10-19 17:02 - 2014-10-19 17:02 - 00000000 ____D () C:\Users\clay\AppData\Local\NVIDIA
2014-10-19 16:18 - 2014-10-20 07:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-19 16:17 - 2014-10-20 08:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-19 16:16 - 2014-09-04 13:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-10-19 16:16 - 2014-09-04 13:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2014-10-19 16:14 - 2014-10-19 16:14 - 00000000 ____D () C:\NVIDIA
2014-10-18 21:03 - 2014-10-18 21:03 - 00337648 _____ () C:\Windows\Minidump\101814-45968-01.dmp
2014-10-18 20:42 - 2014-11-07 18:44 - 00004603 _____ () C:\Windows\setupact.log
2014-10-18 20:02 - 2014-10-18 20:02 - 00425432 _____ () C:\Windows\Minidump\101814-22859-01.dmp
2014-10-18 18:57 - 2014-10-18 18:57 - 00268128 _____ () C:\Windows\Minidump\101814-20984-01.dmp
2014-10-18 17:27 - 2014-10-18 17:27 - 00417464 _____ () C:\Windows\Minidump\101814-32890-01.dmp
2014-10-18 16:08 - 2014-10-18 16:08 - 00287152 _____ () C:\Windows\Minidump\101814-38937-01.dmp
2014-10-11 15:13 - 2014-10-11 15:13 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-10-11 10:29 - 2014-10-11 10:29 - 00009037 _____ () C:\Windows\system32\RunLegacyCPLElevated.exe.Z-missing.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 10:38 - 2013-01-31 16:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 10:35 - 2013-02-01 18:22 - 00000000 ____D () C:\Users\admin\AppData\Local\PasswordSafe
2014-11-08 10:35 - 2013-01-31 16:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 10:35 - 2013-01-31 13:43 - 00000394 _____ () C:\Windows\Brownie.ini
2014-11-08 09:46 - 2013-01-31 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 08:59 - 2013-01-31 14:05 - 00000000 ____D () C:\Program Files\CyberPower PowerPanel Personal Edition
2014-11-08 00:10 - 2013-01-31 15:06 - 01326819 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 21:55 - 2013-02-01 09:10 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2014-11-07 21:38 - 2013-11-25 16:10 - 00000000 ___RD () C:\Users\clay\Dropbox
2014-11-07 21:38 - 2013-11-25 16:00 - 00000000 ____D () C:\Users\clay\AppData\Roaming\Dropbox
2014-11-07 18:53 - 2009-07-13 22:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 18:53 - 2009-07-13 22:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 18:44 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 11:42 - 2010-11-20 15:48 - 00344070 _____ () C:\Windows\PFRO.log
2014-11-07 11:38 - 2013-02-24 18:50 - 00000000 ____D () C:\Users\admin\AppData\Local\CRE
2014-11-07 11:18 - 2010-11-20 15:01 - 00799230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 11:14 - 2014-04-01 10:40 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-07 11:12 - 2013-02-02 15:49 - 00000000 ____D () C:\Windows\pss
2014-11-07 11:09 - 2013-02-27 07:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-07 11:09 - 2013-01-31 15:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 11:02 - 2013-03-23 09:45 - 00000000 ____D () C:\Program Files\Java
2014-11-07 10:56 - 2013-02-01 09:13 - 00000000 ____D () C:\Users\clay\AppData\Local\PasswordSafe
2014-11-07 09:37 - 2009-07-13 20:04 - 00000697 _____ () C:\Windows\win.ini
2014-11-07 09:37 - 2009-07-13 20:04 - 00000241 _____ () C:\Windows\system.ini
2014-11-06 14:26 - 2013-03-06 09:49 - 00000000 ____D () C:\Users\clay\.gimp-2.8
2014-11-06 13:20 - 2013-01-31 13:15 - 00000000 ____D () C:\Users\admin
2014-11-06 13:01 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-11-06 03:28 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-06 03:22 - 2009-07-13 22:33 - 00354304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-06 03:19 - 2014-05-15 21:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-03 08:38 - 2013-02-01 09:12 - 00000000 ____D () C:\Program Files\Password Safe
2014-11-02 13:49 - 2013-08-08 08:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-02 13:44 - 2013-02-02 13:54 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-28 05:35 - 2013-01-31 13:52 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 16:49 - 2013-01-31 16:15 - 00002012 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-24 17:35 - 2013-01-31 17:42 - 00000000 ____D () C:\Users\clay
2014-10-21 12:32 - 2013-08-05 11:46 - 00000000 ____D () C:\Network Share
2014-10-20 17:19 - 2013-01-31 15:01 - 00000000 ____D () C:\Temp
2014-10-19 21:20 - 2013-03-03 15:41 - 00000000 ____D () C:\Program Files\Pwrchute
2014-10-19 18:44 - 2013-01-31 15:04 - 00000000 ____D () C:\Windows\Minidump
2014-10-19 18:44 - 2013-01-31 15:03 - 326499530 _____ () C:\Windows\MEMORY.DMP
2014-10-19 16:17 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Help
2014-10-19 16:12 - 2013-03-26 14:35 - 00000455 _____ () C:\Users\admin\AppData\Roaming\Safer-Networking.log
2014-10-18 17:14 - 2013-02-04 11:07 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-10-18 17:12 - 2013-01-31 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-18 17:12 - 2013-01-31 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-15 09:52 - 2013-01-31 13:43 - 00000426 _____ () C:\Windows\BRWMARK.INI

Some content of TEMP:
====================
C:\Users\clay\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvry9vj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 01:03

==================== End Of Log ============================
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Windows 7 runs very slow and fails update

Unread postby Gary R » November 8th, 2014, 1:59 pm

The "fix" below will remove the Startup entries for all the items you had disabled in MSConfig if there are any that you do not want permanently disabled from starting at startup, then please remove them from the script.

"Fixing" these entries will not remove the programs from your computer, and you will be able to start them manually, they just won't start automatically on bootup.

So that said ....

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (do not include Code: Select all).
Code: Select all
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\Media Experience\DMXLauncher.exe [102400 2006-11-14] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [MediaFace Integration] => C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe [53248 2009-02-02] (Fellowes, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1121016 2006-11-15] (Roxio)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-27] (Sonic Solutions)
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log, and let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware