Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Extremely slow computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Extremely slow computer

Unread postby harmonykrieg » May 3rd, 2014, 10:05 am

Symptoms: I have problems with my computer running extremely slowly lately.
In particular: Firefox freezes an awful lot, often completely randomly when it doesn't appear to be doing anything taxing, for minutes at a time. I very frequently get the frozen-javascript message popping up.
Other strange things: Firefox occasionally swaps tabs without me asking it to. Windows programs occasionally swap without me asking them to. Sometimes simple things like the standard "open file" dialog box in programs like notepad or paint take a very long time to pop up (like 30 seconds).

Here are my DDS logs:

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Aradesh at 14:51:42 on 2014-05-03
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.29 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\SumatraPDF\SumatraPDF.exe
C:\windows\system32\conhost.exe
C:\windows\system32\mspaint.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\vssvc.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://samsung.msn.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing

\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared

\windows live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - c:\program files\samsung anyweb print\W2PBrowser.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing

\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing

\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing

\hpswp_bho.dll
uRun: [Google Update] "c:\users\aradesh\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
StartupFolder: c:\users\aradesh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\aradesh

\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer

\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\samsung anyweb print

\W2PBrowser.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging

\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}\244584F6D65684572623D28393E4A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}\2456C6B696E6F5E4F5144435C4F5731464131353 : DHCPNameServer =

192.168.2.1
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}\35B4950363830343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}\45F6E69702751627E6562702E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}\460786930393 : DHCPNameServer = 194.90.1.5 212.143.212.143
TCP: Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}\C4F6262697 : DHCPNameServer = 194.90.1.5 212.143.212.143

212.143.212.143
TCP: Interfaces\{BBDE4144-D5EC-4099-9034-F46F27D32A21} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery

\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aradesh\appdata\roaming\mozilla\firefox\profiles\nk28qynz.default\
FF - prefs.js: browser.startup.homepage - http://www.google.co.uk
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\aradesh\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
FF - ExtSQL: !HIDDEN! 2013-01-14 22:56; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing

\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 MpKsl46129724;MpKsl46129724;c:\programdata\microsoft\microsoft antimalware\definition updates\{1f0fe1d7-d110-4b20-b9e3-

3c499d37fe63}\MpKsl46129724.sys [2014-5-2 39464]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2011-7-15 10752]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE

[2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-

6-26 523944]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-7-16 116008]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers

\NETwNs32.sys [2011-5-1 7513088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe

[2013-6-26 207528]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-8-30

315680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework

\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-18 108032]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2011-7-16 131888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-05-03 13:18:01 -------- d-----w- c:\users\aradesh\dds-scans
2014-05-03 02:01:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 22:33:21 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1f0fe1d7-

d110-4b20-b9e3-3c499d37fe63}\offreg.dll
2014-05-02 22:33:11 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1f0fe1d7-

d110-4b20-b9e3-3c499d37fe63}\MpKsl46129724.sys
2014-05-02 22:28:36 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d05f3f83-

a585-475c-a27c-3841ca66be72}\gapaengine.dll
2014-05-02 22:26:55 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1f0fe1d7-

d110-4b20-b9e3-3c499d37fe63}\mpengine.dll
2014-05-01 16:23:39 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup

\mpengine.dll
2014-04-23 21:31:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-19 20:44:28 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f6df06e4-

96d0-44a0-80f6-91cdf8e46ae0}\gapaengine.dll
2014-04-18 08:06:09 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-04-18 08:06:08 257536 ----a-w- c:\program files\internet explorer\IEShims.dll
2014-04-18 08:04:58 1064960 ----a-w- c:\program files\internet explorer\networkinspection.dll
2014-04-18 08:04:55 1634304 ----a-w- c:\program files\internet explorer\F12.dll
2014-04-18 08:04:52 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe
2014-04-18 08:04:50 470016 ----a-w- c:\program files\internet explorer\ieinstal.exe
2014-04-18 08:04:48 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-04-18 08:04:46 811728 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-04-18 08:04:42 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-04-18 08:04:26 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-13 09:14:08 0 ----a-w- c:\windows\system32\sho900B.tmp
2014-04-09 11:34:01 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 11:34:01 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 11:34:00 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 11:34:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 11:33:55 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-09 10:07:22 -------- d-----w- c:\users\aradesh\appdata\local\Skype
2014-04-09 10:06:48 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2014-04-29 15:59:54 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 15:59:52 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-27 13:32:53 88064 ----a-w- c:\windows\system32\AudioExCtl.dll
2014-03-11 08:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-13 11:26:35 0 ----a-w- c:\windows\system32\sho7A4A.tmp
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 14:53:03.90 ===============

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 18/03/2012 15:24:50
System Uptime: 02/05/2014 22:47:34 (16 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N250P/N145P
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU 1 | 1667/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 113 GiB total, 46.263 GiB free.
D: is FIXED (NTFS) - 168 GiB total, 152.103 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP298: 18/04/2014 09:01:36 - Windows Update
RP299: 22/04/2014 10:07:11 - Windows Update
RP300: 23/04/2014 22:28:39 - Installed Java 7 Update 55
RP301: 26/04/2014 14:53:50 - Windows Update
RP302: 30/04/2014 14:01:40 - Windows Update
RP303: 03/05/2014 03:00:19 - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
1400
1400_Help
1400Trb
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader 9.2
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Atheros Client Installation Program
Audacity 2.0.2
AutoHotkey 1.1.13.01
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bing Bar
Bonbon Quest
Broadcom 802.11 Network Adapter
BufferChm
Cake Mania
CamStudio OSS Desktop Recorder
Copy
CyberLink YouCam
D3DX10
Daycare Nightmare
Destinations
DeviceDiscovery
DjVuLibre+DjView
DocProc
Dropbox
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X86 8.0.7.2_WHQL
Fast Start
Fax
FlashDevelop 4.0.4
Flip Words
Fotogalerija Windows Live
Furcadia
Galapago
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Game Pack
Gem Shop
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HxD Hex Editor version 1.7.7.0
Insaniquarium Deluxe
inSSIDer
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
LAME v3.99.3 (for Windows)
Mahjong Escape Ancient China
MapEdit v1.00
MarketResearch
Marvell Miniport Driver
Media Go
Media Go Video Playback Engine 1.116.108.02030
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiKTeX 2.9
Minesweeper Clone 2007 release 2
Mjuice Components
Movie Color Enhancer
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.3
Network
Norton Online Backup
Notepad++
OCR Software by I.R.I.S. 13.0
PlayStation(R)Store
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Python 2.7.3
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
REALTEK PCIE Wireless LAN Software
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
SamsungMovie
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Shop for HP Supplies
SISShortcut
Skype™ 6.14
Slingo
SmartWebPrinting
SolutionCenter
Status
SumatraPDF
Toolbox
TrayApp
Trillian
UnloadSupport
User Guide
VLC media player 2.0.1
WebReg
Winamp (Remove Only)
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinEdt 7
wxPython 2.8.12.1 (unicode) for Python 2.7
wxPython Docs and Demos 2.8.12.1
.
==== Event Viewer Messages From Past Week ========
.
30/04/2014 09:43:51, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
02/05/2014 15:30:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the IPBusEnum service.
.
==== End Of File ===========================

Regards,
Robert.
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am
Advertisement
Register to Remove

Re: Extremely slow computer

Unread postby wannabeageek » May 4th, 2014, 6:22 pm

Hello harmonykrieg, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start




Step 1.
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image


Step 2.
Junkware Removal Tool
  • Please download and run the following program: JRT.exe
  • Right-click JRT.exe and select " Run as administrator " to run it.
  • When the program is finished running, post the log JRT.txt in your next reply.


Step 3.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Contents of C:\AdwCleaner[S?].txt
  2. Contents of JRT.txt
  3. Contents of OTL.txt
  4. Contents of Extras.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby harmonykrieg » May 5th, 2014, 5:28 am

Hey wbg, good to hear from you.

Here are the logs you asked for. Only thing I have to note is that I let AdwCleaner wait all night before I hit clean, as it gave me no obvious signal that a scan had been completed despite the fact that it must have completed fairly quickly.

Regards,
Robert.

AdwCleaner[S0]:
# AdwCleaner v3.206 - Report created 05/05/2014 at 08:43:59
# Updated 04/05/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Aradesh - MINESWEEPER
# Running from : C:\Users\Aradesh\Documents\AdwCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1225 octets] - [04/05/2014 23:42:49]
AdwCleaner[S0].txt - [1154 octets] - [05/05/2014 08:43:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1214 octets] ##########

JRT.txt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Aradesh on 05/05/2014 at 9:54:08.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\system32\sho36BD.tmp
Successfully deleted: [File] C:\windows\system32\sho41B2.tmp
Successfully deleted: [File] C:\windows\system32\sho477E.tmp
Successfully deleted: [File] C:\windows\system32\sho7A4A.tmp
Successfully deleted: [File] C:\windows\system32\sho900B.tmp
Successfully deleted: [File] C:\windows\system32\shoE60D.tmp



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Aradesh\AppData\Roaming\mozilla\firefox\profiles\nk28qynz.default\minidumps [183 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/05/2014 at 10:01:51.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL.txt:
OTL logfile created on: 05/05/2014 10:05:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aradesh\Documents\malware-removal\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.30 Mb Total Physical Memory | 185.18 Mb Available Physical Memory | 18.27% Memory free
1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.00 Gb Total Space | 47.20 Gb Free Space | 41.77% Space Free | Partition Type: NTFS
Drive D: | 167.57 Gb Total Space | 152.10 Gb Free Space | 90.77% Space Free | Partition Type: NTFS

Computer Name: MINESWEEPER | User Name: Aradesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/05 10:03:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aradesh\My Documents\malware-removal\OTL\OTL.exe
PRC - [2014/04/03 09:12:27 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/30 20:24:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/27 14:32:31 | 000,007,680 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/01/03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/11/20 22:29:39 | 000,776,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
PRC - [2010/11/12 23:24:06 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/19 09:22:36 | 000,775,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/08/11 08:34:40 | 004,384,560 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/08/05 06:16:04 | 002,208,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
PRC - [2010/08/04 16:22:46 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/30 20:24:04 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/27 14:32:31 | 000,007,680 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2014/01/03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/07/18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV - [2014/04/29 17:00:04 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/30 20:24:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/06 08:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/01 13:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/09 20:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010/06/01 07:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/10/27 12:36:15 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/06/26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012/01/03 05:59:29 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2011/05/01 06:32:08 | 007,513,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/01/25 05:40:04 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/30 15:45:48 | 000,315,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3758711877-2612836815-1606966065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-3758711877-2612836815-1606966065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3758711877-2612836815-1606966065-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3758711877-2612836815-1606966065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aradesh\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aradesh\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/14 23:56:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/14 23:56:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/10 14:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aradesh\AppData\Roaming\Mozilla\Extensions
[2014/05/01 19:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\extensions
[2014/03/21 14:25:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/07/22 17:20:00 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2014/05/01 19:10:27 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/04 23:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 20:24:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: First user (Enabled) = C:\Users\Aradesh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aradesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{959F5426-043F-4A9A-BC8E-E605113FAB14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDE4144-D5EC-4099-9034-F46F27D32A21}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/05 09:53:59 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/04 23:44:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\System32\sqlite3.dll
[2014/05/04 23:41:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/03 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\Aradesh\dds-scans
[2014/05/03 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\Aradesh\Documents\dds
[2014/05/03 03:01:01 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/04/23 22:31:45 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2014/04/23 22:31:25 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2014/04/23 22:31:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2014/04/23 22:31:25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2014/04/23 22:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/22 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\Aradesh\Documents\comics
[2014/04/18 09:06:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2014/04/18 09:05:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll
[2014/04/18 09:05:38 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2014/04/18 09:05:33 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2014/04/18 09:05:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2014/04/18 09:05:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2014/04/18 09:05:26 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2014/04/18 09:05:24 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2014/04/18 09:05:22 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2014/04/18 09:05:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2014/04/18 09:05:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2014/04/18 09:05:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2014/04/18 09:05:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\JavaScriptCollectionAgent.dll
[2014/04/18 09:05:15 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll
[2014/04/18 09:05:14 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe
[2014/04/18 09:05:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll
[2014/04/18 09:05:12 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2014/04/18 09:04:42 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2014/04/18 09:04:26 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2014/04/09 12:34:01 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2014/04/09 12:34:00 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2014/04/09 12:34:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iologmsg.dll
[2014/04/09 11:07:22 | 000,000,000 | ---D | C] -- C:\Users\Aradesh\AppData\Local\Skype
[2014/04/09 11:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/09 11:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/04/09 11:06:48 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/04/09 11:04:42 | 000,000,000 | ---D | C] -- C:\Users\Aradesh\Documents\skype

========== Files - Modified Within 30 Days ==========

[2014/05/05 09:56:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 09:36:01 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000UA.job
[2014/05/05 09:17:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/05 09:17:01 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 08:54:41 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 08:54:41 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 08:46:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/05 08:46:27 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/04 20:36:11 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000Core.job
[2014/04/29 16:59:54 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2014/04/29 16:59:52 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 13:34:22 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2014/04/28 20:15:25 | 000,002,381 | ---- | M] () -- C:\Users\Aradesh\Desktop\Google Chrome.lnk
[2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2014/04/07 13:56:48 | 000,542,839 | ---- | M] () -- C:\Users\Aradesh\Documents\guitarComplete11.pdf
[2014/04/07 13:56:06 | 000,100,369 | ---- | M] () -- C:\Users\Aradesh\Documents\guitar0111.pdf
[2014/04/07 13:54:58 | 000,107,248 | ---- | M] () -- C:\Users\Aradesh\Documents\guitar0511.pdf
[2014/04/07 13:53:54 | 000,084,665 | ---- | M] () -- C:\Users\Aradesh\Documents\guitarSyllabusRequirements11.pdf
[2014/04/07 12:48:14 | 000,667,556 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/04/07 12:48:14 | 000,126,942 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014/04/07 09:15:41 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2014/04/07 13:56:49 | 000,542,839 | ---- | C] () -- C:\Users\Aradesh\Documents\guitarComplete11.pdf
[2014/04/07 13:56:08 | 000,100,369 | ---- | C] () -- C:\Users\Aradesh\Documents\guitar0111.pdf
[2014/04/07 13:55:02 | 000,107,248 | ---- | C] () -- C:\Users\Aradesh\Documents\guitar0511.pdf
[2014/04/07 13:54:02 | 000,084,665 | ---- | C] () -- C:\Users\Aradesh\Documents\guitarSyllabusRequirements11.pdf
[2014/03/27 14:33:09 | 000,000,132 | ---- | C] () -- C:\windows\winamp.ini
[2014/03/27 14:32:53 | 000,088,064 | ---- | C] () -- C:\windows\System32\AudioExCtl.dll
[2013/12/16 10:16:57 | 000,459,449 | ---- | C] () -- C:\Users\Aradesh\funding confirmation letter-1.pdf
[2013/10/27 13:09:21 | 000,056,832 | ---- | C] () -- C:\windows\System32\IYVU9_32.DLL
[2013/01/14 23:40:44 | 000,221,245 | ---- | C] () -- C:\windows\hpoins19.dat
[2013/01/14 23:40:44 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat
[2012/12/24 22:34:36 | 000,014,848 | ---- | C] ( ) -- C:\windows\System32\Interop.MSScriptControl.dll
[2012/10/17 16:31:41 | 000,000,090 | ---- | C] () -- C:\Users\Aradesh\mm.cfg
[2012/09/23 18:20:47 | 000,000,600 | ---- | C] () -- C:\Users\Aradesh\AppData\Local\PUTTY.RND
[2012/03/18 16:34:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt:
OTL Extras logfile created on: 05/05/2014 10:05:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aradesh\Documents\malware-removal\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.30 Mb Total Physical Memory | 185.18 Mb Available Physical Memory | 18.27% Memory free
1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.00 Gb Total Space | 47.20 Gb Free Space | 41.77% Space Free | Partition Type: NTFS
Drive D: | 167.57 Gb Total Space | 152.10 Gb Free Space | 90.77% Space Free | Partition Type: NTFS

Computer Name: MINESWEEPER | User Name: Aradesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3758711877-2612836815-1606966065-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18FE1FE4-75B4-4BA4-9CD3-75E8C2830A74}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C002614-167D-4198-B859-F6BA2565B5E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{1CC9830E-21AF-498A-9D78-3E436D57E6D7}" = rport=445 | protocol=6 | dir=out | app=system |
"{262896E2-9668-4E93-B0EE-A77FE5D16421}" = lport=445 | protocol=6 | dir=in | app=system |
"{33A8F6B1-255C-440C-8274-FBCB21CF2217}" = rport=139 | protocol=6 | dir=out | app=system |
"{498BE893-D7E6-477B-8D36-9CD810EF786B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A3CF885-433B-4AB6-9716-7ECC78B96359}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{590FBF07-F296-4A9B-8333-54B9501FCE4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E7A9412-7FCC-478A-80E8-4DD073C7E1EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{76767173-823E-4B90-A239-36A2466177E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADDDAE1B-D9A3-49B3-A651-D8EC9CF2A91C}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB66956A-922E-4C8E-A829-8F6CAFCBC13A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E7CD0A3C-318E-4385-9AB8-49708391F8EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB3466ED-6BEA-4DD8-86AB-BC549DDB1FD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00331F5C-ECC2-4576-901C-D93371F2B21D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{045AE09D-8B5E-408C-86F9-E28145DC7A53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{0660E6AB-6E02-478F-A8E2-E5B43160A138}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E014934-18B4-40DF-B21C-1CE9E4F7B06A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung universal scan driver\iccupdater.exe |
"{1ACFAA3B-1103-4202-9CFC-771236D8CE02}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{20BA21FF-33F1-4E6E-831D-9BC668CED405}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{2258320F-F871-452A-93F1-B101B9F3F31F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24A8D72A-FDBF-4D4C-AD6C-791D215C39F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{314CB28E-E730-4B30-B12A-B6B9310C0D9A}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{3217339B-F80C-423A-BB08-D37D8814B13A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung universal scan driver\usdagent.exe |
"{360C6B4C-BDA1-41FB-925E-7258D96032DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{39094B18-07C6-4D34-AF8A-B64B55C6F5B2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{44CA1B53-EBC5-472C-98FB-6C3DA5BF257F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{44FA57C4-53CB-4698-9674-B1E772AA0630}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{463389AB-9AF5-4A7C-8743-E0C2606BF36E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6B12F7A2-A05D-4F68-A675-EEA516B06651}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DCF6A21-FCC1-45CE-A768-86698292773F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung universal scan driver\usdagent.exe |
"{779D2B8E-B419-4A66-8193-1FDFDA620B68}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{811B0D47-15F4-4C84-9F7B-BE7E200054BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{84D4A436-EDC5-446E-8444-3BF60B238B54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{8F6FD355-EBE9-4774-B92E-11AAF1425016}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9223AA55-0716-46E2-8C9B-FDA2A15E981A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9EC36A46-F8BA-463E-AF04-739FF2B401DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{A1B22FF7-0DD2-411D-AFB8-E137E0D7A81D}" = protocol=17 | dir=in | app=c:\users\aradesh\appdata\roaming\dropbox\bin\dropbox.exe |
"{AAC539AE-7007-4FAE-AADC-68A4251F4D82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AC4D7736-8213-4177-8CD7-D6D867C68F1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{ACD921B6-8285-4085-BEDE-9DE74FF07AB6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung universal scan driver\iccupdater.exe |
"{BA7487CE-305A-4FE0-ACF7-68CB0FEF41F3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C2E0C365-1E13-4531-A550-D1F481CE629B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{C4562560-51A1-45B7-840B-771BE62C9939}" = protocol=6 | dir=in | app=c:\users\aradesh\appdata\roaming\dropbox\bin\dropbox.exe |
"{C4F2828B-B79A-453E-8D0D-2FCC8A879198}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C5C465AB-D47A-4CFB-95FA-56E0A13C045B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{CC021D18-7208-41B2-B774-BA596EF12E4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CEE01778-7D9A-4A05-9EB4-26A547CFF6D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{CFA4B9E3-C65C-4697-A929-E2534479265B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D106A74A-2855-4E36-BA5A-3029518C6D90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{D10C8CCA-98AC-4BDE-A135-4CDEAD3B12F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E42C0BBA-C597-4A94-9E2B-80BF4B199DE5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E963F0C6-C657-4EFA-81B7-DAD7B465ECF2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ECDD0ED9-7430-40FB-99FB-682F8A7B0B75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"TCP Query User{BF39FCDF-E2B1-4FDC-B19D-F250917BC383}C:\users\aradesh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\aradesh\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FC235920-CDEF-4C57-AFA9-BB79B69BA550}C:\users\aradesh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\aradesh\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02E1EAF5-F1B6-41EC-B500-E6BC728A5E20}" = Windows Live Remote Service Resources
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{071A7A87-F72C-4239-BAF8-92FF44EB82AF}" = Windows Live Remote Client Resources
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{143DB9C9-3F0D-4DC7-A57B-A7E4F26FA12E}" = Windows Live Remote Client Resources
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18088C5C-323A-4E56-AA4A-6D3F2EE34102}" = Windows Live Remote Client Resources
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{208762DE-34A1-44B1-B597-509C8D05D39E}" = Windows Live Remote Client Resources
"{20C21396-4F89-4044-806B-326C993A3996}" = Windows Live Remote Service Resources
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354FF1E9-5D3F-4D91-A433-7626AC6B55EA}" = Windows Live Remote Service Resources
"{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}" = Media Go
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B07C21-145D-496F-B029-0899514099C7}" = Windows Live Remote Service Resources
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}" = Media Go Video Playback Engine 1.116.108.02030
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7234BD6D-5394-4572-A87D-0279C5ED535D}" = Windows Live Remote Client Resources
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CB7DE-8087-48A0-8280-1658F423AAEF}" = Windows Live Remote Service Resources
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93C6647F-AFE0-4CC2-8809-28A0B320D11B}" = Windows Live Remote Service Resources
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EAEA7ED1-22F0-4C1E-B001-E56F10E1A100}" = Windows Live Remote Client Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Audacity_is1" = Audacity 2.0.2
"AutoHotkey" = AutoHotkey 1.1.13.01
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"DjVuLibre+DjView" = DjVuLibre+DjView
"Elantech" = ETDWare PS/2-X86 8.0.7.2_WHQL
"FlashDevelop" = FlashDevelop 4.0.4
"Furcadia" = Furcadia
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LAME_is1" = LAME v3.99.3 (for Windows)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft Security Client" = Microsoft Security Essentials
"MiKTeX 2.9" = MiKTeX 2.9
"Minesweeper Clone 2007_is1" = Minesweeper Clone 2007 release 2
"MJuiceWinamp" = Mjuice Components
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.3
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ProInst" = Intel PROSet Wireless
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = MapEdit v1.00
"SumatraPDF" = SumatraPDF
"Trillian" = Trillian
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp (Remove Only)
"WinEdt 7" = WinEdt 7
"WinLiveSuite" = Windows Live 程式集
"wxPython2.8-docs-demos_is1" = wxPython Docs and Demos 2.8.12.1
"wxPython2.8-unicode-py27_is1" = wxPython 2.8.12.1 (unicode) for Python 2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3758711877-2612836815-1606966065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

< End of report >
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am

Re: Extremely slow computer

Unread postby wannabeageek » May 6th, 2014, 10:18 pm

Hello harmonykrieg,

The speed that AdwCleaner runs at is based on the computers CPU.

Run this please:

FRST - Farbar Recovery Scanner Tool for Vista-W7 Image

Please download FRST.exe ... by Farbar. Save it to your desktop.
  1. Right click FRST.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  3. Please copy/paste FRST.txt it to your reply.
    The first time the tool is run, it makes also another log... Addition.txt.
  4. Please copy/paste Addition.txt in your reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby harmonykrieg » May 7th, 2014, 4:55 am

wbg,

here you go:
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-05-2014
Ran by Aradesh (administrator) on MINESWEEPER on 07-05-2014 09:46:45
Running from C:\Users\Aradesh\Documents\malware-removal\FRST
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Winamp\winampa.exe
(Dropbox, Inc.) C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [7680 2014-03-27] ()
HKU\S-1-5-21-3758711877-2612836815-1606966065-1000\...\Run: [Google Update] => C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-15] (Google Inc.)
Startup: C:\Users\Aradesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default
FF Homepage: www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Aradesh\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Aradesh\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Flashblock - C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-21]
FF Extension: ChatZilla - C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-22]
FF Extension: Adblock Plus - C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Aradesh\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Aradesh\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Aradesh\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Aradesh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-26]
CHR Extension: (Google Search) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-26]
CHR Extension: (Google Wallet) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-26]

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-12] (ELAN Microelectronics Corp.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7513088 2011-05-01] (Intel Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2012-01-03] (Windows (R) 2003 DDK 3790 provider)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [466008 2013-10-27] (Duplex Secure Ltd.)
S3 EraserUtilDrv11122; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 09:46 - 2014-05-07 09:46 - 00000000 ____D () C:\FRST
2014-05-05 12:02 - 2014-05-05 12:02 - 00000000 ____D () C:\windows\Sun
2014-05-05 11:26 - 2014-05-05 11:26 - 00006784 _____ () C:\Users\Aradesh\Documents\letter_to_clint.txt
2014-05-05 10:01 - 2014-05-05 10:01 - 00001131 _____ () C:\Users\Aradesh\Desktop\JRT.txt
2014-05-05 09:53 - 2014-05-05 09:53 - 00000000 ____D () C:\windows\ERUNT
2014-05-04 23:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-05-04 23:41 - 2014-05-05 08:44 - 00000000 ____D () C:\AdwCleaner
2014-05-03 14:53 - 2014-05-03 14:53 - 00015404 _____ () C:\Users\Aradesh\Desktop\dds.txt
2014-05-03 14:53 - 2014-05-03 14:53 - 00006477 _____ () C:\Users\Aradesh\Desktop\attach.txt
2014-05-03 14:18 - 2014-05-03 14:59 - 00000000 ____D () C:\Users\Aradesh\dds-scans
2014-05-03 14:09 - 2014-05-03 14:09 - 00000000 ____D () C:\Users\Aradesh\Documents\dds
2014-05-03 03:01 - 2014-04-29 13:48 - 17384448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-03 03:01 - 2014-04-29 13:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-25 21:30 - 2014-04-25 21:46 - 20096429 _____ () C:\Users\Aradesh\Downloads\MOV_0051.mp4
2014-04-23 22:31 - 2014-04-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:31 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-23 22:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-23 22:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-23 22:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-04-23 22:30 - 2014-04-23 22:31 - 00004117 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-04-22 21:16 - 2014-04-22 21:22 - 00000000 ____D () C:\Users\Aradesh\Documents\comics
2014-04-18 09:06 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-18 09:06 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-18 09:05 - 2014-03-06 09:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-18 09:05 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-18 09:05 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-18 09:05 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-18 09:05 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-18 09:05 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-18 09:05 - 2014-03-06 08:38 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-18 09:05 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-18 09:05 - 2014-03-06 08:28 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-18 09:05 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-18 09:05 - 2014-03-06 08:18 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-18 09:05 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 09:05 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-18 09:05 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-18 09:05 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-18 09:05 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-18 09:04 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-18 09:04 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-18 09:04 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-18 09:04 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-18 09:04 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-18 09:04 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-09 12:34 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 12:34 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 12:34 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 12:34 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 12:33 - 2014-03-04 10:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 12:33 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-09 11:07 - 2014-04-09 11:07 - 00000000 ____D () C:\Users\Aradesh\AppData\Local\Skype
2014-04-09 11:06 - 2014-04-09 11:06 - 00000000 ___RD () C:\Program Files\Skype
2014-04-09 11:06 - 2014-04-09 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-09 11:06 - 2014-04-09 11:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-09 11:04 - 2014-04-09 11:04 - 00000000 ____D () C:\Users\Aradesh\Documents\skype

==================== One Month Modified Files and Folders =======

2014-05-07 09:46 - 2014-05-07 09:46 - 00000000 ____D () C:\FRST
2014-05-07 09:44 - 2013-01-09 17:07 - 00000000 ____D () C:\Users\Aradesh\Documents\malware-removal
2014-05-07 09:43 - 2011-07-16 02:24 - 01192987 _____ () C:\windows\WindowsUpdate.log
2014-05-07 09:36 - 2012-07-15 13:21 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000UA.job
2014-05-07 09:30 - 2014-01-12 15:49 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 09:30 - 2014-01-12 15:49 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 08:56 - 2012-06-10 23:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-06 22:50 - 2012-09-14 06:49 - 00000000 ____D () C:\Users\Aradesh\AppData\Roaming\Skype
2014-05-06 20:36 - 2012-07-15 13:21 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000Core.job
2014-05-06 12:56 - 2013-02-06 00:33 - 00000000 ____D () C:\Users\Aradesh\AppData\Roaming\Dropbox
2014-05-06 09:42 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 09:42 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 09:34 - 2013-02-06 00:38 - 00000000 ___RD () C:\Users\Aradesh\Dropbox
2014-05-06 09:32 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-06 09:32 - 2009-07-14 05:39 - 00108916 _____ () C:\windows\setupact.log
2014-05-05 12:02 - 2014-05-05 12:02 - 00000000 ____D () C:\windows\Sun
2014-05-05 11:26 - 2014-05-05 11:26 - 00006784 _____ () C:\Users\Aradesh\Documents\letter_to_clint.txt
2014-05-05 10:01 - 2014-05-05 10:01 - 00001131 _____ () C:\Users\Aradesh\Desktop\JRT.txt
2014-05-05 09:53 - 2014-05-05 09:53 - 00000000 ____D () C:\windows\ERUNT
2014-05-05 08:46 - 2010-11-20 22:48 - 00711096 _____ () C:\windows\PFRO.log
2014-05-05 08:44 - 2014-05-04 23:41 - 00000000 ____D () C:\AdwCleaner
2014-05-03 14:59 - 2014-05-03 14:18 - 00000000 ____D () C:\Users\Aradesh\dds-scans
2014-05-03 14:53 - 2014-05-03 14:53 - 00015404 _____ () C:\Users\Aradesh\Desktop\dds.txt
2014-05-03 14:53 - 2014-05-03 14:53 - 00006477 _____ () C:\Users\Aradesh\Desktop\attach.txt
2014-05-03 14:18 - 2012-03-18 16:24 - 00000000 ____D () C:\Users\Aradesh
2014-05-03 14:09 - 2014-05-03 14:09 - 00000000 ____D () C:\Users\Aradesh\Documents\dds
2014-05-01 18:48 - 2013-08-10 20:00 - 00000000 ____D () C:\Users\Aradesh\Documents\snooker
2014-04-29 16:59 - 2012-06-10 23:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-29 16:59 - 2012-06-10 23:19 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 13:48 - 2014-05-03 03:01 - 17384448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 13:34 - 2014-05-03 03:01 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-28 20:15 - 2012-07-15 13:23 - 00002381 _____ () C:\Users\Aradesh\Desktop\Google Chrome.lnk
2014-04-25 22:43 - 2012-04-05 02:11 - 00000000 ____D () C:\Users\Aradesh\AppData\Roaming\vlc
2014-04-25 21:46 - 2014-04-25 21:30 - 20096429 _____ () C:\Users\Aradesh\Downloads\MOV_0051.mp4
2014-04-23 22:33 - 2014-02-08 13:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 22:31 - 2014-04-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:31 - 2014-04-23 22:30 - 00004117 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-04-23 22:31 - 2012-09-27 10:39 - 00000000 ____D () C:\Program Files\Java
2014-04-22 21:22 - 2014-04-22 21:16 - 00000000 ____D () C:\Users\Aradesh\Documents\comics
2014-04-18 13:23 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2014-04-14 20:13 - 2014-04-23 22:31 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-23 22:31 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-23 22:31 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-23 22:31 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-04-12 17:04 - 2012-06-07 16:07 - 00000000 ____D () C:\Users\Aradesh\Documents\Programming
2014-04-09 11:07 - 2014-04-09 11:07 - 00000000 ____D () C:\Users\Aradesh\AppData\Local\Skype
2014-04-09 11:07 - 2012-03-18 16:33 - 00000000 ____D () C:\ProgramData\Skype
2014-04-09 11:06 - 2014-04-09 11:06 - 00000000 ___RD () C:\Program Files\Skype
2014-04-09 11:06 - 2014-04-09 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-09 11:06 - 2014-04-09 11:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-09 11:04 - 2014-04-09 11:04 - 00000000 ____D () C:\Users\Aradesh\Documents\skype
2014-04-07 12:48 - 2010-11-20 22:01 - 00783376 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-07 09:15 - 2013-03-30 12:27 - 00001945 _____ () C:\windows\epplauncher.mif
2014-04-07 09:15 - 2013-03-30 12:25 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-07 09:13 - 2013-03-30 12:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Some content of TEMP:
====================
C:\Users\Aradesh\AppData\Local\Temp\bitool.dll
C:\Users\Aradesh\AppData\Local\Temp\furcsetup028b.exe
C:\Users\Aradesh\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Aradesh\AppData\Local\Temp\Quarantine.exe
C:\Users\Aradesh\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-03 00:05

==================== End Of Log ============================

Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-05-2014
Ran by Aradesh at 2014-05-07 09:48:53
Running from C:\Users\Aradesh\Documents\malware-removal\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
1400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bing Bar (HKLM\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonbon Quest (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}) (Version: - Oberon Media)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CamStudio OSS Desktop Recorder (HKLM\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Daycare Nightmare (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}) (Version: - Oberon Media)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DjVuLibre+DjView (HKLM\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
ETDWare PS/2-X86 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FlashDevelop 4.0.4 (HKLM\...\FlashDevelop) (Version: 4.0.4-RTM - FlashDevelop.org)
Flip Words (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version: - Oberon Media)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Furcadia (HKLM\...\Furcadia) (Version: 30.0 - Dragon's Eye Productions, Inc.)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
Gem Shop (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version: - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Insaniquarium Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version: - Oberon Media)
inSSIDer (HKLM\...\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}) (Version: 2.1.5 - MetaGeek)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
MapEdit v1.00 (HKLM\...\ST6UNST #1) (Version: - )
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)
Media Go (HKLM\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.108.02030 (HKLM\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.108.02030 - Sony)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Minesweeper Clone 2007 release 2 (HKLM\...\Minesweeper Clone 2007_is1) (Version: - )
Mjuice Components (HKLM\...\MJuiceWinamp) (Version: - )
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.1.3 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SISShortcut (HKLM\...\{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}) (Version: 1.00.000 - Samsung)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version: - Oberon Media)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (Remove Only) (HKLM\...\Winamp) (Version: - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinEdt 7 (HKLM\...\WinEdt 7) (Version: 7.0 - WinEdt Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
wxPython Docs and Demos 2.8.12.1 (HKLM\...\wxPython2.8-docs-demos_is1) (Version: 2.8.12.1 - Total Control Software)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

22-04-2014 09:07:11 Windows Update
23-04-2014 21:28:39 Installed Java 7 Update 55
26-04-2014 13:53:50 Windows Update
30-04-2014 13:01:40 Windows Update
03-05-2014 02:00:19 Windows Update
06-05-2014 08:51:31 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {053675AC-180B-47B2-9403-2E1EB24DA925} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {16AE4984-CD8B-4210-A428-3BD5CAD83F3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000UA => C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {1A10861D-F4A1-49CF-AFD5-F21E15375243} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {1DB814BD-584F-4CD3-9A06-8BF6C82FC4B2} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {2B00F6C1-D2BA-4BFC-A6F4-B478DE4058FB} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {30227AC3-ACEF-4390-B217-6C1264B01608} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {342654CB-BD9B-48F1-BE87-303CA7F43F74} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {37F3C714-8ED9-4193-93B5-29C36EB156B8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {3DA9635F-D77F-43F8-AC33-5B53CE28D145} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {3EDD2D01-6434-4DDF-9760-48754F71C8BD} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {62E1900B-96FA-4279-BA16-9930E914274B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {750276DB-0D6F-4FFE-88AD-07F62126F037} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000Core => C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {8408DBA6-12FF-4146-8F30-B444DEE275EE} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {C9E6C79B-BC6B-45C8-9495-38471F95A4C9} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {DBCB90D2-8D72-4229-BC84-08A1900BD1AE} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {F5C136EF-0477-4F45-8D9B-192A1D051F83} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {FAAC29BB-7DBE-483A-8383-FE114A57A459} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000Core.job => C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000UA.job => C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-16 01:20 - 2008-06-05 00:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2011-07-15 11:45 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2014-03-27 14:32 - 2014-03-27 14:32 - 00007680 _____ () C:\Program Files\Winamp\winampa.exe
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\libcef.dll
2011-07-15 11:48 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-07-15 11:51 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2011-07-16 01:20 - 2010-10-21 19:24 - 00557056 _____ () C:\windows\system32\SnMinDrv.dll
2014-02-04 23:48 - 2014-03-30 20:24 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: NOBU => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2014 11:32:37 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/06/2014 11:31:28 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/06/2014 11:31:26 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/06/2014 09:34:08 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/06/2014 09:33:15 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/05/2014 11:21:26 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/05/2014 00:38:39 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (05/06/2014 11:32:37 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (05/06/2014 11:31:28 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (05/06/2014 11:31:26 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (05/06/2014 09:34:08 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 86%
Total physical RAM: 1013.3 MB
Available physical RAM: 138.17 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 761.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:113 GB) (Free:46.32 GB) NTFS
Drive d: () (Fixed) (Total:167.57 GB) (Free:152.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C992D338)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=113 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=168 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=17 GB) - (Type=27)

==================== End Of Log ============================

harmonykrieg.
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am

Re: Extremely slow computer

Unread postby wannabeageek » May 8th, 2014, 12:26 am

Hi harmonykrieg,

Is the computer still experiencing the symptoms you originally posted?
Symptoms: I have problems with my computer running extremely slowly lately.
In particular: Firefox freezes an awful lot, often completely randomly when it doesn't appear to be doing anything taxing, for minutes at a time. I very frequently get the frozen-javascript message popping up.
Other strange things: Firefox occasionally swaps tabs without me asking it to. Windows programs occasionally swap without me asking them to. Sometimes simple things like the standard "open file" dialog box in programs like notepad or paint take a very long time to pop up (like 30 seconds).
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby harmonykrieg » May 8th, 2014, 5:17 am

wbg,

To be honest it hasn't been quite so bad. Though it still runs fairly slow. It could just be that it could use a fresh install of windows as it's not a very powerful computer to begin with.
In your opinion, is this machine clean now?

harmonykrieg
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am

Re: Extremely slow computer

Unread postby wannabeageek » May 9th, 2014, 11:32 pm

Hi harmonykrieg,

I apologize for the late reply.

In your opinion, is this machine clean now?
It appears free of malware but appearances can be deceiving, especially since there is still high memory usage.

I was reviewing your posts noticed that it appears you are trying to use a netbook as a larger more powerful desktop. This could be the reason you have a slow system. But again I am not entirely convinced as there is high memory usage.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N250P/N145P
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU 1 | 1667/mhz


OTL:
1013.30 Mb Total Physical Memory | 185.18 Mb Available Physical Memory | 18.27% Memory free
1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.00 Gb Total Space | 47.20 Gb Free Space | 41.77% Space Free | Partition Type: NTFS
Drive D: | 167.57 Gb Total Space | 152.10 Gb Free Space | 90.77% Space Free | Partition Type: NTFS


FRST:
Percentage of memory in use: 86%
Total physical RAM: 1013.3 MB
Available physical RAM: 138.17 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 761.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.11 MB

Drive c: () (Fixed) (Total:113 GB) (Free:46.32 GB) NTFS
Drive d: () (Fixed) (Total:167.57 GB) (Free:152.1 GB) NTFS

210 installed programmes.




I also noticed you have some items disabled using MSCONFIG.

Please re-enable them and rerun FRST after deleting both logs from the first run.

The easiest way is to call up MSCONFIG, under the General tab, Select the NORMAL startup radio button under startup selection. It should be the top selection.

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: NOBU => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"






FRST - Farbar Recovery Scanner Tool for Vista-W7

FRST.exe ... by Farbar. Should still be on your desktop.
  1. Delete the following logs from the previous run: FRST.txt and Addition.txt
  2. Right click FRST.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  4. Please copy/paste FRST.txt it to your reply.
    The first time the tool is run, it makes also another log... Addition.txt.
  5. Please copy/paste Addition.txt in your reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby harmonykrieg » May 10th, 2014, 7:14 am

wbg,

Despite trying several times (even downloading it again into a new folder). I couldn't get it to make a new addition.txt, it only made a new FRST.txt.

Here is the contents:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by Aradesh (administrator) on MINESWEEPER on 10-05-2014 11:56:07
Running from C:\Users\Aradesh\Documents\malware-removal\FRST2
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Winamp\winampa.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [7680 2014-03-27] ()
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3758711877-2612836815-1606966065-1000\...\Run: [Google Update] => C:\Users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Aradesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default
FF Homepage: www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Aradesh\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Extension: Flashblock - C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-21]
FF Extension: ChatZilla - C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-22]
FF Extension: Adblock Plus - C:\Users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Aradesh\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Aradesh\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Aradesh\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Aradesh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-26]
CHR Extension: (Google Search) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-26]
CHR Extension: (Google Wallet) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Aradesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-26]

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-12] (ELAN Microelectronics Corp.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7513088 2011-05-01] (Intel Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2012-01-03] (Windows (R) 2003 DDK 3790 provider)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [466008 2013-10-27] (Duplex Secure Ltd.)
S3 EraserUtilDrv11122; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 09:37 - 2014-05-08 09:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-07 09:46 - 2014-05-10 11:56 - 00000000 ____D () C:\FRST
2014-05-06 09:47 - 2014-04-14 03:11 - 00361984 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-06 09:47 - 2014-04-14 03:07 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-05 12:02 - 2014-05-05 12:02 - 00000000 ____D () C:\windows\Sun
2014-05-05 11:26 - 2014-05-05 11:26 - 00006784 _____ () C:\Users\Aradesh\Documents\letter_to_clint.txt
2014-05-05 10:01 - 2014-05-05 10:01 - 00001131 _____ () C:\Users\Aradesh\Desktop\JRT.txt
2014-05-05 09:53 - 2014-05-05 09:53 - 00000000 ____D () C:\windows\ERUNT
2014-05-04 23:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-05-04 23:41 - 2014-05-05 08:44 - 00000000 ____D () C:\AdwCleaner
2014-05-03 14:53 - 2014-05-03 14:53 - 00015404 _____ () C:\Users\Aradesh\Desktop\dds.txt
2014-05-03 14:53 - 2014-05-03 14:53 - 00006477 _____ () C:\Users\Aradesh\Desktop\attach.txt
2014-05-03 14:18 - 2014-05-03 14:59 - 00000000 ____D () C:\Users\Aradesh\dds-scans
2014-05-03 14:09 - 2014-05-03 14:09 - 00000000 ____D () C:\Users\Aradesh\Documents\dds
2014-05-03 03:01 - 2014-04-29 13:48 - 17384448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-03 03:01 - 2014-04-29 13:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-25 21:30 - 2014-04-25 21:46 - 20096429 _____ () C:\Users\Aradesh\Downloads\MOV_0051.mp4
2014-04-23 22:31 - 2014-04-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:31 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-23 22:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-23 22:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-23 22:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-04-23 22:30 - 2014-04-23 22:31 - 00004117 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-04-22 21:16 - 2014-04-22 21:22 - 00000000 ____D () C:\Users\Aradesh\Documents\comics
2014-04-18 09:06 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-18 09:06 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-18 09:05 - 2014-03-06 09:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-18 09:05 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-18 09:05 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-18 09:05 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-18 09:05 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-18 09:05 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-18 09:05 - 2014-03-06 08:38 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-18 09:05 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-18 09:05 - 2014-03-06 08:28 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-18 09:05 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-18 09:05 - 2014-03-06 08:18 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-18 09:05 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 09:05 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-18 09:05 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-18 09:05 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-18 09:05 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-18 09:04 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-18 09:04 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-18 09:04 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-18 09:04 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-18 09:04 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-18 09:04 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-10 11:56 - 2014-05-07 09:46 - 00000000 ____D () C:\FRST
2014-05-10 11:56 - 2012-06-10 23:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 11:55 - 2013-01-09 17:07 - 00000000 ____D () C:\Users\Aradesh\Documents\malware-removal
2014-05-10 11:51 - 2012-07-15 13:21 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000UA.job
2014-05-10 11:50 - 2011-07-16 02:24 - 01336070 _____ () C:\windows\WindowsUpdate.log
2014-05-10 11:33 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 11:33 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 11:28 - 2013-02-06 00:33 - 00000000 ____D () C:\Users\Aradesh\AppData\Roaming\Dropbox
2014-05-10 11:27 - 2013-02-06 00:38 - 00000000 ___RD () C:\Users\Aradesh\Dropbox
2014-05-10 11:25 - 2014-01-12 15:49 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 11:25 - 2014-01-12 15:49 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 11:25 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-10 11:25 - 2009-07-14 05:39 - 00109308 _____ () C:\windows\setupact.log
2014-05-10 11:23 - 2013-02-03 13:26 - 00000000 ____D () C:\windows\pss
2014-05-09 09:51 - 2012-07-15 13:21 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000Core.job
2014-05-08 22:44 - 2012-09-14 06:49 - 00000000 ____D () C:\Users\Aradesh\AppData\Roaming\Skype
2014-05-08 09:37 - 2014-05-08 09:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-05 12:02 - 2014-05-05 12:02 - 00000000 ____D () C:\windows\Sun
2014-05-05 11:26 - 2014-05-05 11:26 - 00006784 _____ () C:\Users\Aradesh\Documents\letter_to_clint.txt
2014-05-05 10:01 - 2014-05-05 10:01 - 00001131 _____ () C:\Users\Aradesh\Desktop\JRT.txt
2014-05-05 09:53 - 2014-05-05 09:53 - 00000000 ____D () C:\windows\ERUNT
2014-05-05 08:46 - 2010-11-20 22:48 - 00711096 _____ () C:\windows\PFRO.log
2014-05-05 08:44 - 2014-05-04 23:41 - 00000000 ____D () C:\AdwCleaner
2014-05-03 14:59 - 2014-05-03 14:18 - 00000000 ____D () C:\Users\Aradesh\dds-scans
2014-05-03 14:53 - 2014-05-03 14:53 - 00015404 _____ () C:\Users\Aradesh\Desktop\dds.txt
2014-05-03 14:53 - 2014-05-03 14:53 - 00006477 _____ () C:\Users\Aradesh\Desktop\attach.txt
2014-05-03 14:18 - 2012-03-18 16:24 - 00000000 ____D () C:\Users\Aradesh
2014-05-03 14:09 - 2014-05-03 14:09 - 00000000 ____D () C:\Users\Aradesh\Documents\dds
2014-05-01 18:48 - 2013-08-10 20:00 - 00000000 ____D () C:\Users\Aradesh\Documents\snooker
2014-04-29 16:59 - 2012-06-10 23:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-29 16:59 - 2012-06-10 23:19 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 13:48 - 2014-05-03 03:01 - 17384448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 13:34 - 2014-05-03 03:01 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-28 20:15 - 2012-07-15 13:23 - 00002381 _____ () C:\Users\Aradesh\Desktop\Google Chrome.lnk
2014-04-25 22:43 - 2012-04-05 02:11 - 00000000 ____D () C:\Users\Aradesh\AppData\Roaming\vlc
2014-04-25 21:46 - 2014-04-25 21:30 - 20096429 _____ () C:\Users\Aradesh\Downloads\MOV_0051.mp4
2014-04-23 22:33 - 2014-02-08 13:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 22:31 - 2014-04-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:31 - 2014-04-23 22:30 - 00004117 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-04-23 22:31 - 2012-09-27 10:39 - 00000000 ____D () C:\Program Files\Java
2014-04-22 21:22 - 2014-04-22 21:16 - 00000000 ____D () C:\Users\Aradesh\Documents\comics
2014-04-18 13:23 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2014-04-14 20:13 - 2014-04-23 22:31 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-23 22:31 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-23 22:31 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-23 22:31 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-04-14 03:11 - 2014-05-06 09:47 - 00361984 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-04-14 03:07 - 2014-05-06 09:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-04-12 17:04 - 2012-06-07 16:07 - 00000000 ____D () C:\Users\Aradesh\Documents\Programming

Some content of TEMP:
====================
C:\Users\Aradesh\AppData\Local\Temp\bitool.dll
C:\Users\Aradesh\AppData\Local\Temp\furcsetup028b.exe
C:\Users\Aradesh\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Aradesh\AppData\Local\Temp\Quarantine.exe
C:\Users\Aradesh\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-03 00:05

==================== End Of Log ============================
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am

Re: Extremely slow computer

Unread postby wannabeageek » May 12th, 2014, 9:00 am

Hi harmonykrieg,

There appears to be no difference from the first run of FRST.

Please run this as instructed.

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  4. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby harmonykrieg » May 14th, 2014, 5:12 am

Hi wbg,

I ran the scan as instructed, and the log is posted below. I see what you mean about high memory-usage, I added up the memory usage of all the processes in Windows Task Manager and it didn't add up to the total amount in use by quite a margin (several hundred MB) in fact right now it's running at 95% physical memory usage. Is there a way to try to account for what the memory is being used for?

harmonykrieg.

ComboFix 14-05-13.01 - Aradesh 14/05/2014 9:37.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.367 [GMT 1:00]
Running from: c:\users\Aradesh\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-04-14 to 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 08:56 . 2014-05-14 08:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 08:17 . 2014-05-02 22:26 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14CF7E7B-A7E9-4C72-857A-FFDA1D262FE5}\gapaengine.dll
2014-05-13 08:13 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C5E0735-0446-4765-B729-4E7F3F58C97E}\mpengine.dll
2014-05-11 12:46 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 08:37 . 2014-05-08 08:37 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-07 08:46 . 2014-05-10 10:57 -------- d-----w- C:\FRST
2014-05-06 08:47 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 08:47 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-05 11:02 . 2014-05-05 11:02 -------- d-----w- c:\windows\Sun
2014-05-05 08:53 . 2014-05-05 08:53 -------- d-----w- c:\windows\ERUNT
2014-05-04 22:44 . 2010-08-30 07:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-04 22:41 . 2014-05-05 07:44 -------- d-----w- C:\AdwCleaner
2014-05-03 13:18 . 2014-05-03 13:59 -------- d-----w- c:\users\Aradesh\dds-scans
2014-05-03 02:01 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-23 21:31 . 2014-04-14 19:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 08:06 . 2014-03-06 08:02 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-04-18 08:06 . 2014-03-06 05:50 257536 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-18 08:04 . 2014-03-06 06:56 1064960 ----a-w- c:\program files\Internet Explorer\networkinspection.dll
2014-04-18 08:04 . 2014-03-06 06:57 1634304 ----a-w- c:\program files\Internet Explorer\F12.dll
2014-04-18 08:04 . 2014-03-06 07:44 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-04-18 08:04 . 2014-03-06 07:03 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-04-18 08:04 . 2014-03-06 05:41 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-04-18 08:04 . 2014-03-08 01:59 811728 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-04-18 08:04 . 2014-03-06 06:40 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-04-18 08:04 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 22:26 . 2013-04-24 17:20 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-29 15:59 . 2012-06-10 22:19 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 15:59 . 2012-06-10 22:19 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-27 13:32 . 2014-03-27 13:32 88064 ----a-w- c:\windows\system32\AudioExCtl.dll
2014-03-11 08:52 . 2013-01-20 15:59 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Aradesh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Aradesh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Aradesh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-25 10119784]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2014-03-27 7680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\users\Aradesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Aradesh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-05-01 7513088]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-08-30 315680]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 16:00]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-12 14:48]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-12 14:48]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000Core.job
- c:\users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 12:21]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758711877-2612836815-1606966065-1000UA.job
- c:\users\Aradesh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 12:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Aradesh\AppData\Roaming\Mozilla\Firefox\Profiles\nk28qynz.default\
FF - prefs.js: browser.startup.homepage - http://www.google.co.uk
FF - ExtSQL: !HIDDEN! 2013-01-14 22:56; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-MJuiceWinamp - c:\program files\Mjuice Media PlayerMJUninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-14 10:02:46
ComboFix-quarantined-files.txt 2014-05-14 09:02
.
Pre-Run: 49,798,471,680 bytes free
Post-Run: 50,454,626,304 bytes free
.
- - End Of File - - 0D3EB1752C6BF1E1BF7499C4CD51B804
2E5DEBB2116B3417023E0D6562D7ED07
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am

Re: Extremely slow computer

Unread postby wannabeageek » May 16th, 2014, 11:43 pm

Hi harmonykrieg,

I ran the scan as instructed, and the log is posted below. I see what you mean about high memory-usage, I added up the memory usage of all the processes in Windows Task Manager and it didn't add up to the total amount in use by quite a margin (several hundred MB) in fact right now it's running at 95% physical memory usage. Is there a way to try to account for what the memory is being used for?


There does not appear to be any malware on your computer. You mentioned in an earlier post about formatting and reinstalling. Probably a good choice at this time.
Also, it is very possible that the computer is just over worked as by our comments earlier about lack of memory. I am not sure about how to account for memory usage as I am trained in malware removal.

I know in Windows 7, (I have Home Premium), open the Task manager, click on the "Show processes from all users" button. select the "Processes" tab, in the open window select the "Memory (Private Working Set). Clicking on it will toggle the least to the most memory used item in the list. You may be able to account for memory usage this way.

These is also this topic on our site here you may wish to look at prior to reformatting.
If your computer is slow, it may not be Malware related.

Please post back and let me know what you decide.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby wannabeageek » May 19th, 2014, 12:48 am

Hi harmonykrieg,

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Extremely slow computer

Unread postby harmonykrieg » May 19th, 2014, 4:35 am

Hi wbg,

I was thinking about your suggestion. I wish to thank you for your investment of time, it has been invaluable. You have made me feel less concerned about the likelihood of my computer being infected, but I am also aware that this is not a guarantee that the machine is clean. I think I will take actions in my own time to format my computer and reinstall the operating system.

Thank you for your help.

harmonykrieg.
harmonykrieg
Active Member
 
Posts: 7
Joined: May 3rd, 2014, 9:43 am

Re: Extremely slow computer

Unread postby wannabeageek » May 22nd, 2014, 10:55 am

Hi harmonykrieg,


You are quite welcome for all the help. Since you are going to reinstall the OS I will have this thread closed.

Please do not wait too long on on formatting and reinstalling the OS. Like I said earlier, just because there appears to be no malware does not mean your machine is NOT infected. High CPU/Memory and drive usage along with an active internet connection could imply an active back door in use.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware