Dopey

OTL logfile created on: 11/3/2013 3:16:02 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony\DOWNLO~1 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.31% Memory free 8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 648.50 Gb Free Space | 69.63% Space Free | Partition Type: NTFS Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/03 15:01:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Downloads\OTL.scr PRC - [2013/10/28 08:36:34 | 000,120,608 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 3\memdefrag.exe PRC - [2013/10/28 08:36:14 | 000,471,840 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe PRC - [2013/10/26 01:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/10/10 16:58:18 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe PRC - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/08/27 21:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013/08/27 21:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/10/06 17:25:56 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/10/01 17:50:42 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe PRC - [2009/02/23 03:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe PRC - [1999/12/12 17:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE ========== Modules (No Company Name) ========== MOD - [2013/10/28 08:37:48 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 3\zlib1.dll MOD - [2013/10/26 01:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/10/10 16:58:17 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll MOD - [2013/07/30 14:04:28 | 000,268,968 | ---- | M] () -- C:\Windows\SysWOW64\sqlite3.dll MOD - [2009/05/11 18:01:12 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe ========== Services (SafeList) ========== SRV:64bit: - [2013/08/27 21:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/10/26 01:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/10/10 16:58:18 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/08/27 21:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013/05/26 14:22:20 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2011/10/06 17:25:56 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/11/20 12:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010/11/05 20:51:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010/11/05 20:50:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/11/05 20:50:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010/11/05 18:04:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/23 03:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [1999/12/12 17:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/17 15:38:21 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2013/08/20 13:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013/06/16 12:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/10/27 15:10:08 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/10/27 15:10:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/09/16 11:41:12 | 001,266,688 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2010/04/07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/10/19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 01:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Tony\My Documents\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 15 4D 74 C3 D0 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {4F573494-8192-458C-BB96-15B6C09FA9E2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{139D9AD2-026D-45EA-8FCD-725B58714921}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKCU\..\SearchScopes\{4F573494-8192-458C-BB96-15B6C09FA9E2}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749" FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com?type=902615&fr=spigot-yhp-ff" FF - prefs.js..browser.search.defaultenginename: "Yahoo!" FF - prefs.js..browser.search.selectedEngine: "Yahoo!" FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 14:30:35 | 000,000,000 | ---D | M] [2011/02/12 17:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions [2013/10/24 13:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions [2013/11/03 14:56:56 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\speeddial@instair.net [2012/05/26 02:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\staged [2013/10/24 13:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions [2012/04/28 23:48:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\en-GB@dictionaries.addons.mozilla.org [2013/11/03 14:56:57 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\speeddial@instair.net [2013/10/10 16:30:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/09/29 19:00:33 | 000,000,911 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\searchplugins\yahoo_ff.xml [2013/10/24 11:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/11/03 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/11/03 14:47:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\ CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ O1 HOSTS File: ([2013/11/03 01:46:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A5F192F-0DA1-45BF-8D40-8FED194BEBF0}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/03 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled [2013/11/03 14:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled [2013/11/03 02:03:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/11/03 02:01:12 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/11/03 01:53:07 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/11/03 01:31:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/11/03 01:31:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/11/03 01:31:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/11/03 01:26:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/11/03 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/10/31 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/10/31 19:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/10/31 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/10/31 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/10/31 19:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/10/27 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\Tony\Documents\Arma 3 - Other Profiles [2013/10/26 12:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg [2013/10/24 11:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/10/23 10:37:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/10/21 12:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2013/10/20 13:51:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/20 13:51:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/20 13:51:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/10/20 13:51:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/10/20 13:51:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/10/20 13:51:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/10/20 13:51:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/10/20 13:51:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/10/20 13:51:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/10/20 13:51:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/10/20 13:51:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/10/20 13:51:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/20 13:51:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/20 13:51:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/20 13:51:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/19 22:42:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} [2013/10/17 15:38:21 | 000,883,928 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/10/17 15:38:21 | 000,074,456 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2013/10/17 10:44:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/10/17 10:43:59 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/10/10 22:07:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/10 22:07:00 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/10 22:07:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/10 22:07:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/10 22:07:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/10 22:07:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/10 22:07:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/10 22:07:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/10 22:07:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/10 22:06:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/10 22:06:58 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys [2013/10/10 22:06:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013/10/10 22:06:50 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/10 22:06:50 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013/10/10 22:06:49 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/10 22:06:49 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/10 22:06:49 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013/10/10 22:06:48 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/10 22:06:48 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013/10/10 22:06:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/10 22:06:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/10 22:06:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/10 22:06:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/10 22:06:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/10 22:06:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/10 22:06:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 22:06:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 22:06:30 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll ========== Files - Modified Within 30 Days ========== [2013/11/03 14:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/03 14:51:54 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/03 14:51:54 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/03 14:50:31 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/11/03 14:50:31 | 000,665,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/11/03 14:50:31 | 000,125,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/11/03 14:48:03 | 000,002,048 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/11/03 14:48:03 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/11/03 14:45:08 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013/11/03 14:44:43 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/11/03 14:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/03 14:44:24 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013/11/03 14:19:31 | 000,001,108 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/11/03 14:19:31 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013/11/03 14:12:24 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/11/03 01:46:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/11/03 01:39:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job [2013/11/02 22:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job [2013/10/31 20:47:20 | 004,012,032 | ---- | M] () -- C:\Users\Tony\Desktop\RogueKillerX64.exe [2013/10/28 08:38:22 | 000,024,352 | ---- | M] () -- C:\Windows\SysNative\RegBootDefrag.exe [2013/10/21 16:10:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 3.job [2013/10/20 18:31:15 | 004,996,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/17 15:38:21 | 000,883,928 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/10/17 15:38:21 | 000,108,760 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2013/10/17 15:38:21 | 000,074,456 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2013/10/17 15:32:08 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/10/13 18:13:24 | 000,143,236 | ---- | M] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg [2013/10/12 14:55:48 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/10/10 22:12:18 | 000,765,664 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/10 16:58:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/10 16:58:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/09 01:46:34 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe ========== Files Created - No Company Name ========== [2013/11/03 14:42:23 | 000,024,352 | ---- | C] () -- C:\Windows\SysNative\RegBootDefrag.exe [2013/11/03 01:31:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/11/03 01:31:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/11/03 01:31:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/11/03 01:31:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/11/03 01:31:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/10/31 20:47:21 | 004,012,032 | ---- | C] () -- C:\Users\Tony\Desktop\RogueKillerX64.exe [2013/10/17 15:32:08 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/10/14 15:59:19 | 004,996,016 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/13 18:13:20 | 000,143,236 | ---- | C] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg [2013/10/08 15:07:54 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/09/29 19:00:41 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2013/08/12 23:54:29 | 000,000,165 | ---- | C] () -- C:\ProgramData\nvbgswnaaokwuhnhwkk.reg [2013/01/08 17:33:18 | 000,000,128 | ---- | C] () -- C:\Users\Tony\wxDownloadFast.ini [2012/12/29 13:37:11 | 000,000,054 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\mbam.context.scan [2012/12/05 17:33:20 | 000,007,672 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg [2012/10/01 15:13:22 | 000,033,134 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\UserTile.png [2011/09/03 13:46:23 | 000,004,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010/11/20 10:58:52 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >

I know you guys dont like Glary Utilitys and things like that, but its easy for me to find stuff on there that I dont know where to look for on the puter, I just had a look at my start up menu and it was running about 25 things in the background, so I managed to stop all them from running now, now its running faster at least and booting up quicker Also I noted ( when I was following your instructions) that there are lots of left over bits on my computer that after I have deleted things, remnants still remain (like google chrome for instance) and I dont use that at all, is there anything that will get rid of all there bits left over from deleting programs out there that I can use to clean up my computer??

Hi m8, ok did all that, and the ComboFix last night, didn't go on the puter much after that, but I will give it a few days and see if it has improved it, it did freeze after the ComboFix when I have nothing running (did the ComboFix started it up and just had my desktop only running and it froze up) that was yesterday though, I will get back to you even if its working OK so you know that you have sorted it out for me or not though, just to say, it happens when I am on the internet mostly... but thats what I mostly use it for anyway, so maybe thats the only time I notice it most, was playing on line most of last night and it seemed to be fine then (Arma 3)

Thanks for hanging in there fore me and helping me out, I really appreciate it ComboFix 13-11-01.03 - Tony 03/11/2013 1:34.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2805 [GMT 0:00] Running from: c:\users\Tony\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\50ec58eb118c89.81293188.js c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\background.html c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\content.js c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\lsdb.js c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\manifest.json c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\sqlite.js c:\windows\SysWow64\tmp51A8.tmp c:\windows\SysWow64\tmp625B.tmp c:\windows\SysWow64\tmp626C.tmp c:\windows\SysWow64\tmpD12E.tmp c:\windows\SysWow64\tmpF20B.tmp . . ((((((((((((((((((((((((( Files Created from 2013-10-03 to 2013-11-03 ))))))))))))))))))))))))))))))) . . 2013-11-03 01:44 . 2013-11-03 01:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-03 01:44 . 2013-11-03 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-03 01:44 . 2013-11-03 01:44 -------- d-----w- c:\users\Alan\AppData\Local\temp 2013-11-02 13:33 . 2013-11-02 13:33 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F2D005A-2D79-47D4-AD4B-BCA3E8855816}\offreg.dll 2013-11-02 13:32 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F2D005A-2D79-47D4-AD4B-BCA3E8855816}\mpengine.dll 2013-11-01 22:26 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\program files\iPod 2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\program files\iTunes 2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\program files (x86)\iTunes 2013-10-26 12:59 . 2013-10-26 12:59 -------- d-----w- c:\programdata\dbg 2013-10-24 11:39 . 2013-10-24 11:39 -------- d-----w- c:\windows\ERUNT 2013-10-23 10:37 . 2013-10-23 10:52 -------- d-----w- C:\AdwCleaner 2013-10-22 22:51 . 2013-10-22 22:51 -------- d-----w- c:\users\Alan\AppData\Local\Apple 2013-10-21 12:53 . 2013-10-21 12:53 -------- d-----w- c:\programdata\VirtualizedApplications 2013-10-20 13:51 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-10-20 13:13 . 2013-10-20 13:13 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-10-19 22:42 . 2013-10-19 22:42 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-10-19 15:42 . 2013-10-19 15:41 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390E35F9-D71A-4382-95A3-0A04F6A0320C}\gapaengine.dll 2013-10-17 15:38 . 2013-10-17 15:38 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-10-17 15:38 . 2013-10-17 15:38 74456 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-10-17 14:59 . 2013-09-11 02:28 271256 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-10-17 10:44 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-17 10:44 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-17 10:44 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-17 10:43 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-17 10:43 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-17 10:43 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-10-17 10:43 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-12 21:31 . 2013-09-29 06:50 16640 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys 2013-10-10 22:07 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-10-10 22:07 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2013-10-10 22:07 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll 2013-10-10 22:07 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-10-10 22:07 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll 2013-10-10 22:07 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-10-10 22:07 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2013-10-10 22:07 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-10-10 22:07 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2013-10-10 22:07 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll 2013-10-10 22:07 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-10-10 22:07 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-17 15:38 . 2010-11-05 20:48 108760 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-10-12 14:55 . 2010-11-20 10:57 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-10-10 22:06 . 2010-11-08 19:36 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-10 16:58 . 2012-04-04 22:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-10 16:58 . 2011-05-14 10:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 01:46 . 2013-08-13 15:14 117024 ----a-w- c:\windows\system32\BootDefrag.exe 2013-09-12 08:58 . 2013-09-29 15:17 9281032 ----a-w- c:\windows\system32\nvcuda.dll 2013-09-12 08:58 . 2013-09-29 15:17 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-09-12 08:58 . 2013-09-29 15:17 7648000 ----a-w- c:\windows\system32\nvopencl.dll 2013-09-12 08:58 . 2013-09-29 15:17 681760 ----a-w- c:\windows\system32\NvFBC64.dll 2013-09-12 08:58 . 2013-09-29 15:17 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-09-12 08:58 . 2013-09-29 15:17 603424 ----a-w- c:\windows\system32\NvIFR64.dll 2013-09-12 08:58 . 2013-09-29 15:17 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll 2013-09-12 08:58 . 2013-09-29 15:17 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll 2013-09-12 08:58 . 2013-09-29 15:17 317472 ----a-w- c:\windows\system32\nvoglshim64.dll 2013-09-12 08:58 . 2013-09-29 15:17 2970400 ----a-w- c:\windows\system32\nvcuvid.dll 2013-09-12 08:58 . 2013-09-29 15:17 29337376 ----a-w- c:\windows\system32\nvoglv64.dll 2013-09-12 08:58 . 2013-09-29 15:17 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-09-12 08:58 . 2013-09-29 15:17 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2013-09-12 08:58 . 2013-09-29 15:17 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-09-12 08:58 . 2013-09-29 15:17 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-09-12 08:58 . 2013-09-29 15:17 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-09-12 08:58 . 2013-09-29 15:17 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-09-12 08:58 . 2013-09-29 15:17 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll 2013-09-12 08:58 . 2013-09-29 15:17 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-09-12 08:58 . 2013-09-29 15:17 168616 ----a-w- c:\windows\system32\nvinitx.dll 2013-09-12 08:58 . 2013-09-29 15:17 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-09-12 08:58 . 2013-09-29 15:17 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll 2013-09-12 08:58 . 2013-09-29 15:17 141336 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-09-12 08:58 . 2013-09-29 15:17 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-09-12 08:58 . 2013-09-29 15:17 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-09-12 08:58 . 2013-09-29 15:17 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-09-12 08:58 . 2013-02-25 23:32 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-09-12 08:58 . 2013-02-25 23:32 2986672 ----a-w- c:\windows\system32\nvapi64.dll 2013-09-12 08:58 . 2013-02-25 23:32 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-09-12 08:58 . 2013-02-25 23:32 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-09-12 08:58 . 2013-02-25 23:32 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-09-12 07:25 . 2010-07-09 16:27 6599968 ----a-w- c:\windows\system32\nvcpl.dll 2013-09-12 07:25 . 2010-07-09 16:27 3452192 ----a-w- c:\windows\system32\nvsvc64.dll 2013-09-12 07:25 . 2010-07-09 16:27 920864 ----a-w- c:\windows\system32\nvvsvc.exe 2013-09-12 07:25 . 2010-07-09 16:27 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-09-12 07:25 . 2010-07-09 16:27 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-09-12 00:17 . 2013-09-12 00:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-09-11 22:06 . 2012-11-18 01:46 3361114 ----a-w- c:\windows\system32\nvcoproc.bin 2013-09-07 13:54 . 2011-03-26 10:56 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-29 01:48 . 2013-10-10 22:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-20 13:33 . 2013-09-29 15:17 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-08-20 13:32 . 2013-09-29 15:17 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-08-20 13:32 . 2013-09-29 15:17 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-12 23:54 . 2013-08-12 23:54 165 ----a-w- c:\programdata\nvbgswnaaokwuhnhwkk.reg 2013-08-05 02:25 . 2013-09-12 22:17 155584 ----a-w- c:\windows\system32\drivers\ataport.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x] R3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Tony\Documents\RealTemp_360\WinRing0x64.sys;c:\users\Tony\Documents\RealTemp_360\WinRing0x64.sys [x] S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58] . 2013-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job - c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 21:34] . 2013-11-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job - c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 21:34] . 2013-11-03 c:\windows\Tasks\GlaryInitialize 3.job - c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-09 01:43] . 2013-11-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2010-11-07 14:39] . 2013-10-21 c:\windows\Tasks\GlaryOneClickOptimizer 3.job - c:\program files (x86)\Glary Utilities 3\OneClickMaintenance.exe [2013-10-09 01:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google UK - the web FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p= FF - ExtSQL: 2013-10-05 01:28; speeddial@instair.net; c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\speeddial@instair.net . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file) ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file) ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file) ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2555688491-1503391189-1753796050-1000\Software\SecuROM\License information*] "datasecu"=hex:bc,3f,18,32,46,8b,58,be,6b,8d,60,57,e1,3e,82,52,d2,7c,87,9f,76, 24,8f,a3,b5,f8,a7,be,ee,99,03,cc,03,ee,6b,a3,e2,90,31,fd,21,26,3d,9a,70,02,\ "rkeysecu"=hex:78,94,07,c7,f1,28,93,8f,93,8f,b2,77,4a,5b,bf,40 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\CTsvcCDA.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Glary Utilities 3\Integrator.exe . ************************************************************************** . Completion time: 2013-11-03 01:53:05 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-03 01:53 . Pre-Run: 696,972,906,496 bytes free Post-Run: 696,885,092,352 bytes free . - - End Of File - - 45DF765EE2C9162322F842C0117F8DCB A36C5E4F47E84449FF07ED3517B43A31

Its still hanging, like something in the background is working.... the pointer sometimes is almost cartoon type of look to it, and when it freezez the pointer will go from an arrow to like when you hover it over text, and sometimes it disappears altogether, when I run Glary Utility's it seems to clear??

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Tony [Admin rights] Mode : Scan -- Date : 11/02/2013 00:28:39 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++ --- User --- [MBR] 15877e2e3d6a25daeb63d3592c54315c [bSP] 167b38a0c85df663d060e86365d142e2 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [******] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11022013_002839.txt >> RKreport[0]_H_10312013_205456.txt

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Tony [Admin rights] Mode : Scan -- Date : 10/31/2013 20:49:11 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++ --- User --- [MBR] 15877e2e3d6a25daeb63d3592c54315c [bSP] 167b38a0c85df663d060e86365d142e2 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [******] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10312013_204911.txt >>

I will do that now, but just to say I had DayZ Commander on my computer, uninstalled it, and everything seems to be ok since I did it??

OTL Extras logfile created on: 10/26/2013 2:21:08 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.40% Memory free 8.00 Gb Paging File | 5.65 Gb Available in Paging File | 70.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 658.36 Gb Free Space | 70.68% Space Free | Partition Type: NTFS Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{27D174AD-46B4-4801-9F86-125F915D7C45}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{9DC14DF4-B41B-41DD-9918-B2722F83FCB3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{E6E0C98A-4E09-489D-AE8A-42EB86ADE17B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{FE7921C6-686B-4AC9-ACF3-02E63A8CD241}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{189A42FB-D445-461F-ABE0-684FC4E78AC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{1B1A0A76-D184-4088-859D-AAAFF760E823}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{1FEEF270-4623-41A1-AFDE-A457609407B4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{20579408-81BD-4493-BED0-BE6CAC7EE711}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{27BC1475-9E0E-43F4-805A-A9D24CD1FCEF}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe | "{28CBEA23-D797-4886-9661-48B89095A58D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{2B26F4B3-0CB7-463C-A1DD-5986AB0C58CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3CA888B5-99CF-45E9-93BA-A834812396E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{46C0D375-DB9B-480B-BD3A-263878239657}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{47DEB6BD-A3A1-424F-92C0-5DB7DD483822}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{512C446E-1693-49A0-8131-A06C2C31BA59}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5EC37336-3C07-40F5-A4A6-D3F0039F2621}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{6AC6DCEF-538D-43FC-96DF-07EC94FF0F77}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{91901907-C687-4E26-88D2-3AC1903CFE17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{9D3C2F60-3062-4648-B1E6-D675339D2ED1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe | "{AD9439D4-DD44-4AE9-BBD9-50BC99FE09E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{B5821FB4-1ABE-403C-BBF6-84335383BE3B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{B81F37E3-E66C-419C-BD78-E0018ACADEE0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{DAC5667D-B477-4228-91C2-3C2BDEA7C63D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{E22097E2-3ECE-4672-A52E-EAE23491F331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{EB13C6C6-4BE0-40A1-9C70-E645370ACA02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{EFBA669C-EEE9-4E4A-A9B9-6E32D9E588F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{F2D11C65-5DAD-4BD0-882B-A23695BCE48C}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe | "{F507E309-EE71-4553-A280-58883D8F371B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{F58FE1B3-A8C3-49F8-9BFE-FEE0DF3DCF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe | "{F83855B7-B5CC-4BF4-A547-A883BDDFD0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{11F7DCD0-48B7-4356-AF93-D2A0E20B951E}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe | "TCP Query User{330057FE-D96A-4A25-B385-A57EFCC08E93}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe | "TCP Query User{48C9DFB1-18C7-4E3A-9DAD-26F9412B33DC}C:\program files\bohemia interactive\arma 2\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | "TCP Query User{511AB1F0-D3FC-45D9-B189-BC81019A911A}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "TCP Query User{773FE939-4DE5-46E4-8CBE-8685951BD251}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{853D00B6-6BC6-448E-8BBF-79CD5F43A958}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | "TCP Query User{A4141BF0-E853-4858-A4D0-BD5CD6257A7E}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe | "UDP Query User{09BAA13A-371B-459A-8A53-7C619A458A4B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{1EF7AD0B-51A8-4ECD-B7CB-A4C9887AA469}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe | "UDP Query User{5FE89D3D-27EA-492A-A7CE-E9256A9F6863}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "UDP Query User{62A15E89-F256-4B64-95BD-96360A9B9ADA}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe | "UDP Query User{8537DC2D-D031-40D9-A46A-3A796DFDCDF2}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | "UDP Query User{99863786-F7E0-4829-9A24-E2694F540EC5}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe | "UDP Query User{F1CAD4CA-A5B1-4447-8522-9664F4BA11FD}C:\program files\bohemia interactive\arma 2\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit) "{2770B8D8-701A-1D22-635F-8711DFC06B92}" = ATI Catalyst Install Manager "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 327.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 326.01 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5 "{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014 "{E0776C6D-B8A2-45AA-962A-9B0FFEFEAD14}" = AVG 2014 "{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud "{EC4F682A-70AE-4924-ABCF-388C37AC4ADC}" = WxDownload Expansion "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2014 "CCleaner" = CCleaner "C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3D7BD974-6769-447A-9991-E617B9C8A396}" = TruckMate Updater "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C047BD9-6E24-4728-9C46-0AE4814997CF}" = DayZ Commander "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4 "{556A649F-72D2-4E41-A40C-794E0277AADB}" = System Requirements Lab CYRI "{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64AEB598-E518-4AD0-B02B-99F365B8054C}" = Serif PanoramaPlus Starter Edition "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FCC000C1-892D-4AF5-A5B9-BCB5ECB00EB7}" = Snooper Map Downloader "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ArmA 2" = ArmA 2 Uninstall "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "ASRock IES_is1" = ASRock IES v2.0.83 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.24 "ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.76 "AudibleManager" = AudibleManager "BattlEye for OA" = BattlEye for OA Uninstall "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creative Removable Disk Manager" = Creative Removable Disk Manager "Glary Utilities 3" = Glary Utilities PRO 3.9.3 "Glary Utilities_is1" = Glary Utilities Pro 2.55.0.1790 "GoToAssist" = GoToAssist Corporate "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "Intelli-studio" = SAMSUNG Intelli-studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "PDFlite" = PDFlite 0.6 "Smart Defrag 2_is1" = Smart Defrag 2 "Spotify" = Spotify "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 107410" = Arma 3 Alpha "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 8930" = Sid Meier's Civilization V "SysInfo" = Creative System Information "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ System Events ] Error - 10/25/2013 6:13:46 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect. Error - 10/25/2013 6:13:46 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000 Description = The Group Policy Client service failed to start due to the following error: %%1053 Error - 10/25/2013 6:13:53 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000 Description = The SecureUpdate service failed to start due to the following error: %%2 Error - 10/26/2013 8:45:31 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect. Error - 10/26/2013 8:45:31 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000 Description = The Group Policy Client service failed to start due to the following error: %%1053 Error - 10/26/2013 8:45:40 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000 Description = The SecureUpdate service failed to start due to the following error: %%2 Error - 10/26/2013 9:14:00 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7043 Description = The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. Error - 10/26/2013 9:15:10 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect. Error - 10/26/2013 9:15:10 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000 Description = The Group Policy Client service failed to start due to the following error: %%1053 Error - 10/26/2013 9:15:25 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000 Description = The SecureUpdate service failed to start due to the following error: %%2 < End of report >

Is this correct this time (I hope) OTL logfile created on: 10/26/2013 2:21:08 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.40% Memory free 8.00 Gb Paging File | 5.65 Gb Available in Paging File | 70.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 658.36 Gb Free Space | 70.68% Space Free | Partition Type: NTFS Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tony\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files (x86)\Glary Utilities 3\Integrator.exe (Glarysoft Ltd) PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Glary Utilities 3\zlib1.dll () MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\sqlite3.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe (McAfee, Inc.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BootDefragDriver) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys (<Glarysoft Ltd>) DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Users\Tony\My Documents\RealTemp_360\WinRing0x64.sys (OpenLibSys.org) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 15 4D 74 C3 D0 CE 01 [binary data] IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {4F573494-8192-458C-BB96-15B6C09FA9E2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{139D9AD2-026D-45EA-8FCD-725B58714921}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKCU\..\SearchScopes\{4F573494-8192-458C-BB96-15B6C09FA9E2}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749" FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com?type=902615&fr=spigot-yhp-ff" FF - prefs.js..browser.search.defaultenginename: "Yahoo!" FF - prefs.js..browser.search.selectedEngine: "Yahoo!" FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 15:30:35 | 000,000,000 | ---D | M] [2011/02/12 18:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions [2013/10/24 14:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions [2013/10/05 00:28:21 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\speeddial@instair.net [2012/05/26 03:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\staged [2013/10/24 14:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions [2012/04/29 00:48:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\en-GB@dictionaries.addons.mozilla.org [2013/10/05 00:28:25 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\speeddial@instair.net [2013/10/10 17:30:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/09/29 20:00:33 | 000,000,911 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\searchplugins\yahoo_ff.xml [2013/10/24 12:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/10/17 15:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/17 15:59:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\ CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\ CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A5F192F-0DA1-45BF-8D40-8FED194BEBF0}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.229\SSScheduler.exe - (McAfee, Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Syrius Truck Mate Updater.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Syrius Updater Commercial.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda W54P.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Advanced SystemCare Ultimate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ApplePhotoStreams - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe () MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe () MsConfig:64bit - StartUpReg: CTSyncService - hkey= - key= - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: CTSyncU.exe - hkey= - key= - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe () MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) MsConfig:64bit - StartUpReg: IObit Malware Fighter - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) MsConfig:64bit - StartUpReg: Nvtmru - hkey= - key= - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Tony\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/10/26 13:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg [2013/10/24 12:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/10/23 11:37:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/10/22 23:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/10/22 23:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/10/22 23:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/10/22 23:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/10/22 23:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/10/21 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2013/10/20 14:51:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/20 14:51:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/20 14:51:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/10/20 14:51:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/10/20 14:51:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/10/20 14:51:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/10/20 14:51:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/10/20 14:51:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/10/20 14:51:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/10/20 14:51:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/10/20 14:51:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/10/20 14:51:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/20 14:51:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/20 14:51:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/20 14:51:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/19 23:42:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} [2013/10/17 16:38:21 | 000,883,928 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/10/17 16:38:21 | 000,074,456 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2013/10/17 11:44:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/10/17 11:43:59 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/10/13 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\AVG2014 [2013/10/13 19:21:55 | 000,000,000 | -H-D | C] -- C:\$AVG [2013/10/13 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013/10/13 19:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/10/13 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Avg2014 [2013/10/12 22:31:00 | 000,016,640 | ---- | C] (<Glarysoft Ltd>) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys [2013/10/10 23:07:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/10 23:07:00 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/10 23:07:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/10 23:07:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/10 23:07:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/10 23:07:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/10 23:07:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/10 23:07:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/10 23:07:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/10 23:06:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/10 23:06:58 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys [2013/10/10 23:06:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013/10/10 23:06:50 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/10 23:06:50 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013/10/10 23:06:49 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/10 23:06:49 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/10 23:06:49 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013/10/10 23:06:48 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/10 23:06:48 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013/10/10 23:06:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/10 23:06:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/10 23:06:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/10 23:06:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/10 23:06:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/10 23:06:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/10 23:06:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 23:06:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 23:06:30 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll [2013/09/29 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Overwolf [2013/09/29 20:00:24 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe [2013/09/29 17:19:11 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\NVIDIA [2013/09/29 16:17:46 | 029,337,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013/09/29 16:17:46 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/09/29 16:17:46 | 022,102,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/09/29 16:17:46 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/09/29 16:17:46 | 015,703,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013/09/29 16:17:46 | 012,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013/09/29 16:17:46 | 009,281,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/09/29 16:17:46 | 007,720,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/09/29 16:17:46 | 007,648,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/09/29 16:17:46 | 006,329,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/09/29 16:17:46 | 002,970,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/09/29 16:17:46 | 002,789,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/09/29 16:17:46 | 002,367,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/09/29 16:17:46 | 002,007,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/09/29 16:17:46 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432723.dll [2013/09/29 16:17:46 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432723.dll [2013/09/29 16:17:46 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013/09/29 16:17:46 | 001,222,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013/09/29 16:17:46 | 000,681,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2013/09/29 16:17:46 | 000,603,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2013/09/29 16:17:46 | 000,586,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2013/09/29 16:17:46 | 000,515,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2013/09/29 16:17:46 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2013/09/29 16:17:46 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2013/09/29 16:17:46 | 000,196,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013/09/29 16:17:46 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013/09/29 16:17:46 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013/09/29 16:17:46 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys [2013/09/29 16:17:46 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013/09/29 16:17:46 | 000,029,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll [2013/09/29 16:17:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll [2013/09/29 15:54:46 | 000,000,000 | ---D | C] -- C:\MicroProse [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/26 14:22:55 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/26 14:22:55 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/26 14:16:50 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013/10/26 14:15:49 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/10/26 14:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/26 14:15:00 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013/10/26 13:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/26 01:39:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job [2013/10/22 23:55:40 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/22 22:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job [2013/10/21 17:10:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 3.job [2013/10/21 13:45:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/10/20 20:29:09 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/20 20:29:09 | 000,665,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/20 20:29:09 | 000,125,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/20 19:31:15 | 004,996,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/20 14:13:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/17 16:38:21 | 000,883,928 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/10/17 16:38:21 | 000,108,760 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2013/10/17 16:38:21 | 000,074,456 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2013/10/17 16:32:08 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/10/17 15:59:56 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/10/17 15:59:55 | 000,002,048 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/10/16 00:55:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/10/13 19:13:24 | 000,143,236 | ---- | M] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg [2013/10/12 22:31:00 | 000,001,108 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/10/12 22:31:00 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013/10/12 15:55:48 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/10/10 23:12:18 | 000,765,664 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/10 17:58:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/10 17:58:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/09 02:46:34 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2013/09/29 20:00:20 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk [2013/09/29 16:30:39 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013/09/29 07:50:02 | 000,016,640 | ---- | M] (<Glarysoft Ltd>) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/17 16:32:08 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/10/14 16:59:19 | 004,996,016 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/13 19:22:22 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/13 19:13:20 | 000,143,236 | ---- | C] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg [2013/10/08 16:07:54 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/09/29 20:00:41 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2013/09/29 20:00:22 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys [2013/09/29 16:30:39 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013/08/13 00:54:29 | 000,000,165 | ---- | C] () -- C:\ProgramData\nvbgswnaaokwuhnhwkk.reg [2013/01/08 18:33:18 | 000,000,128 | ---- | C] () -- C:\Users\Tony\wxDownloadFast.ini [2012/12/29 14:37:11 | 000,000,054 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\mbam.context.scan [2012/12/05 18:33:20 | 000,007,672 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg [2012/10/01 16:13:22 | 000,033,134 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\UserTile.png [2011/09/03 14:46:23 | 000,004,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2013/01/24 22:48:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$91a0c369510174ef9d0d3e09072ae411\L [2013/01/24 22:48:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$91a0c369510174ef9d0d3e09072ae411\U [2010/11/20 11:58:52 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/09/07 15:02:42 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Absolute Uninstaller [2010/11/06 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\ASUS [2013/01/12 17:59:59 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG [2013/10/13 19:22:47 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG2014 [2012/03/16 16:42:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Azureus [2013/07/03 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\GlarySoft [2013/10/17 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\IObit [2011/02/12 03:15:11 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\OpenOffice.org [2012/10/11 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\PDAppFlex [2012/02/25 01:10:38 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\PDFlite [2012/06/04 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SecondLife [2011/02/15 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\six-rsync [2012/09/22 01:39:24 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SoftGrid Client [2013/10/13 18:57:14 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Spotify [2011/02/13 21:05:09 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Subversion [2012/02/14 13:08:03 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SumatraPDF [2011/01/04 01:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SystemRequirementsLab [2012/03/19 16:01:37 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TP [2013/10/26 13:59:39 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TS3Client [2013/03/04 19:36:29 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\ts3overlay [2013/03/03 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\ts3overlay_hook_win64 [2013/01/12 17:54:23 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/10/17 16:32:08 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2012/12/27 00:39:32 | 000,000,394 | ---- | M] () -- C:\CD Drive - Shortcut.lnk [2013/09/18 17:31:09 | 000,000,075 | ---- | M] () -- C:\DiskDefrag.log [2008/04/11 11:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt [2008/04/11 11:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt [2008/04/11 11:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt [2008/04/11 11:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt [2008/04/11 11:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt [2008/04/11 11:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt [2008/04/11 11:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt [2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt [2008/04/11 11:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt [2008/04/11 11:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt [2008/04/11 11:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2013/10/26 14:15:00 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2008/04/11 11:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini [2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll [2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2013/10/26 14:14:59 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys [2013/10/14 03:18:29 | 000,000,000 | ---- | M] () -- C:\Recovery.txt [2008/04/11 11:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2008/04/11 11:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab [2008/04/11 11:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) < End of report >

I also did this.... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Ultimate x64 Ran by Tony on 24/10/2013 at 12:39:47.02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\u*******bar ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Tony\appdata\locallow\u*******bar" Successfully deleted: [Folder] "C:\Program Files (x86)\secure speed dial" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{00FADB78-E25F-42A8-B7A1-E24CBBEE0392} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{0A4D429A-CF14-4BC6-BDAF-37A720F11CB5} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{17BCC791-205D-4D55-A4B7-E901083FA367} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{27B55D09-6944-4C6D-95E7-44563E15AF4A} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{34A28E58-5711-44E8-B51E-213C156603C9} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{3C30F236-C698-40F8-B2AE-0A814A6C1EA6} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{473BF339-E57B-429C-A412-DF7D37F8A986} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{48657573-9152-4BB7-9A1B-79B425A09F7B} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{49D94C18-7CE4-4C6D-B6C3-914ECC463307} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{5314473D-9BB6-4707-9D25-6D5DE27C69B4} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{53A8D78B-726C-402D-BDEF-FF7D73FC5F47} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{7D206791-20FA-4BFD-A399-8846FFF57740} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{97D2C99B-A233-46E0-A70D-AFC4BE39DC04} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{99D48C7B-0646-462D-BD41-D466EF077BD5} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{9FD7D96D-9DE9-49B2-9D63-445516D04C84} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{A0754D93-369E-4591-B57F-F31F8DB820ED} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{A1544F02-2D0F-4D52-BCDC-4B935EAD0338} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{A8D00073-B668-4319-BF17-98E94B25C0C2} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{D4626455-786A-44BE-BD26-5621BB0B723C} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{DBEE4EDD-2CD5-4955-A8C0-D8E468DB6C1B} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{E9E7C3B1-E91A-4DB7-9ADB-3A705A5434A6} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{EBA92247-3C04-4EE9-B6F7-3ED10A83CB44} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{F609810D-4023-4D1D-8397-06F8CE18F9D0} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{F9BB0449-B6A6-45F2-895B-80E55398E3CF} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{FB50C578-1842-43B8-9DB2-E12591F82261} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{FD809251-E185-49FF-B298-DC818495FD64} Successfully deleted: [Empty Folder] C:\Users\Tony\appdata\local\{FF792B0F-0569-4563-9E2F-D3B74D69579C} ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\staged" Emptied folder: C:\Users\Tony\AppData\Roaming\mozilla\firefox\profiles\bxl72wd6.default\minidumps [998 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24/10/2013 at 12:45:40.18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I only got one report folder on it... OTL logfile created on: 10/23/2013 3:36:23 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tony\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.03% Memory free 8.00 Gb Paging File | 5.83 Gb Available in Paging File | 72.88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 659.25 Gb Free Space | 70.78% Space Free | Partition Type: NTFS Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Glary Utilities 3\Integrator.exe (Glarysoft Ltd) PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Users\Tony\Downloads\OTL(1).scr (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Glary Utilities 3\zlib1.dll () MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\sqlite3.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (SecureUpdateSvc) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe (Secure Speed Dial) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe (McAfee, Inc.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BootDefragDriver) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys (<Glarysoft Ltd>) DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (nvvad_WaveExtensible) NVIDIA Virtual Audio Device (Wave Extensible) (WDM) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Users\Tony\My Documents\RealTemp_360\WinRing0x64.sys (OpenLibSys.org) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D E1 EE 27 28 C9 CE 01 [binary data] IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749" FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com?type=902615&fr=spigot-yhp-ff" FF - prefs.js..browser.search.defaultenginename: "Yahoo!" FF - prefs.js..browser.search.selectedEngine: "Yahoo!" FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 15:30:35 | 000,000,000 | ---D | M] [2011/02/12 18:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions [2013/10/19 23:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions [2013/10/05 00:28:21 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\speeddial@instair.net [2012/05/26 03:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\staged [2013/10/19 23:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions [2012/04/29 00:48:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\en-GB@dictionaries.addons.mozilla.org [2013/10/05 00:28:25 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\speeddial@instair.net [2013/09/29 20:00:33 | 000,000,911 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\searchplugins\yahoo_ff.xml [2013/05/25 13:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/10 20:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\staged [2013/10/17 15:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/17 15:59:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\ CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\ CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A5F192F-0DA1-45BF-8D40-8FED194BEBF0}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.229\SSScheduler.exe - (McAfee, Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Syrius Truck Mate Updater.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Syrius Updater Commercial.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda W54P.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Advanced SystemCare Ultimate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ApplePhotoStreams - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe () MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe () MsConfig:64bit - StartUpReg: CTSyncService - hkey= - key= - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: CTSyncU.exe - hkey= - key= - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe () MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) MsConfig:64bit - StartUpReg: IObit Malware Fighter - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) MsConfig:64bit - StartUpReg: Nvtmru - hkey= - key= - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Tony\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2013/10/23 11:37:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/10/22 23:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/10/22 23:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/10/22 23:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/10/22 23:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/10/22 23:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/10/21 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2013/10/20 14:51:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/20 14:51:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/20 14:51:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/10/20 14:51:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/10/20 14:51:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/10/20 14:51:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/10/20 14:51:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/10/20 14:51:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/10/20 14:51:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/10/20 14:51:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/10/20 14:51:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/10/20 14:51:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/20 14:51:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/20 14:51:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/20 14:51:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/19 23:42:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} [2013/10/17 16:38:21 | 000,883,928 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/10/17 16:38:21 | 000,074,456 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2013/10/17 11:44:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/10/17 11:43:59 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/10/13 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\AVG2014 [2013/10/13 19:21:55 | 000,000,000 | -H-D | C] -- C:\$AVG [2013/10/13 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013/10/13 19:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/10/13 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Avg2014 [2013/10/13 18:57:26 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{97D2C99B-A233-46E0-A70D-AFC4BE39DC04} [2013/10/13 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{A0754D93-369E-4591-B57F-F31F8DB820ED} [2013/10/12 22:31:00 | 000,016,640 | ---- | C] (<Glarysoft Ltd>) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys [2013/10/10 23:07:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/10 23:07:00 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/10 23:07:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/10 23:07:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/10 23:07:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/10 23:07:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/10 23:07:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/10 23:07:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/10 23:07:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/10 23:06:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/10 23:06:58 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys [2013/10/10 23:06:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013/10/10 23:06:50 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/10 23:06:50 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013/10/10 23:06:49 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/10 23:06:49 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/10 23:06:49 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013/10/10 23:06:48 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/10 23:06:48 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013/10/10 23:06:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/10 23:06:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/10 23:06:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/10 23:06:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/10 23:06:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/10 23:06:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/10 23:06:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 23:06:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 23:06:30 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll [2013/09/29 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Overwolf [2013/09/29 20:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial [2013/09/29 20:00:24 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe [2013/09/29 17:19:11 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\NVIDIA [2013/09/29 16:17:46 | 029,337,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013/09/29 16:17:46 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/09/29 16:17:46 | 022,102,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/09/29 16:17:46 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/09/29 16:17:46 | 015,703,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013/09/29 16:17:46 | 012,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013/09/29 16:17:46 | 009,281,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/09/29 16:17:46 | 007,720,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/09/29 16:17:46 | 007,648,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/09/29 16:17:46 | 006,329,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/09/29 16:17:46 | 002,970,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/09/29 16:17:46 | 002,789,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/09/29 16:17:46 | 002,367,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/09/29 16:17:46 | 002,007,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/09/29 16:17:46 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432723.dll [2013/09/29 16:17:46 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432723.dll [2013/09/29 16:17:46 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013/09/29 16:17:46 | 001,222,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013/09/29 16:17:46 | 000,681,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2013/09/29 16:17:46 | 000,603,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2013/09/29 16:17:46 | 000,586,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2013/09/29 16:17:46 | 000,515,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2013/09/29 16:17:46 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2013/09/29 16:17:46 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2013/09/29 16:17:46 | 000,196,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013/09/29 16:17:46 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013/09/29 16:17:46 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013/09/29 16:17:46 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys [2013/09/29 16:17:46 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013/09/29 16:17:46 | 000,029,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll [2013/09/29 16:17:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll [2013/09/29 15:54:46 | 000,000,000 | ---D | C] -- C:\MicroProse [2013/09/25 21:07:30 | 000,148,792 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/23 14:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/23 14:43:55 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/23 14:43:55 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/23 14:38:53 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013/10/23 14:37:53 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/10/23 14:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/23 14:36:26 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013/10/23 13:39:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job [2013/10/22 23:55:40 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/22 22:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job [2013/10/21 17:10:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 3.job [2013/10/21 13:45:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/10/20 20:29:09 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/20 20:29:09 | 000,665,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/20 20:29:09 | 000,125,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/20 19:31:15 | 004,996,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/20 14:13:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/17 16:38:21 | 000,883,928 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/10/17 16:38:21 | 000,108,760 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2013/10/17 16:38:21 | 000,074,456 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2013/10/17 16:32:08 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/10/17 15:59:56 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/10/17 15:59:55 | 000,002,048 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/10/16 00:55:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/10/13 19:13:24 | 000,143,236 | ---- | M] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg [2013/10/12 22:31:00 | 000,001,108 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/10/12 22:31:00 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013/10/12 15:55:48 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/10/10 23:12:18 | 000,765,664 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/10 17:58:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/10 17:58:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/09 02:46:34 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2013/09/29 20:00:20 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk [2013/09/29 16:30:39 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013/09/29 07:50:02 | 000,016,640 | ---- | M] (<Glarysoft Ltd>) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/17 16:32:08 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/10/14 16:59:19 | 004,996,016 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/13 19:22:22 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013/10/13 19:13:20 | 000,143,236 | ---- | C] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg [2013/10/08 16:07:54 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/09/29 20:00:41 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2013/09/29 20:00:22 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys [2013/09/29 16:30:39 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013/08/13 00:54:29 | 000,000,165 | ---- | C] () -- C:\ProgramData\nvbgswnaaokwuhnhwkk.reg [2012/12/29 14:37:11 | 000,000,054 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\mbam.context.scan [2012/12/05 18:33:20 | 000,007,672 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg [2012/10/01 16:13:22 | 000,033,134 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\UserTile.png [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/03 14:46:23 | 000,004,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/11 23:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/11 23:10:12 | 000,765,664 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/20 11:57:27 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/11/20 11:57:21 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/11/20 11:57:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010/11/17 23:38:02 | 000,166,520 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010/11/06 00:13:37 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2010/11/06 00:13:37 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2010/11/06 00:13:37 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2010/11/06 00:13:27 | 000,042,386 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2010/11/05 22:30:43 | 000,000,944 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2010/11/05 22:25:09 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2010/11/05 21:51:50 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2010/11/05 21:51:50 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2010/11/05 21:51:50 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2010/11/05 21:51:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010/11/05 21:51:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/03/12 07:30:20 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini ========== LOP Check ========== [2013/09/07 15:02:42 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Absolute Uninstaller [2010/11/06 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\ASUS [2013/01/12 17:59:59 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG [2013/10/13 19:22:47 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG2014 [2012/03/16 16:42:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Azureus [2013/07/03 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\GlarySoft [2013/10/17 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\IObit [2011/02/12 03:15:11 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\OpenOffice.org [2012/10/11 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\PDAppFlex [2012/02/25 01:10:38 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\PDFlite [2012/06/04 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SecondLife [2011/02/15 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\six-rsync [2012/09/22 01:39:24 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SoftGrid Client [2013/10/13 18:57:14 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Spotify [2011/02/13 21:05:09 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Subversion [2012/02/14 13:08:03 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SumatraPDF [2011/01/04 01:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SystemRequirementsLab [2012/03/19 16:01:37 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TP [2013/10/17 15:00:05 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TS3Client [2013/03/04 19:36:29 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\ts3overlay [2013/03/03 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\ts3overlay_hook_win64 [2013/01/12 17:54:23 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TuneUp Software [2013/10/22 22:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job [2013/10/23 13:39:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job [2013/10/23 14:38:53 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize 3.job [2013/10/23 14:37:53 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2013/10/21 17:10:06 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\GlaryOneClickOptimizer 3.job [2013/10/11 22:19:21 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/10/17 16:32:08 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2012/12/27 00:39:32 | 000,000,394 | ---- | M] () -- C:\CD Drive - Shortcut.lnk [2013/09/18 17:31:09 | 000,000,075 | ---- | M] () -- C:\DiskDefrag.log [2008/04/11 11:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt [2008/04/11 11:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt [2008/04/11 11:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt [2008/04/11 11:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt [2008/04/11 11:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt [2008/04/11 11:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt [2008/04/11 11:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt [2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt [2008/04/11 11:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt [2008/04/11 11:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt [2008/04/11 11:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2013/10/23 14:36:26 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2008/04/11 11:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini [2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll [2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2013/10/23 14:36:26 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys [2013/10/14 03:18:29 | 000,000,000 | ---- | M] () -- C:\Recovery.txt [2012/02/12 22:32:40 | 000,000,237 | ---- | M] () -- C:\user.js [2008/04/11 11:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2008/04/11 11:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab [2008/04/11 11:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/09/11 04:33:26 | 000,871,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/09/11 03:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) < End of report >

Hi m8, its downloading.... but its not giving me the setup so I cant open it, but I went into the folder and started it that way.... running it now, says it is creating a restore point, but its taking a long time, its ok its running again

spoke farrrr too soon, its still hanging LOL

so far... so good, seems to be running ok now, thanks to everyone for the help you have given me, but I will check back and see if you guys tell me any different!!!!

# AdwCleaner v3.010 - Report created 23/10/2013 at 11:40:23 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Tony - TONY-PC # Running from : C:\Users\Tony\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\wxDownload Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\ConduitEngine Folder Deleted : C:\Program Files (x86)\wxDownload Folder Deleted : C:\Program Files (x86)\Common Files\spigot Folder Deleted : C:\Users\Tony\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Tony\AppData\Local\Wajam Folder Deleted : C:\Users\Tony\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Tony\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Tony\AppData\LocalLow\Playbryte Folder Deleted : C:\Users\Tony\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\Tony\AppData\LocalLow\wxDownload Folder Deleted : C:\Users\Alan\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Alan\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Alan\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Alan\AppData\LocalLow\wxDownload Folder Deleted : C:\Users\Alan\AppData\Roaming\Iminent Folder Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\Smartbar Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Folder Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\Extensions\playbryte@playbryte.com File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml File Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\user.js File Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\user.js File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68C7884B-1046-498B-A66C-62C8E918C3FD} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-GB) [ File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\prefs.js ] [ File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("extensions.50ec58eb11a0d.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...] Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("extensions.funmoods.aflt", "axl"); Line Deleted : user_pref("extensions.funmoods.autoRvrt", false); Line Deleted : user_pref("extensions.funmoods.dfltLng", ""); Line Deleted : user_pref("extensions.funmoods.dfltSrch", false); Line Deleted : user_pref("extensions.funmoods.dnsErr", true); Line Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Line Deleted : user_pref("extensions.funmoods.excTlbr", false); Line Deleted : user_pref("extensions.funmoods.hmpg", false); Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0CzztA0AtAyD0CtAzzzztBtDtCyC0C0FtN0D0TzutBtDtCtBtDyDtByC&cr=361523456"); Line Deleted : user_pref("extensions.funmoods.id", "542916cf0000000000000025225fa632"); Line Deleted : user_pref("extensions.funmoods.instlDay", "15486"); Line Deleted : user_pref("extensions.funmoods.instlRef", "axl"); Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0CzztA0AtAyD0CtAzzzztBtDtCyC0C0FtN0D0TzutBtDtCtBtDyDtByC&cr=361523456"); Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Line Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Line Deleted : user_pref("extensions.funmoods_i.newTab", false); Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.223:30:37"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); [ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\9xx1rj7u.default\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); -\\ Google Chrome v [ File : C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11421 octets] - [23/10/2013 11:38:04] AdwCleaner[R1].txt - [11482 octets] - [23/10/2013 11:39:06] AdwCleaner[s0].txt - [10691 octets] - [23/10/2013 11:40:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10752 octets] ##########

OK I will do that now, been away for a few days sorry, but I am still following this, I run Firefox, I guess thats ok?

Malwarebytes Anti-Malware 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.10.21.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Tony :: TONY-PC [administrator] 21/10/2013 13:15:53 malware1.txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 257436 Time elapsed: 21 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. Registry Values Detected: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0N1F1MtGtCtH1U1T1Q0ZtF1N -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Program Files (x86)\DealPly (PUP.Optional.DealPly.A) -> No action taken. C:\Users\Tony\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken. Files Detected: 5 C:\Users\Tony\Downloads\pdflitefam_d3759449.exe (PUP.Optional.InstallIQ) -> No action taken. C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly.A) -> No action taken. C:\Users\Tony\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> No action taken. (end)

Ok found it.... what do you think?? Malwarebytes Anti-Malware 1.70.0.1100 http://www.malwarebytes.org Database version: v2012.12.28.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tony :: TONY-PC [administrator] 28/12/2012 16:07:23 mbam-log-2012-12-28 (16-07-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 263670 Time elapsed: 7 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully. Files Detected: 1 C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully. (end)

I think this is the one with the 15 problems on it... running the full scan its found 1 problem so far, will show the results when its done, thanks for helping me out appreciate your time (edit) hmm its saying none were found, must have done it after, shure I saved it though... cant find it Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.21.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Tony :: TONY-PC [administrator] 21/10/2013 13:15:53 malware1.txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 257436 Time elapsed: 21 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. Registry Values Detected: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0N1F1MtGtCtH1U1T1Q0ZtF1N -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Program Files (x86)\DealPly (PUP.Optional.DealPly.A) -> No action taken. C:\Users\Tony\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken. Files Detected: 5 C:\Users\Tony\Downloads\pdflitefam_d3759449.exe (PUP.Optional.InstallIQ) -> No action taken. C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly.A) -> No action taken. C:\Users\Tony\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> No action taken. C:\Users\Alan\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> No action taken. (end)

It was a quick one.... you think I should do a full one I am thinking??? I will do that now, just cleaned the heat sink on the cpu just in case (it was dirty and full of dust)

While im here ..... will it benefit me if I were to delete all the empty folders on the computer? (apparently there's over 4k of them)

I have just run maiwarebytes and it seems to have improved the problem (found 15 problems or trojans)

Hi all, problem, my pointer is hanging, the pointing hand is replaced with an "I" and the screen freezes, for sometimes up to 30 seconds, or when I go to a new page, the blue circle also freezes I have AGV and have run it a few times, but it still happens and the computer still freezes, can someone please help me out?? thanks

Yea thats what it was.... just crud, it had a lot of gunk in the fins, gave it a good clean with a small paint brush, and CD cleaner, its working fine again now, thanks guys