Loaned my laptop to my cousin for vaction and now its running slow.

anna1362 · April 01, 2013, 03:15:31 PM

Hi all,
My HP laptop is running slow after i let my cousin borrow it for vacation.
My brother in-law said i should post here at Landzdown and see if its infected.
Here are the scans you requested and thank you.

anna1362

anna1362 · April 01, 2013, 03:25:11 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by Anna at 9:59:25 on 2013-04-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.958 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\wpcumi.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ebay.com/
uWindow Title = Microsoft Internet Explorer provided by CenturyTel
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BrowserHelper Class: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - LocalServer32 - <no file>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Windows\System32\wpclsp.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{BB4B0459-E1E4-47FB-88D0-8B77F01E8139} : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-24 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-18 52856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-24 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-24 377920]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\elrawdsk.sys [2009-9-19 23464]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/13 01:38:28];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-24 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-24 45248]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-7-27 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-2-26 30520]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-24 178624]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-8 222512]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-24 16:14:46   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 16:14:40   262560   ----a-w-   C:\Windows\SysWow64\javaws.exe
2013-03-24 16:14:39   174496   ----a-w-   C:\Windows\SysWow64\javaw.exe
2013-03-24 16:14:39   174496   ----a-w-   C:\Windows\SysWow64\java.exe
2013-03-24 16:14:38   861088   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-03-24 16:14:37   782240   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-03-24 15:56:09   73432   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-24 15:56:09   693976   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 22:33:21   68920   ----a-w-   C:\Windows\System32\drivers\aswTdi.sys
2013-03-06 22:33:21   65336   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21   377920   ----a-w-   C:\Windows\System32\drivers\aswSP.sys
2013-03-06 22:33:21   178624   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:21   1025808   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20   80816   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:33:20   59144   ----a-w-   C:\Windows\System32\drivers\aswRdr.sys
2013-03-06 22:33:20   33400   ----a-w-   C:\Windows\System32\drivers\aswFsBlk.sys
2013-03-06 22:32:51   41664   ----a-w-   C:\Windows\avastSS.scr
2013-03-06 22:32:22   287840   ----a-w-   C:\Windows\System32\aswBoot.exe
2013-03-04 19:53:46   72013344   ----a-w-   C:\Windows\System32\mrt.exe
2013-02-12 02:18:19   19456   ----a-w-   C:\Windows\System32\drivers\usb8023.sys
2013-02-02 07:31:33   17815040   ----a-w-   C:\Windows\System32\mshtml.dll
2013-02-02 06:58:20   10925568   ----a-w-   C:\Windows\System32\ieframe.dll
2013-02-02 06:57:02   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2013-02-02 06:48:08   1346048   ----a-w-   C:\Windows\System32\urlmon.dll
2013-02-02 06:47:24   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2013-02-02 06:46:15   237056   ----a-w-   C:\Windows\System32\url.dll
2013-02-02 06:43:51   85504   ----a-w-   C:\Windows\System32\jsproxy.dll
2013-02-02 06:42:18   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2013-02-02 06:42:08   816640   ----a-w-   C:\Windows\System32\jscript.dll
2013-02-02 06:41:51   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2013-02-02 06:40:19   729088   ----a-w-   C:\Windows\System32\msfeeds.dll
2013-02-02 06:39:33   2147840   ----a-w-   C:\Windows\System32\iertutil.dll
2013-02-02 06:38:20   96768   ----a-w-   C:\Windows\System32\mshtmled.dll
2013-02-02 06:38:01   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-02-02 06:34:01   248320   ----a-w-   C:\Windows\System32\ieui.dll
2013-02-02 04:09:34   12321792   ----a-w-   C:\Windows\SysWow64\mshtml.dll
2013-02-02 03:42:27   9738240   ----a-w-   C:\Windows\SysWow64\ieframe.dll
2013-02-02 03:38:35   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:31:03   1103872   ----a-w-   C:\Windows\SysWow64\urlmon.dll
2013-02-02 03:30:32   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-02-02 03:29:22   231936   ----a-w-   C:\Windows\SysWow64\url.dll
2013-02-02 03:27:56   65024   ----a-w-   C:\Windows\SysWow64\jsproxy.dll
2013-02-02 03:26:47   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:45   717824   ----a-w-   C:\Windows\SysWow64\jscript.dll
2013-02-02 03:26:21   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:25:16   607744   ----a-w-   C:\Windows\SysWow64\msfeeds.dll
2013-02-02 03:23:51   1796096   ----a-w-   C:\Windows\SysWow64\iertutil.dll
2013-02-02 03:23:44   73216   ----a-w-   C:\Windows\SysWow64\mshtmled.dll
2013-02-02 03:23:28   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-02-02 03:20:00   176640   ----a-w-   C:\Windows\SysWow64\ieui.dll
2013-01-17 06:28:58   273840   ------w-   C:\Windows\System32\MpSigStub.exe
2013-01-05 05:37:50   4695400   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:10   1417576   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-01-04 02:23:07   40448   ----a-w-   C:\Windows\System32\drivers\tcpipreg.sys
2013-01-04 01:59:24   2773504   ----a-w-   C:\Windows\System32\win32k.sys
.
============= FINISH: 10:00:43.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2009 2:46:25 AM
System Uptime: 4/1/2013 9:23:00 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82 | Socket M2/S1G1 | 1100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 380.416 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.132 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 5510d series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart 5510d series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Premiere Elements 7.0 Templates
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Advanced Registry Optimizer
Advanced System Optimizer
Agere Systems HDA Modem
AIO_Scan
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
avast! Free Antivirus
Bonjour
BufferChm
C309g-m
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCScore
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
D3DX10
Destinations
DeviceDiscovery
DJ_AIO_Software_min
Driver Manager
ESSBrwr
ESScore
ESSPDock
ESU for Microsoft Vista
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
Garmin City Navigator North America NT 2012.20 Update
Garmin Lifetime Updater
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Deskjet All-In-One Software 9.0
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 14.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photo Creations
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
HP Quick Launch Buttons 6.40 L1
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
iCloud
IDT Audio
iTunes
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
Learning Lodge Navigator
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
MemTurbo 4
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
netbrdg
Network64
PhoTags Express
PhotoNow!
Plot Stalker 1.0
Power2Go
PowerDirector
PS_AIO_06_C309g-m_SW_Min
QuickTime
QuickTransfer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
SFR
skin0001
Skins
SlingPlayer
SmartSound Quicktracks for Premiere Elements
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VTech Download Agent Library
WebReg
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.60.0.1800
Java(TM) 6 Update 31
Java 7 Update 17
Java(TM) 6 Update 7
Adobe Flash Player    11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

anna1362

Corrine · April 01, 2013, 09:17:04 PM

Hi, Anna. Welcome to LandzDown Forum. Your brother-in-law ~~warned~~ told me that you would be posting logs. ;) Seriously, he is a special friend and I am happy to do what I can. We'll do some updating and a bit of cleaning first and then see if you are still having problems with the sound that he mentioned to me. My apology for taking so long to respond, there were numerous interruptions throughout the day.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Uninstall: Please uninstall the programs listed below.

Advanced Registry Optimizer
Advanced System Optimizer
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Web Controls

Registry optimizers and cleaners such as Advanced Registry Optimizer and Advanced System Optimizer do more harm than good, more often than not creating problems rather than repairing issues. A few leftover registry items will not speed up your computer.

Although you have the most recent version of Oracle Java installed on the computer, there are also old, vulnerable versions that can result in the computer getting infected.

It appears that Symantec was installed on your computer at some point. However, since you are using Avast now, I've included the two Symantec programs for removal.

Update:

Like Java, Adobe Reader is another magnet for malware and needs to be updated or replaced. Personally, I have been using Sumatra PDF for many years. It is a much smaller application than Adobe Reader and is not a target of malware writers. You can get it from here. Select Installer: SumatraPDF-2.2.1-install.exe. Additional information about Sumatra PDF is in my blog post, Replacing Adobe Reader with Sumatra PDF.

However, to keep Adobe Reader, please update to the latest version. Refer to my blog post at Adobe Reader and Acrobat Critical Security Update for the download link as well as instructions to ensure Protected View is enabled. If you decide to replace Adobe Reader with Sumatra PDF, please include that in the programs to remove.

I notice that you have no System Restore points showing in your log. Please follow the instructions to enable System Restore here: Turn System Restore on or off

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

anna1362 · April 02, 2013, 12:19:10 AM

Hi Corrine,
I have uninstalled all 6 programs you requested to be uninstalled.
I tried to update Adobe Reader using the link provided but it tells me i have the latest update. Tried to update Adobe Reader using the update feature in Adobe Reader and got the same result.
Here is the ComboFix log:

ComboFix 13-04-01.01 - Anna 04/01/2013 18:13:09.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.866 [GMT -5:00]
Running from: c:\users\Anna\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Fast Browser Search
c:\program files (x86)\Fast Browser Search\IE\1.bat
c:\program files (x86)\Fast Browser Search\IE\affid.dat
c:\program files (x86)\Fast Browser Search\IE\basis.xml
c:\program files (x86)\Fast Browser Search\IE\basis_br.xml
c:\program files (x86)\Fast Browser Search\IE\basis_de.xml
c:\program files (x86)\Fast Browser Search\IE\basis_en.xml
c:\program files (x86)\Fast Browser Search\IE\basis_es.xml
c:\program files (x86)\Fast Browser Search\IE\basis_fr.xml
c:\program files (x86)\Fast Browser Search\IE\basis_it.xml
c:\program files (x86)\Fast Browser Search\IE\basis_nr.xml
c:\program files (x86)\Fast Browser Search\IE\basis_pt.xml
c:\program files (x86)\Fast Browser Search\IE\basis_ru.xml
c:\program files (x86)\Fast Browser Search\IE\basis_tr.xml
c:\program files (x86)\Fast Browser Search\IE\BHO.dll
c:\program files (x86)\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files (x86)\Fast Browser Search\IE\error.html
c:\program files (x86)\Fast Browser Search\IE\fbsProtection.xml
c:\program files (x86)\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files (x86)\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files (x86)\Fast Browser Search\IE\fbstoolbar.jar
c:\program files (x86)\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files (x86)\Fast Browser Search\IE\icons.bmp
c:\program files (x86)\Fast Browser Search\IE\IE3SH.exe
c:\program files (x86)\Fast Browser Search\IE\info.txt
c:\program files (x86)\Fast Browser Search\IE\local.xml
c:\program files (x86)\Fast Browser Search\IE\logobg.bmp
c:\program files (x86)\Fast Browser Search\IE\MTWB3SH.dll
c:\program files (x86)\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files (x86)\Fast Browser Search\IE\search.bmp
c:\program files (x86)\Fast Browser Search\IE\search_br.bmp
c:\program files (x86)\Fast Browser Search\IE\search_de.bmp
c:\program files (x86)\Fast Browser Search\IE\search_es.bmp
c:\program files (x86)\Fast Browser Search\IE\search_fr.bmp
c:\program files (x86)\Fast Browser Search\IE\search_it.bmp
c:\program files (x86)\Fast Browser Search\IE\search_pt.bmp
c:\program files (x86)\Fast Browser Search\IE\search_ru.bmp
c:\program files (x86)\Fast Browser Search\IE\SearchAssistant.dll
c:\program files (x86)\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files (x86)\Fast Browser Search\IE\SGPU.ico
c:\program files (x86)\Fast Browser Search\IE\sgpUpdater.exe
c:\program files (x86)\Fast Browser Search\IE\sgpUpdater.xml
c:\program files (x86)\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files (x86)\Fast Browser Search\IE\tbhelper.dll
c:\program files (x86)\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files (x86)\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files (x86)\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files (x86)\Fast Browser Search\IE\Toolbar Help.htm
c:\program files (x86)\Fast Browser Search\IE\uninstall.exe
c:\program files (x86)\Fast Browser Search\IE\uninstalSGP.exe
c:\program files (x86)\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files (x86)\Fast Browser Search\IE\version.txt
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\SysWow64\BSTIEPrintCtl1.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 23:28 . 2013-04-01 23:28   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-04-01 23:28 . 2013-04-01 23:28   --------   d-----w-   c:\users\Anna\AppData\Local\temp
2013-04-01 22:34 . 2013-04-01 22:34   --------   d-----w-   c:\users\Anna\AppData\Local\Adobe
2013-03-29 18:12 . 2013-03-19 10:50   9311288   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FA4F453-2428-44D1-999F-8AD0D41D89E2}\mpengine.dll
2013-03-29 14:54 . 2013-03-29 14:54   --------   d-----w-   c:\programdata\UAB
2013-03-29 14:54 . 2013-03-29 14:54   --------   d-----w-   c:\users\Anna\AppData\Local\PC_Drivers_Headquarters
2013-03-29 14:47 . 2013-03-29 14:47   --------   d-----w-   c:\programdata\Driver Manager
2013-03-29 14:44 . 2013-03-29 14:44   --------   d-----w-   c:\program files (x86)\Driver Manager
2013-03-27 01:39 . 2013-01-08 22:01   768000   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-27 01:39 . 2013-01-09 01:10   996352   ----a-w-   c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-27 01:17 . 2013-02-02 06:38   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2013-03-27 01:08 . 2012-12-16 13:12   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2013-03-27 01:08 . 2012-12-16 13:31   48128   ----a-w-   c:\windows\system32\atmlib.dll
2013-03-27 01:08 . 2012-12-16 11:08   368128   ----a-w-   c:\windows\system32\atmfd.dll
2013-03-27 01:08 . 2012-12-16 10:50   293376   ----a-w-   c:\windows\SysWow64\atmfd.dll
2013-03-24 18:48 . 2013-03-24 18:48   --------   d-----w-   c:\users\Anna\AppData\Local\Apple
2013-03-24 17:00 . 2013-03-06 22:33   33400   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2013-03-24 17:00 . 2013-03-06 22:33   377920   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-03-24 17:00 . 2013-03-06 22:33   59144   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2013-03-24 17:00 . 2013-03-06 22:33   68920   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-03-24 17:00 . 2013-03-06 22:33   1025808   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-03-24 17:00 . 2013-03-06 22:33   178624   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-03-24 17:00 . 2013-03-06 22:33   65336   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-03-24 17:00 . 2013-03-06 22:33   80816   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-03-24 16:59 . 2013-03-06 22:32   41664   ----a-w-   c:\windows\avastSS.scr
2013-03-24 16:16 . 2013-03-24 16:14   861088   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-03-24 16:15 . 2013-03-24 16:14   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 15:09 . 2012-11-20 04:22   204288   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2013-03-24 15:09 . 2012-11-20 04:21   253952   ----a-w-   c:\windows\system32\ncrypt.dll
2013-03-24 15:09 . 2012-09-28 16:34   1210368   ----a-w-   c:\windows\system32\kernel32.dll
2013-03-24 15:09 . 2013-01-04 11:31   1417576   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-03-24 15:09 . 2013-01-04 02:23   40448   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-03-24 15:09 . 2013-01-04 01:59   2773504   ----a-w-   c:\windows\system32\win32k.sys
2013-03-24 15:08 . 2012-08-21 11:50   267648   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2013-03-24 15:08 . 2013-02-12 02:18   19456   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-03-24 15:08 . 2012-11-02 10:47   1869824   ----a-w-   c:\windows\system32\msxml3.dll
2013-03-24 15:07 . 2012-11-02 10:47   1794560   ----a-w-   c:\windows\system32\msxml6.dll
2013-03-24 15:07 . 2012-11-02 10:19   1400832   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-03-24 15:07 . 2012-11-02 10:19   1248768   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-03-24 15:07 . 2012-11-22 04:22   456192   ----a-w-   c:\windows\system32\shlwapi.dll
2013-03-24 15:07 . 2012-11-08 04:26   1570816   ----a-w-   c:\windows\system32\quartz.dll
2013-03-24 15:07 . 2012-11-08 03:48   1314816   ----a-w-   c:\windows\SysWow64\quartz.dll
2013-03-24 15:07 . 2013-01-05 05:37   4695400   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-03-24 15:04 . 2012-11-13 01:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-03-24 15:04 . 2012-11-13 01:29   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-03-24 14:54 . 2012-11-02 10:45   477696   ----a-w-   c:\windows\system32\dpnet.dll
2013-03-24 14:54 . 2012-11-02 10:45   68096   ----a-w-   c:\windows\system32\dpnathlp.dll
2013-03-24 14:54 . 2012-11-02 10:18   376320   ----a-w-   c:\windows\SysWow64\dpnet.dll
2013-03-24 14:54 . 2012-11-02 08:59   26112   ----a-w-   c:\windows\system32\dpnsvr.exe
2013-03-24 14:54 . 2012-11-02 08:26   23040   ----a-w-   c:\windows\SysWow64\dpnsvr.exe
2013-03-24 14:09 . 2013-03-24 14:11   --------   d-----w-   c:\users\Anna\AppData\Roaming\HpUpdate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 16:14 . 2011-03-22 19:06   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-03-24 15:56 . 2012-11-15 03:15   693976   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-24 15:56 . 2011-07-03 06:19   73432   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 22:32 . 2011-12-08 01:32   287840   ----a-w-   c:\windows\system32\aswBoot.exe
2013-03-04 19:53 . 2006-11-02 12:35   72013344   ----a-w-   c:\windows\system32\mrt.exe
2013-01-17 06:28 . 2010-07-22 01:24   273840   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2013-01-25 3544440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-15 15:56]
.
2012-05-24 c:\windows\Tasks\HPCeeScheduleForcheryl.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-08 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32   133840   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-04-01 18:33:28
ComboFix-quarantined-files.txt 2013-04-01 23:33
.
Pre-Run: 388,362,510,336 bytes free
Post-Run: 384,407,089,152 bytes free
.
- - End Of File - - C88AAC7896766A9CE8A8E96EAE1E7043

Thanks corrine,

anna 1362

Corrine · April 02, 2013, 01:10:37 AM

Hi, Anna.

I'm a bit concerned about Adobe Reader indicating you have the latest version, since the the log shows bits of version 9 and Adobe Reader 10.1.6 when the current version is Adobe Reader XI (11.0.02). Since I no longer use Adobe Reader, I found this for checking the version:

1. Open your current Adobe Reader application. You can also double-click a PDF file on your hard drive to load the application and open the file automatically.
2. Click the "Help" menu item at the top of your Adobe Reader software. Select "About Adobe Reader" from the list of menu items.
3. View the text listed in the section labeled "Version." This lists the version number for your currently installed Adobe Reader software.

If you don't have version 11.0.02, I suggest you uninstall Adobe Reader and either switch to Sumatra PDF or download and update the full version of Adobe Reader from here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

As to the ComboFix log, it is looking pretty good now. I'd like to see another log based on one of the files that ComboFix quarantined.

Please download AdwCleaner by Xplode to your Desktop.

Double-click AdwCleaner.exe to run the tool.
Click Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next response.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1

In addition to the AdwCleaner log, please let me know in your reply if you still having problems with the sound -- whatever those problems are since your brother-in-law just mentioned it in a general way.

anna1362 · April 02, 2013, 04:19:33 PM

Hi Corrine,
i have uninstalled the old Adobe Reader and installed and updated the latest version. I also have Protected View enabled.
Here is the AdwCleaner log you requested:

# AdwCleaner v2.115 - Logfile created 04/02/2013 at 10:46:57
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Anna - CHERYL-PC
# Boot Mode : Normal
# Running from : C:\Users\Anna\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\ProgramData\Ask

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83453B9B-B889-4659-9144-20F081542BDC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2604 octets] - [02/04/2013 10:46:57]

########## EOF - C:\AdwCleaner[R1].txt - [2664 octets] ##########

No sound yet.
Thank you Corrine,
anna1362

Corrine · April 02, 2013, 06:24:54 PM

Good work getting Adobe Reader updated!

Ok, AdwCleaner picked up some additional things so let's get that cleaned up. Please do the following:

Please rescan with AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save any open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

In your next reply, please provide the new AdwCleaner log and then I'll provide instructions for dealing with the tools I had you download.

Regarding the no sound problem, please start with this Microsoft Fix it: Automatically diagnose and fix Windows audio playback problems. Click the link to run the tool and follow the instructions in the wizard.

If after running the Microsoft Fix it the sound problem still exists, please provide additional information about your HP laptop, i.e., Pavillion Model ____. I know it is 64-bit and the operating system is Windows Vista Home Premium. In addition, it may be helpful to have additional audio information. The easiest way is to run Speccy. After running Speccy, click on Audio in the left-hand column. Select the text and copy/paste it here.

anna1362 · April 02, 2013, 09:42:07 PM

Hi Corrine
I ran the AdwCleaner.exe and here is the log that posted:

# AdwCleaner v2.115 - Logfile created 04/02/2013 at 15:57:45
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Anna - CHERYL-PC
# Boot Mode : Normal
# Running from : C:\Users\Anna\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Ask
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83453B9B-B889-4659-9144-20F081542BDC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2731 octets] - [02/04/2013 10:46:57]
AdwCleaner[S1].txt - [2391 octets] - [02/04/2013 15:57:45]

########## EOF - C:\AdwCleaner[S1].txt - [2451 octets] ##########

Regarding the sound problem, I ran Microsoft Fix it...Wow, what an amazing tool to have. (there is now a shortcut on my desktop for Microsoft Fix It) It totally fixed the sound problem...I now have sound. You rawk!
So, what do we do next?

Thank you Corrine,

anna1362

anna1362 · April 02, 2013, 09:44:54 PM

Hi Corrine,

I forgot to mention that the computer is running quicker now.

Thank you,
anna1362

Corrine · April 02, 2013, 11:15:14 PM

:dance: :dance: :dance:

Hi, Anna. Yup, I'm doing a happy dance. I'm so glad that Microsoft Fix it solution worked. There are some amazing solutions that Microsoft has made available that way.

Now we get to "clean up".

1. You can start by deleting SecurityCheck from your desktop. Next, please do the following to uninstall AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Uninstall
Confirm with yes

2. Following that, please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

3. Speaking of System Restore, I mentioned earlier in this process that I noticed you didn't have any restore points and pointed to the link on how to enable System Restore. Please make sure you have enabled SR.

4. The SecurityCheck log showed that you need to defrag your computer. This will also help. It is best do use the defrag tool while no other programs are running. See Improve performance by defragmenting your hard disk.

5. I had noticed earlier that you have Malwarebytes Anti-Malware version 1.60.0.1800 installed. As you can see in our Malwarebytes update topic, v1.70.0.1100 was released a while ago. As part of your general computer maintenance schedule, I suggest a periodic scan with Malwarebytes. It is an excellent anti-malware program. Don't forget to update the definitions first though.

6. As you've learned from the information I've provided you the last couple of days, in addition to Microsoft Security updates on the second Tuesday of the month, it is important to keep third-party programs such as Java and Adobe Products updated. Although some of the problems you had with your laptop were due to whatever your cousin was doing while in possession of your laptop, there are helpful tips and suggestions in "So how did I get infected in the first place?".

Please let me know if you have any questions.

anna1362 · April 03, 2013, 12:25:50 AM

Hi Corrine, Love your Happy Dance :rose:

I deleted SecurityCheck from my desktop.
Followed your instructions to uninstall AdwCleaner.
Clicked start >Run and copied/pasted ComboFix/Uninstall and clicked OK.
System Restore, When you mentioned this earlier I think I did that.
I will defrag after I send this message to you.
OK, I will update Malwarebytes.
I will keep all Third Party Programs such as Java, Adobe and Microsoft Security updated.

I am so happy and thankful for all you did to help me get this great computer in tip top shape. You really rawk!
Thank you, Thank you, Thank you :hug:
anna1362

Corrine · April 03, 2013, 01:18:16 AM

You are very welcome. Besides, you did all the hard work, Anna, and were a pleasure to help.

Now be honest, did your brother-in-law show you where to find the rose image? :lol: He's a special person.

winchester73 · April 03, 2013, 01:22:36 AM

I guess the cousin won't be borrowing this computer for a while :laughing:

Corrine · April 03, 2013, 01:55:35 AM

In the event it is necessary to lend the computer, create a standard user account. Information and links here: What is a standard user account?

anna1362 · April 03, 2013, 02:15:39 AM

Yes my brother-in law is a very special person. No worries here...I won't be lending my shiny clean, inside and out, laptop to anyone! Thanks to you Corrine :rose: :dance: