Jump to content

Hanging

Dopey
 Share

Recommended Posts

Starbuck Newbie

Starbuck

Posted
Posted

Hi Dopey,

 

Thanks.

The report is looking better than i thought..... so that's good. :)

 

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure that only the following lines are ticked. ( you can untick the others)
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

 

Then give me an update and let me know how the system is running..... any problems?

 

Thanks

Member of:

UNITE

  • Replies 44
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Dopey Newbie

Dopey

Posted
  • Author
Posted

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Tony [Admin rights]

Mode : Scan -- Date : 11/02/2013 00:28:39

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] 15877e2e3d6a25daeb63d3592c54315c

[bSP] 167b38a0c85df663d060e86365d142e2 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [******] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_11022013_002839.txt >>

RKreport[0]_H_10312013_205456.txt

Dopey Newbie

Dopey

Posted
  • Author
Posted (edited)
Its still hanging, like something in the background is working.... the pointer sometimes is almost cartoon type of look to it, and when it freezez the pointer will go from an arrow to like when you hover it over text, and sometimes it disappears altogether, when I run Glary Utility's it seems to clear?? Edited by Dopey
Starbuck Newbie

Starbuck

Posted
Posted

Hi there,

 

Thanks for that update.

Time to dig a little deeper then.... hopefully it'll be down to a simple settings somewhere, but let's not take the chance.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
    Vista/Win7 users should right click on the icon and select Run as Administrator.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Thanks

Member of:

UNITE

Dopey Newbie

Dopey

Posted
  • Author
Posted

Thanks for hanging in there fore me and helping me out, I really appreciate it

 

 

ComboFix 13-11-01.03 - Tony 03/11/2013 1:34.1.6 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2805 [GMT 0:00]

Running from: c:\users\Tony\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\50ec58eb118c89.81293188.js

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\background.html

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\content.js

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\lsdb.js

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\manifest.json

c:\users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikclkfbbobabigdokedmlneheokblncg\1\sqlite.js

c:\windows\SysWow64\tmp51A8.tmp

c:\windows\SysWow64\tmp625B.tmp

c:\windows\SysWow64\tmp626C.tmp

c:\windows\SysWow64\tmpD12E.tmp

c:\windows\SysWow64\tmpF20B.tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-10-03 to 2013-11-03 )))))))))))))))))))))))))))))))

.

.

2013-11-03 01:44 . 2013-11-03 01:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-11-03 01:44 . 2013-11-03 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-03 01:44 . 2013-11-03 01:44 -------- d-----w- c:\users\Alan\AppData\Local\temp

2013-11-02 13:33 . 2013-11-02 13:33 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F2D005A-2D79-47D4-AD4B-BCA3E8855816}\offreg.dll

2013-11-02 13:32 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F2D005A-2D79-47D4-AD4B-BCA3E8855816}\mpengine.dll

2013-11-01 22:26 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\program files\iPod

2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\program files\iTunes

2013-10-31 19:52 . 2013-10-31 19:52 -------- d-----w- c:\program files (x86)\iTunes

2013-10-26 12:59 . 2013-10-26 12:59 -------- d-----w- c:\programdata\dbg

2013-10-24 11:39 . 2013-10-24 11:39 -------- d-----w- c:\windows\ERUNT

2013-10-23 10:37 . 2013-10-23 10:52 -------- d-----w- C:\AdwCleaner

2013-10-22 22:51 . 2013-10-22 22:51 -------- d-----w- c:\users\Alan\AppData\Local\Apple

2013-10-21 12:53 . 2013-10-21 12:53 -------- d-----w- c:\programdata\VirtualizedApplications

2013-10-20 13:51 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-20 13:13 . 2013-10-20 13:13 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-10-19 22:42 . 2013-10-19 22:42 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-10-19 15:42 . 2013-10-19 15:41 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390E35F9-D71A-4382-95A3-0A04F6A0320C}\gapaengine.dll

2013-10-17 15:38 . 2013-10-17 15:38 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-10-17 15:38 . 2013-10-17 15:38 74456 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-10-17 14:59 . 2013-09-11 02:28 271256 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-10-17 10:44 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-17 10:44 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-17 10:44 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-17 10:43 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-17 10:43 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-17 10:43 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-17 10:43 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-12 21:31 . 2013-09-29 06:50 16640 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2013-10-10 22:07 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

2013-10-10 22:07 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll

2013-10-10 22:07 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll

2013-10-10 22:07 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll

2013-10-10 22:07 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll

2013-10-10 22:07 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-10-10 22:07 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll

2013-10-10 22:07 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2013-10-10 22:07 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll

2013-10-10 22:07 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll

2013-10-10 22:07 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-10-10 22:07 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-17 15:38 . 2010-11-05 20:48 108760 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-10-12 14:55 . 2010-11-20 10:57 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-10-10 22:06 . 2010-11-08 19:36 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-10-10 16:58 . 2012-04-04 22:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-10 16:58 . 2011-05-14 10:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 01:46 . 2013-08-13 15:14 117024 ----a-w- c:\windows\system32\BootDefrag.exe

2013-09-12 08:58 . 2013-09-29 15:17 9281032 ----a-w- c:\windows\system32\nvcuda.dll

2013-09-12 08:58 . 2013-09-29 15:17 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-09-12 08:58 . 2013-09-29 15:17 7648000 ----a-w- c:\windows\system32\nvopencl.dll

2013-09-12 08:58 . 2013-09-29 15:17 681760 ----a-w- c:\windows\system32\NvFBC64.dll

2013-09-12 08:58 . 2013-09-29 15:17 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-09-12 08:58 . 2013-09-29 15:17 603424 ----a-w- c:\windows\system32\NvIFR64.dll

2013-09-12 08:58 . 2013-09-29 15:17 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll

2013-09-12 08:58 . 2013-09-29 15:17 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll

2013-09-12 08:58 . 2013-09-29 15:17 317472 ----a-w- c:\windows\system32\nvoglshim64.dll

2013-09-12 08:58 . 2013-09-29 15:17 2970400 ----a-w- c:\windows\system32\nvcuvid.dll

2013-09-12 08:58 . 2013-09-29 15:17 29337376 ----a-w- c:\windows\system32\nvoglv64.dll

2013-09-12 08:58 . 2013-09-29 15:17 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-09-12 08:58 . 2013-09-29 15:17 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll

2013-09-12 08:58 . 2013-09-29 15:17 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-09-12 08:58 . 2013-09-29 15:17 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-09-12 08:58 . 2013-09-29 15:17 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-09-12 08:58 . 2013-09-29 15:17 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-09-12 08:58 . 2013-09-29 15:17 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll

2013-09-12 08:58 . 2013-09-29 15:17 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-09-12 08:58 . 2013-09-29 15:17 168616 ----a-w- c:\windows\system32\nvinitx.dll

2013-09-12 08:58 . 2013-09-29 15:17 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-09-12 08:58 . 2013-09-29 15:17 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll

2013-09-12 08:58 . 2013-09-29 15:17 141336 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-09-12 08:58 . 2013-09-29 15:17 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-09-12 08:58 . 2013-09-29 15:17 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-09-12 08:58 . 2013-09-29 15:17 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-09-12 08:58 . 2013-02-25 23:32 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-09-12 08:58 . 2013-02-25 23:32 2986672 ----a-w- c:\windows\system32\nvapi64.dll

2013-09-12 08:58 . 2013-02-25 23:32 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-09-12 08:58 . 2013-02-25 23:32 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-09-12 08:58 . 2013-02-25 23:32 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-09-12 07:25 . 2010-07-09 16:27 6599968 ----a-w- c:\windows\system32\nvcpl.dll

2013-09-12 07:25 . 2010-07-09 16:27 3452192 ----a-w- c:\windows\system32\nvsvc64.dll

2013-09-12 07:25 . 2010-07-09 16:27 920864 ----a-w- c:\windows\system32\nvvsvc.exe

2013-09-12 07:25 . 2010-07-09 16:27 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-09-12 07:25 . 2010-07-09 16:27 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-09-12 00:17 . 2013-09-12 00:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-09-11 22:06 . 2012-11-18 01:46 3361114 ----a-w- c:\windows\system32\nvcoproc.bin

2013-09-07 13:54 . 2011-03-26 10:56 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-08-29 01:48 . 2013-10-10 22:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-20 13:33 . 2013-09-29 15:17 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2013-08-20 13:32 . 2013-09-29 15:17 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll

2013-08-20 13:32 . 2013-09-29 15:17 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2013-08-12 23:54 . 2013-08-12 23:54 165 ----a-w- c:\programdata\nvbgswnaaokwuhnhwkk.reg

2013-08-05 02:25 . 2013-09-12 22:17 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]

R3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.229\McCHSvc.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Tony\Documents\RealTemp_360\WinRing0x64.sys;c:\users\Tony\Documents\RealTemp_360\WinRing0x64.sys [x]

S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]

.

2013-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job

- c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 21:34]

.

2013-11-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job

- c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 21:34]

.

2013-11-03 c:\windows\Tasks\GlaryInitialize 3.job

- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-09 01:43]

.

2013-11-03 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-11-07 14:39]

.

2013-10-21 c:\windows\Tasks\GlaryOneClickOptimizer 3.job

- c:\program files (x86)\Glary Utilities 3\OneClickMaintenance.exe [2013-10-09 01:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google UK - the web

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=

FF - ExtSQL: 2013-10-05 01:28; speeddial@instair.net; c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\speeddial@instair.net

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)

ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)

ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)

ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2555688491-1503391189-1753796050-1000\Software\SecuROM\License information*]

"datasecu"=hex:bc,3f,18,32,46,8b,58,be,6b,8d,60,57,e1,3e,82,52,d2,7c,87,9f,76,

24,8f,a3,b5,f8,a7,be,ee,99,03,cc,03,ee,6b,a3,e2,90,31,fd,21,26,3d,9a,70,02,\

"rkeysecu"=hex:78,94,07,c7,f1,28,93,8f,93,8f,b2,77,4a,5b,bf,40

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\CTsvcCDA.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Glary Utilities 3\Integrator.exe

.

**************************************************************************

.

Completion time: 2013-11-03 01:53:05 - machine was rebooted

ComboFix-quarantined-files.txt 2013-11-03 01:53

.

Pre-Run: 696,972,906,496 bytes free

Post-Run: 696,885,092,352 bytes free

.

- - End Of File - - 45DF765EE2C9162322F842C0117F8DCB

A36C5E4F47E84449FF07ED3517B43A31

Starbuck Newbie

Starbuck

Posted
Posted

Hi Dopey

 

  Quote
Thanks for hanging in there fore me and helping me out,

It's not a problem at all.

We are quite stubborn here, so we never give up easily. :)

 

Has there been any improvement after running Combofix?

 

If not, try this (it will tell us if it's a third party program causing it).

 

Hold down the Windows key on your keyboard and press the R key.

With the Run dialogue window open, type in msconfig and click the OK button.

 

You should now be looking at the System Configuration window. Click on the Services tab.

 

On the Services tab, youll notice a long list of services available on your PC

First, check the box labeled Hide All Microsoft Services. <<<<<<<<<<< Important

Next, click the Disable All button

 

By performing these two steps, you have effectively turned off all services from third-party software developers. All Microsoft services remain intact and will be ready to load when you reboot Windows.

 

Finally, click the OK button and reboot the system

 

When you reboot, you may get messages that certain hardware and software are not unavailable. This is normal.

 

Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC.

 

Remember, running Windows like this is just temporary.

 

 

 

To restore Windows to a normal start up functionality:

  • Start the System Configuration Utility again (MSCONFIG)
  • On the "General" tab:
  • Click to select "Normal Startup"
  • Click "OK"
  • Choose the "Exit with Restart" option to restart your computer.

 

Let me know if running the 'Clean Boot' makes any difference.

Member of:

UNITE

Dopey Newbie

Dopey

Posted
  • Author
Posted (edited)
Hi m8, ok did all that, and the ComboFix last night, didn't go on the puter much after that, but I will give it a few days and see if it has improved it, it did freeze after the ComboFix when I have nothing running (did the ComboFix started it up and just had my desktop only running and it froze up) that was yesterday though, I will get back to you even if its working OK so you know that you have sorted it out for me or not though, just to say, it happens when I am on the internet mostly... but thats what I mostly use it for anyway, so maybe thats the only time I notice it most, was playing on line most of last night and it seemed to be fine then (Arma 3) Edited by Dopey
Dopey Newbie

Dopey

Posted
  • Author
Posted (edited)

I know you guys dont like Glary Utilitys and things like that, but its easy for me to find stuff on there that I dont know where to look for on the puter, I just had a look at my start up menu and it was running about 25 things in the background, so I managed to stop all them from running now, now its running faster at least and booting up quicker

 

 

Also I noted ( when I was following your instructions) that there are lots of left over bits on my computer that after I have deleted things, remnants still remain (like google chrome for instance) and I dont use that at all, is there anything that will get rid of all there bits left over from deleting programs out there that I can use to clean up my computer??

Edited by Dopey
Starbuck Newbie

Starbuck

Posted
Posted
  Quote
I just had a look at my start up menu and it was running about 25 things in the background, so I managed to stop all them from running now, now its running faster at least and booting up quicker

That was the idea of trying the 'Clean Boot'

 

  Quote
Also I noted ( when I was following your instructions) that there are lots of left over bits on my computer that after I have deleted things, remnants still remain (like google chrome for instance) and I dont use that at all

Ok, run another Otl scan (using the instructions below) and i'll check the uninstall list against the main report and see what can be removed.

 

Double click on OTL to run it.

  • Under Extra Registry section, make sure that Use SafeList is checked.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Member of:

UNITE

Dopey Newbie

Dopey

Posted
  • Author
Posted

OTL logfile created on: 11/3/2013 3:16:02 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony\DOWNLO~1

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.31% Memory free

8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 648.50 Gb Free Space | 69.63% Space Free | Partition Type: NTFS

 

Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/11/03 15:01:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Downloads\OTL.scr

PRC - [2013/10/28 08:36:34 | 000,120,608 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 3\memdefrag.exe

PRC - [2013/10/28 08:36:14 | 000,471,840 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe

PRC - [2013/10/26 01:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/10/10 16:58:18 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

PRC - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/08/27 21:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

PRC - [2013/08/27 21:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/10/06 17:25:56 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010/10/01 17:50:42 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe

PRC - [2009/02/23 03:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

PRC - [1999/12/12 17:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/10/28 08:37:48 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 3\zlib1.dll

MOD - [2013/10/26 01:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/10/10 16:58:17 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

MOD - [2013/07/30 14:04:28 | 000,268,968 | ---- | M] () -- C:\Windows\SysWOW64\sqlite3.dll

MOD - [2009/05/11 18:01:12 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll

MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/08/27 21:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/10/26 01:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/10/10 16:58:18 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/08/27 21:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2013/05/26 14:22:20 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)

SRV - [2011/10/06 17:25:56 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/11/20 12:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010/11/05 20:51:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/11/05 20:50:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/11/05 20:50:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)

SRV - [2010/11/05 18:04:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/23 03:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [1999/12/12 17:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/10/17 15:38:21 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2013/08/20 13:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2013/06/16 12:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/10/27 15:10:08 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/10/27 15:10:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/09/16 11:41:12 | 001,266,688 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)

DRV:64bit: - [2010/04/07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)

DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/10/19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 01:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Tony\My Documents\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 15 4D 74 C3 D0 CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {4F573494-8192-458C-BB96-15B6C09FA9E2}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{139D9AD2-026D-45EA-8FCD-725B58714921}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}

IE - HKCU\..\SearchScopes\{4F573494-8192-458C-BB96-15B6C09FA9E2}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.0.4

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749"

FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com?type=902615&fr=spigot-yhp-ff"

FF - prefs.js..browser.search.defaultenginename: "Yahoo!"

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 14:30:35 | 000,000,000 | ---D | M]

 

[2011/02/12 17:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions

[2013/10/24 13:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions

[2013/11/03 14:56:56 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\speeddial@instair.net

[2012/05/26 02:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\extensions\staged

[2013/10/24 13:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions

[2012/04/28 23:48:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2013/11/03 14:56:57 | 000,000,000 | ---D | M] (Secure Speed Dial) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\speeddial@instair.net

[2013/10/10 16:30:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\bxl72wd6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/09/29 19:00:33 | 000,000,911 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\searchplugins\yahoo_ff.xml

[2013/10/24 11:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/11/03 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/11/03 14:47:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

========== Chrome ==========

 

CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\

CHR - Extension: No name found = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

 

O1 HOSTS File: ([2013/11/03 01:46:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)

O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()

O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A5F192F-0DA1-45BF-8D40-8FED194BEBF0}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/03 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled

[2013/11/03 14:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled

[2013/11/03 02:03:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/11/03 02:01:12 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/11/03 01:53:07 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/11/03 01:31:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/11/03 01:31:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/11/03 01:31:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/11/03 01:26:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/11/03 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/10/31 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/10/31 19:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/10/31 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/10/31 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/10/31 19:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/10/27 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\Tony\Documents\Arma 3 - Other Profiles

[2013/10/26 12:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg

[2013/10/24 11:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/10/23 10:37:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/10/21 12:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2013/10/20 13:51:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/10/20 13:51:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/10/20 13:51:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/10/20 13:51:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/10/20 13:51:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/10/20 13:51:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/10/20 13:51:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/10/20 13:51:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/10/20 13:51:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/10/20 13:51:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/10/20 13:51:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/10/20 13:51:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/10/20 13:51:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/10/20 13:51:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/10/20 13:51:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/10/19 22:42:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

[2013/10/17 15:38:21 | 000,883,928 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2013/10/17 15:38:21 | 000,074,456 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll

[2013/10/17 10:44:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2013/10/17 10:43:59 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2013/10/10 22:07:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/10/10 22:07:00 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/10/10 22:07:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/10/10 22:07:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2013/10/10 22:07:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/10/10 22:07:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/10/10 22:07:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll

[2013/10/10 22:07:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/10/10 22:07:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll

[2013/10/10 22:06:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/10/10 22:06:58 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys

[2013/10/10 22:06:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2013/10/10 22:06:50 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/10/10 22:06:50 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll

[2013/10/10 22:06:49 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/10/10 22:06:49 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/10/10 22:06:49 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll

[2013/10/10 22:06:48 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/10/10 22:06:48 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll

[2013/10/10 22:06:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/10/10 22:06:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/10/10 22:06:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/10/10 22:06:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/10/10 22:06:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/10/10 22:06:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/10/10 22:06:34 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll

[2013/10/10 22:06:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

[2013/10/10 22:06:30 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/03 14:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/11/03 14:51:54 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/03 14:51:54 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/03 14:50:31 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/11/03 14:50:31 | 000,665,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/11/03 14:50:31 | 000,125,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/11/03 14:48:03 | 000,002,048 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/11/03 14:48:03 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/11/03 14:45:08 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job

[2013/11/03 14:44:43 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2013/11/03 14:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/03 14:44:24 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/03 14:19:31 | 000,001,108 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk

[2013/11/03 14:19:31 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk

[2013/11/03 14:12:24 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/11/03 01:46:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/11/03 01:39:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001UA.job

[2013/11/02 22:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555688491-1503391189-1753796050-1001Core.job

[2013/10/31 20:47:20 | 004,012,032 | ---- | M] () -- C:\Users\Tony\Desktop\RogueKillerX64.exe

[2013/10/28 08:38:22 | 000,024,352 | ---- | M] () -- C:\Windows\SysNative\RegBootDefrag.exe

[2013/10/21 16:10:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 3.job

[2013/10/20 18:31:15 | 004,996,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/17 15:38:21 | 000,883,928 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2013/10/17 15:38:21 | 000,108,760 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll

[2013/10/17 15:38:21 | 000,074,456 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll

[2013/10/17 15:32:08 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2013/10/13 18:13:24 | 000,143,236 | ---- | M] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg

[2013/10/12 14:55:48 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/10/10 22:12:18 | 000,765,664 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/10/10 16:58:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/10/10 16:58:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/10/09 01:46:34 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe

 

========== Files Created - No Company Name ==========

 

[2013/11/03 14:42:23 | 000,024,352 | ---- | C] () -- C:\Windows\SysNative\RegBootDefrag.exe

[2013/11/03 01:31:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/11/03 01:31:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/11/03 01:31:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/11/03 01:31:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/11/03 01:31:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/10/31 20:47:21 | 004,012,032 | ---- | C] () -- C:\Users\Tony\Desktop\RogueKillerX64.exe

[2013/10/17 15:32:08 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2013/10/14 15:59:19 | 004,996,016 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/13 18:13:20 | 000,143,236 | ---- | C] () -- C:\Users\Tony\Documents\cc_20131013_191318.reg

[2013/10/08 15:07:54 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/09/29 19:00:41 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2013/08/12 23:54:29 | 000,000,165 | ---- | C] () -- C:\ProgramData\nvbgswnaaokwuhnhwkk.reg

[2013/01/08 17:33:18 | 000,000,128 | ---- | C] () -- C:\Users\Tony\wxDownloadFast.ini

[2012/12/29 13:37:11 | 000,000,054 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\mbam.context.scan

[2012/12/05 17:33:20 | 000,007,672 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg

[2012/10/01 15:13:22 | 000,033,134 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\UserTile.png

[2011/09/03 13:46:23 | 000,004,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2010/11/20 10:58:52 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

< End of report >

Dopey Newbie

Dopey

Posted
  • Author
Posted

OTL Extras logfile created on: 11/3/2013 3:16:02 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony\DOWNLO~1

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.31% Memory free

8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 648.50 Gb Free Space | 69.63% Space Free | Partition Type: NTFS

 

Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{27D174AD-46B4-4801-9F86-125F915D7C45}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{9DC14DF4-B41B-41DD-9918-B2722F83FCB3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{E6E0C98A-4E09-489D-AE8A-42EB86ADE17B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{FE7921C6-686B-4AC9-ACF3-02E63A8CD241}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{035C3266-E816-46C7-A69B-B33912B9B26A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{166D1D5B-1020-4CDD-B736-A56F99FCDF20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{189A42FB-D445-461F-ABE0-684FC4E78AC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |

"{1B1A0A76-D184-4088-859D-AAAFF760E823}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{27BC1475-9E0E-43F4-805A-A9D24CD1FCEF}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe |

"{2B26F4B3-0CB7-463C-A1DD-5986AB0C58CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{46C0D375-DB9B-480B-BD3A-263878239657}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{5E964D71-6B97-4ACD-BF6F-3E32EAD2185B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |

"{5EC37336-3C07-40F5-A4A6-D3F0039F2621}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |

"{6AC6DCEF-538D-43FC-96DF-07EC94FF0F77}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |

"{91901907-C687-4E26-88D2-3AC1903CFE17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{A94C3BC3-2F0E-4D37-AA85-F861DEB9D292}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{B81F37E3-E66C-419C-BD78-E0018ACADEE0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |

"{B9C3A6B9-1D42-4D2B-B609-A56AB5A659A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |

"{DAC5667D-B477-4228-91C2-3C2BDEA7C63D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"{E22097E2-3ECE-4672-A52E-EAE23491F331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"{EFBA669C-EEE9-4E4A-A9B9-6E32D9E588F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{F2D11C65-5DAD-4BD0-882B-A23695BCE48C}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe |

"{F507E309-EE71-4553-A280-58883D8F371B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{F83855B7-B5CC-4BF4-A547-A883BDDFD0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{11F7DCD0-48B7-4356-AF93-D2A0E20B951E}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe |

"TCP Query User{330057FE-D96A-4A25-B385-A57EFCC08E93}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe |

"TCP Query User{48C9DFB1-18C7-4E3A-9DAD-26F9412B33DC}C:\program files\bohemia interactive\arma 2\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe |

"TCP Query User{511AB1F0-D3FC-45D9-B189-BC81019A911A}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"TCP Query User{773FE939-4DE5-46E4-8CBE-8685951BD251}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"TCP Query User{853D00B6-6BC6-448E-8BBF-79CD5F43A958}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |

"TCP Query User{A4141BF0-E853-4858-A4D0-BD5CD6257A7E}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |

"UDP Query User{09BAA13A-371B-459A-8A53-7C619A458A4B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"UDP Query User{1EF7AD0B-51A8-4ECD-B7CB-A4C9887AA469}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |

"UDP Query User{5FE89D3D-27EA-492A-A7CE-E9256A9F6863}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"UDP Query User{62A15E89-F256-4B64-95BD-96360A9B9ADA}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe |

"UDP Query User{8537DC2D-D031-40D9-A46A-3A796DFDCDF2}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |

"UDP Query User{99863786-F7E0-4829-9A24-E2694F540EC5}C:\users\tony\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\roaming\spotify\spotify.exe |

"UDP Query User{F1CAD4CA-A5B1-4447-8522-9664F4BA11FD}C:\program files\bohemia interactive\arma 2\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)

"{2770B8D8-701A-1D22-635F-8711DFC06B92}" = ATI Catalyst Install Manager

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables

"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 326.01

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5

"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud

"{EC4F682A-70AE-4924-ABCF-388C37AC4ADC}" = WxDownload Expansion

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.20 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3D7BD974-6769-447A-9991-E617B9C8A396}" = TruckMate Updater

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4

"{556A649F-72D2-4E41-A40C-794E0277AADB}" = System Requirements Lab CYRI

"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64AEB598-E518-4AD0-B02B-99F365B8054C}" = Serif PanoramaPlus Starter Edition

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB

"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari

"{FCC000C1-892D-4AF5-A5B9-BCB5ECB00EB7}" = Snooper Map Downloader

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"ArmA 2" = ArmA 2 Uninstall

"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall

"ASRock IES_is1" = ASRock IES v2.0.83

"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24

"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.76

"AudibleManager" = AudibleManager

"BattlEye for OA" = BattlEye for OA Uninstall

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Removable Disk Manager" = Creative Removable Disk Manager

"Glary Utilities 3" = Glary Utilities PRO 3.9.4

"Glary Utilities_is1" = Glary Utilities Pro 2.55.0.1790

"GoToAssist" = GoToAssist Corporate

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"Intelli-studio" = SAMSUNG Intelli-studio

"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"PDFlite" = PDFlite 0.6

"Spotify" = Spotify

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 107410" = Arma 3 Alpha

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 8930" = Sid Meier's Civilization V

"SysInfo" = Creative System Information

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 16

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 17

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 18

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 19

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 20

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 21

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 22

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 23

 

Error - 10/31/2013 3:59:10 PM | Computer Name = Tony-PC | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 24

 

Error - 11/3/2013 10:12:24 AM | Computer Name = Tony-PC | Source = Microsoft Security Client Setup | ID = 100

Description = HRESULT:0x8004FF0A Description:Security Essentials is still installed

on your computer.. Security Essentials was not removed from your computer. It will

continue to monitor your computer and help protect it from potential threats. Error

code:0x8004FF0A.

 

[ System Events ]

Error - 11/3/2013 10:31:54 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7031

Description = The Themes service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 60000 milliseconds: Restart the

service.

 

Error - 11/3/2013 10:31:54 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Management Instrumentation service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

120000 milliseconds: Restart the service.

 

Error - 11/3/2013 10:32:54 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Server service, but this action

failed with the following error: %%1056

 

Error - 11/3/2013 10:33:54 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Multimedia Class Scheduler

service, but this action failed with the following error: %%1056

 

Error - 11/3/2013 10:33:54 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Management Instrumentation

service, but this action failed with the following error: %%1056

 

Error - 11/3/2013 10:34:52 AM | Computer Name = Tony-PC | Source = nvlddmkm | ID = 11141134

Description =

 

Error - 11/3/2013 10:44:19 AM | Computer Name = Tony-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 11/3/2013 10:44:31 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Group

Policy Client service to connect.

 

Error - 11/3/2013 10:44:31 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000

Description = The Group Policy Client service failed to start due to the following

error: %%1053

 

Error - 11/3/2013 10:44:35 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000

Description = The SecureUpdate service failed to start due to the following error:

%%2

 

 

< End of report >

Starbuck Newbie

Starbuck

Posted
Posted

Hi Dopey

 

I've been back and compared both sets of OTL reports.

From the earlier report ( which had the custom scans run) it's obvious that you over use Msconfig.

This is a diagnostic tool and isn't meant to stop programs from running on a permanent basis.

Using it like you have been, will cause problems.

Your system will be optimized to run with a Normal Startup not a Selective Startup.

MSSE free is an on demand scanner.... so have no idea why that has been stopped..... it serves no purpose at all

 

  Quote
Error - 11/3/2013 10:12:24 AM | Computer Name = Tony-PC | Source = Microsoft Security Client Setup | ID = 100

Description = HRESULT:0x8004FF0A Description:Security Essentials is still installed

on your computer.. Security Essentials was not removed from your computer. It will

continue to monitor your computer and help protect it from potential threats. Error

code:0x8004FF0A.

This error is more than likely caused by the fact that MSSE has been stopped by way of Msconfig and you are trying to run it.

It can't find part of it's program.

I suggest you re-enable Microsoft Security Essentials from within MsConfig or you will have more problems later as it won't update properly.

 

If you disable a program using Msconfig and then later uninstall the program..... those entries will still show in Msconfig.

So you won't get a proper uninstall.

 

  Quote
I know you guys dont like Glary Utilitys and things like that, but its easy for me to find stuff on there that I dont know where to look for on the puter

That's right, so we will have to agree to disagree on that one. (Looking at the list of what it can do.... most of that can be done from Win7 anyway)

As for finding things..... Win7 has an excellent search facility.

 

One question though...

It seems that there are tasks set:

 

  Quote
2013-11-03 c:\windows\Tasks\GlaryInitialize 3.job

- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-09 01:43]

.

2013-11-03 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-11-07 14:39]

.

2013-10-21 c:\windows\Tasks\GlaryOneClickOptimizer 3.job

- c:\program files (x86)\Glary Utilities 3\OneClickMaintenance.exe [2013-10-09 01:44]

What tasks are set?

I see references to bootdefrag in the reports.... have you set this?

I doubt that Win7 would ever need a bootdefrag.

WinXP woud have probably needed one, once a year or so...... But Win7 is different, it hardly needs any type of defrag.

 

As for Google Chrome.... there are only 2 registry entries showing in the report which will cause no problems at all.

 

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section at the bottom of the fix)

:otl
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = {4F573494-8192-458C-BB96-15B6C09FA9E2}
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.229\SSScheduler.exe - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Syrius Truck Mate Updater.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Syrius Updater Commercial.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda W54P.lnk - - File not found
MsConfig:64bit - StartUpReg: Advanced SystemCare Ultimate - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IObit Malware Fighter - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
[2013/10/19 22:42:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/10/17 15:32:08 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/08/12 23:54:29 | 000,000,165 | ---- | C] () -- C:\ProgramData\nvbgswnaaokwuhnhwkk.reg

:Files
C:\Users\Tony\AppData\Roaming\AVG
C:\Users\Tony\AppData\Roaming\AVG2014
C:\Users\Tony\AppData\Roaming\Azureus
C:\Users\Tony\AppData\Roaming\IObit
C:\Users\Tony\AppData\Local\Google
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 45 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 45".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on downloaded icon to install the newest version.

 

 

 

Step 3

After removing a lot of PuP programs sometimes they can leave scars within the browsers.

It may be a good idea to reset them:

 

To Reset Firefox

  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.

Note:

After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.

If you don't need this folder any longer, you should delete it as it contains sensitive information.

 

To reset IE

  • Close any Internet Explorer or Windows Explorer windows that are currently open.
  • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
  • Click the Tools button, and then click Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
  • In the Reset Internet Explorer Settings dialog box, click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK.
  • Close Internet Explorer.
  • Your changes will take effect the next time you open Internet Explorer.

 

 

In your next reply, please submit:

Otl fix report

 

Any improvement now?

 

 

Thanks.

Member of:

UNITE

Dopey Newbie

Dopey

Posted
  • Author
Posted

The reason MSSE was closed was I was told to close it, when I ran the software... ok I wont mess with misconfig any more lol doing the other bits now

 

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Advanced SystemCare Ultimate\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Google Update\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IObit Malware Fighter\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MobileDocuments\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found.

C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} folder moved successfully.

C:\asc_rdflag moved successfully.

C:\ProgramData\nvbgswnaaokwuhnhwkk.reg moved successfully.

========== FILES ==========

C:\Users\Tony\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully.

C:\Users\Tony\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully.

C:\Users\Tony\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully.

C:\Users\Tony\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully.

C:\Users\Tony\AppData\Roaming\AVG\AWL2012 folder moved successfully.

C:\Users\Tony\AppData\Roaming\AVG folder moved successfully.

File\Folder C:\Users\Tony\AppData\Roaming\AVG2014 not found.

C:\Users\Tony\AppData\Roaming\Azureus\*******s folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\tmp folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\shares folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\rss folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\plugins folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\net folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\logs folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\dht folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\devices folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus\active folder moved successfully.

C:\Users\Tony\AppData\Roaming\Azureus folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Driver Booster folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\DiskCheck folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\ClonedFilesScanner folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Startup Manager folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\SmartRAM folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\SecurityHoles folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\EmptyFolder folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Driver Manager\DriverBackup folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Driver Manager folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\DiskCheck folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Disk Cleaner folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.

C:\Users\Tony\AppData\Roaming\IObit folder moved successfully.

C:\Users\Tony\AppData\Local\Google\CrashReports folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\img folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\zh_TW folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\zh_CN folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\vi folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\uk folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\tr folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\th folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\te folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ta folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sw folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sv folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sr folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sl folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sk folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ru folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ro folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\pt_PT folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\pt_BR folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\pl folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\no folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\nl folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ms folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\lv folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\lt folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ko folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\kn folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ja folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\it folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\id folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\hu folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\hr folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\hi folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\he folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\gu folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fr folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fil folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fi folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fa folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\et folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\es_419 folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\es folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\en_GB folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\en-US folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\en folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\el folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\de folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\da folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\cs folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ca folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\bn folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\bg folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ar folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\dll folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\css folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\cache folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\background folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0 folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome\User Data folder moved successfully.

C:\Users\Tony\AppData\Local\Google\Chrome folder moved successfully.

C:\Users\Tony\AppData\Local\Google folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Tony\Downloads\cmd.bat deleted successfully.

C:\Users\Tony\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Alan

->Temp folder emptied: 6226 bytes

->Temporary Internet Files folder emptied: 5292405 bytes

->Java cache emptied: 622866 bytes

->FireFox cache emptied: 11850139 bytes

->Flash cache emptied: 8431879 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Tony

->Temp folder emptied: 18369190 bytes

->Temporary Internet Files folder emptied: 49834 bytes

->Java cache emptied: 5970811 bytes

->FireFox cache emptied: 140142024 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 5676 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 2843 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 11642 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes

RecycleBin emptied: 13573526 bytes

 

Total Files Cleaned = 195.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 11052013_181248

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File move failed. C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Dopey Newbie

Dopey

Posted
  • Author
Posted
The OTL screen keeps popping up when I walk away from the puter after about 10 mins, is there any way to get rid of it??? so far... its ok not freezing up
Starbuck Newbie

Starbuck

Posted
Posted
  Quote
The OTL screen keeps popping up when I walk away from the puter after about 10 mins, is there any way to get rid of it???

Very strange.

Did the system reboot after running the fix?

Did you close Otl down after the fix report came up ( after the reboot)?

Member of:

UNITE

Dopey Newbie

Dopey

Posted
  • Author
Posted
Ok the OTL seems to be sorted out now, and with your help (well a lot of your help lol) seems to be running ok now... strange thing is, when I came back on to the computer, chrome was loaded on to the computer!!!! a big thanks to you for your help m8, I was lost and didn't know what to do untill you helped me out!!
Starbuck Newbie

Starbuck

Posted
Posted
  Quote
strange thing is, when I came back on to the computer, chrome was loaded on to the computer!!!!

Have you installed any new programs?

Some programs will try to add Google Chrome during the install.

Google must be getting really desperate.

 

  Quote
a big thanks to you for your help m8

Thank you.

I'm just glad i could help.

 

Give the system a day or two to settle down.

If everything is still ok after that time, let me know and we'll clear off the programs we've used and we'll finish the cleaning procedure.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...