Eddie, here is the scan following the OTL scan. Are we good now??
I can't thank you enough. You wrote code for me to clean up my mess. I'd like some advice on how to keep this from recurring. I am very careful to not download from trusted sites, or to get into sketch websites. I am also careful about opening ANYTHING that I am not sure is safe. What am I doing that creates my "issues?"
Here goes:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File System32\Drivers\RimUsb.sys not found.
Service IntcAzAudAddService stopped successfully!
Service IntcAzAudAddService deleted successfully!
File system32\drivers\RTKVHDA.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Deni\Documents\~WRL0416.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL0506.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL1312.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL2495.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL2558.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Installer\MSI1436.tmp deleted successfully.
C:\Windows\Installer\MSI2610.tmp deleted successfully.
C:\Windows\Installer\MSI2D05.tmp deleted successfully.
C:\Windows\Installer\MSI2DDA.tmp deleted successfully.
C:\Windows\Installer\MSI2F.tmp deleted successfully.
C:\Windows\Installer\MSI3D15.tmp deleted successfully.
C:\Windows\Installer\MSI4DDE.tmp deleted successfully.
C:\Windows\Installer\MSI4F0D.tmp deleted successfully.
C:\Windows\Installer\MSI52AB.tmp deleted successfully.
C:\Windows\Installer\MSI54EE.tmp deleted successfully.
C:\Windows\Installer\MSI5B08.tmp deleted successfully.
C:\Windows\Installer\MSI6619.tmp deleted successfully.
C:\Windows\Installer\MSI71C7.tmp deleted successfully.
C:\Windows\Installer\MSI79DF.tmp deleted successfully.
C:\Windows\Installer\MSI79F9.tmp deleted successfully.
C:\Windows\Installer\MSI7C62.tmp deleted successfully.
C:\Windows\Installer\MSI7F70.tmp deleted successfully.
C:\Windows\Installer\MSI8F47.tmp deleted successfully.
C:\Windows\Installer\MSI8F7C.tmp deleted successfully.
C:\Windows\Installer\MSI9992.tmp deleted successfully.
C:\Windows\Installer\MSI9CBF.tmp deleted successfully.
C:\Windows\Installer\MSI9D34.tmp deleted successfully.
C:\Windows\Installer\MSI9F38.tmp deleted successfully.
C:\Windows\Installer\MSIA08.tmp deleted successfully.
C:\Windows\Installer\MSIAD69.tmp deleted successfully.
C:\Windows\Installer\MSIAEBA.tmp deleted successfully.
C:\Windows\Installer\MSIB191.tmp deleted successfully.
C:\Windows\Installer\MSIB1B3.tmp deleted successfully.
C:\Windows\Installer\MSIBB34.tmp deleted successfully.
C:\Windows\Installer\MSIBDC9.tmp deleted successfully.
C:\Windows\Installer\MSIBF49.tmp deleted successfully.
C:\Windows\Installer\MSIC593.tmp deleted successfully.
C:\Windows\Installer\MSICB03.tmp deleted successfully.
C:\Windows\Installer\MSICC33.tmp deleted successfully.
C:\Windows\Installer\MSICEB2.tmp deleted successfully.
C:\Windows\Installer\MSID39A.tmp deleted successfully.
C:\Windows\Installer\MSIDD49.tmp deleted successfully.
C:\Windows\Installer\MSIE11C.tmp deleted successfully.
C:\Windows\Installer\MSIE3E4.tmp deleted successfully.
C:\Windows\Installer\MSIE9BF.tmp deleted successfully.
C:\Windows\Installer\MSIECEE.tmp deleted successfully.
C:\Windows\Installer\MSIEFDC.tmp deleted successfully.
C:\Windows\Installer\MSIF4D7.tmp deleted successfully.
C:\Windows\Installer\MSIF793.tmp deleted successfully.
ADS C:\Users\Deni\Documents\FWRulestoLiveByFw.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\Hi + resume.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\HMO.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\MarriageOne-liners.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\FwBlondeBreakdown.eml:OECustomProperty deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Deni\Desktop\cmd.bat deleted successfully.
C:\Users\Deni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 57311 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Deni
->Temp folder emptied: 1510868515 bytes
->Temporary Internet Files folder emptied: 3601318 bytes
->Java cache emptied: 27471300 bytes
->FireFox cache emptied: 47030353 bytes
->Google Chrome cache emptied: 131884563 bytes
->Flash cache emptied: 3267922 bytes
User: Grant
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 42054 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840773798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 183256 bytes
Total Files Cleaned = 2,446.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 09102014_135111
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
I can't thank you enough. You wrote code for me to clean up my mess. I'd like some advice on how to keep this from recurring. I am very careful to not download from trusted sites, or to get into sketch websites. I am also careful about opening ANYTHING that I am not sure is safe. What am I doing that creates my "issues?"
Here goes:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File System32\Drivers\RimUsb.sys not found.
Service IntcAzAudAddService stopped successfully!
Service IntcAzAudAddService deleted successfully!
File system32\drivers\RTKVHDA.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Deni\Documents\~WRL0416.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL0506.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL1312.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL2495.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL2558.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Installer\MSI1436.tmp deleted successfully.
C:\Windows\Installer\MSI2610.tmp deleted successfully.
C:\Windows\Installer\MSI2D05.tmp deleted successfully.
C:\Windows\Installer\MSI2DDA.tmp deleted successfully.
C:\Windows\Installer\MSI2F.tmp deleted successfully.
C:\Windows\Installer\MSI3D15.tmp deleted successfully.
C:\Windows\Installer\MSI4DDE.tmp deleted successfully.
C:\Windows\Installer\MSI4F0D.tmp deleted successfully.
C:\Windows\Installer\MSI52AB.tmp deleted successfully.
C:\Windows\Installer\MSI54EE.tmp deleted successfully.
C:\Windows\Installer\MSI5B08.tmp deleted successfully.
C:\Windows\Installer\MSI6619.tmp deleted successfully.
C:\Windows\Installer\MSI71C7.tmp deleted successfully.
C:\Windows\Installer\MSI79DF.tmp deleted successfully.
C:\Windows\Installer\MSI79F9.tmp deleted successfully.
C:\Windows\Installer\MSI7C62.tmp deleted successfully.
C:\Windows\Installer\MSI7F70.tmp deleted successfully.
C:\Windows\Installer\MSI8F47.tmp deleted successfully.
C:\Windows\Installer\MSI8F7C.tmp deleted successfully.
C:\Windows\Installer\MSI9992.tmp deleted successfully.
C:\Windows\Installer\MSI9CBF.tmp deleted successfully.
C:\Windows\Installer\MSI9D34.tmp deleted successfully.
C:\Windows\Installer\MSI9F38.tmp deleted successfully.
C:\Windows\Installer\MSIA08.tmp deleted successfully.
C:\Windows\Installer\MSIAD69.tmp deleted successfully.
C:\Windows\Installer\MSIAEBA.tmp deleted successfully.
C:\Windows\Installer\MSIB191.tmp deleted successfully.
C:\Windows\Installer\MSIB1B3.tmp deleted successfully.
C:\Windows\Installer\MSIBB34.tmp deleted successfully.
C:\Windows\Installer\MSIBDC9.tmp deleted successfully.
C:\Windows\Installer\MSIBF49.tmp deleted successfully.
C:\Windows\Installer\MSIC593.tmp deleted successfully.
C:\Windows\Installer\MSICB03.tmp deleted successfully.
C:\Windows\Installer\MSICC33.tmp deleted successfully.
C:\Windows\Installer\MSICEB2.tmp deleted successfully.
C:\Windows\Installer\MSID39A.tmp deleted successfully.
C:\Windows\Installer\MSIDD49.tmp deleted successfully.
C:\Windows\Installer\MSIE11C.tmp deleted successfully.
C:\Windows\Installer\MSIE3E4.tmp deleted successfully.
C:\Windows\Installer\MSIE9BF.tmp deleted successfully.
C:\Windows\Installer\MSIECEE.tmp deleted successfully.
C:\Windows\Installer\MSIEFDC.tmp deleted successfully.
C:\Windows\Installer\MSIF4D7.tmp deleted successfully.
C:\Windows\Installer\MSIF793.tmp deleted successfully.
ADS C:\Users\Deni\Documents\FWRulestoLiveByFw.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\Hi + resume.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\HMO.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\MarriageOne-liners.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\FwBlondeBreakdown.eml:OECustomProperty deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Deni\Desktop\cmd.bat deleted successfully.
C:\Users\Deni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 57311 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Deni
->Temp folder emptied: 1510868515 bytes
->Temporary Internet Files folder emptied: 3601318 bytes
->Java cache emptied: 27471300 bytes
->FireFox cache emptied: 47030353 bytes
->Google Chrome cache emptied: 131884563 bytes
->Flash cache emptied: 3267922 bytes
User: Grant
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 42054 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840773798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 183256 bytes
Total Files Cleaned = 2,446.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 09102014_135111
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...