Slumdog Posted May 2, 2014 Author Posted May 2, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014 Ran by garysmithafc at 2014-05-02 17:15:52 Run:1 Running from C:\Users\garysmithafc\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.as...rchTerms}&SSPV= SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?cl...4-D369965D2873 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F...r&d=2013-09-20 17:43:05&v=17.1.2.1&pid=avg&sg=12&sap=dsp&q={searchTerms} SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispa...d=80150&lng=en Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\gcsw f32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Unity Player) - C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-08-22] CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd11.crx [2013-08-22] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-04-16 19:00 - 2014-04-16 19:00 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{4814328A-E127-4274-AA2E-2B8AB3CB73CD} 2014-04-12 21:31 - 2014-04-12 21:31 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{38536DEA-5E6B-48DC-8818-A5C09B2E3CFC} 2014-04-12 21:31 - 2014-04-12 21:31 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{1C1D8C40-58D0-42CA-93EC-0929B733480E} 2014-04-11 18:41 - 2014-04-11 18:41 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{8E467B96-007C-4B2D-952E-BCA02FEF80EA} 2014-04-11 18:41 - 2014-04-11 18:41 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{20E0BFED-086A-44F9-ACD0-D5746A9B617B} 2014-04-02 13:38 - 2014-04-02 13:38 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{0091C485-1F56-4023-90C4-5D084ACF9D65} 2014-04-02 13:37 - 2014-04-02 13:37 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{4F7DD441-2E42-4ADD-A316-783B5B84DF71} C:\Users\garysmithafc\AppData\Local\temp\DseShExt-x86.dll C:\Users\garysmithafc\AppData\Local\temp\lowproc.e xe C:\Users\garysmithafc\AppData\Local\temp\NEventMes sages.dll C:\Users\garysmithafc\AppData\Local\temp\NOSEventM essages.dll C:\Users\garysmithafc\AppData\Local\temp\SDShelEx-win32.dll C:\Users\garysmithafc\AppData\Local\temp\stubhelpe r.dll Task: {0C7C5960-A04D-4815-AC12-494F80B358EA} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: {1C265C4D-07ED-4CC7-9315-4B8840ED96BC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan Task: {1FF20573-A382-4828-B157-C7C51C57CA92} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: {3F348759-CBA4-4CF0-896F-B3A919FF4A16} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe Task: {B7EF6C78-1000-47ED-AD76-FB077470454B} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {C2967FDA-85A2-47C9-82C6-EF4793A695BD} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\ProgramData\TEMP:A2947BEA AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2 MSCONFIG\Services: Norton Internet Security => 2 Reboot: ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully. HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin => Key deleted successfully. C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll not found. HKLM\Software\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => Value deleted successfully. C:\Program Files\Google\Chrome\Application\34.0.1847.131\gcsw f32.dll not found. C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found. C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll not found. C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found. C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll not found. C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found. c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found. HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb => Key deleted successfully. "C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih => Key deleted successfully. "C:\Program Files\OnlineHD.TV\onhd11.crx" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. HKCU\SOFTWARE\Policies\Google => Key deleted successfully. C:\Users\garysmithafc\AppData\Local\{4814328A-E127-4274-AA2E-2B8AB3CB73CD} => Moved successfully. C:\Users\garysmithafc\AppData\Local\{38536DEA-5E6B-48DC-8818-A5C09B2E3CFC} => Moved successfully. C:\Users\garysmithafc\AppData\Local\{1C1D8C40-58D0-42CA-93EC-0929B733480E} => Moved successfully. C:\Users\garysmithafc\AppData\Local\{8E467B96-007C-4B2D-952E-BCA02FEF80EA} => Moved successfully. C:\Users\garysmithafc\AppData\Local\{20E0BFED-086A-44F9-ACD0-D5746A9B617B} => Moved successfully. C:\Users\garysmithafc\AppData\Local\{0091C485-1F56-4023-90C4-5D084ACF9D65} => Moved successfully. C:\Users\garysmithafc\AppData\Local\{4F7DD441-2E42-4ADD-A316-783B5B84DF71} => Moved successfully. C:\Users\garysmithafc\AppData\Local\temp\DseShExt-x86.dll => Moved successfully. "C:\Users\garysmithafc\AppData\Local\temp\lowproc.e xe" => File/Directory not found. "C:\Users\garysmithafc\AppData\Local\temp\NEventMes sages.dll" => File/Directory not found. "C:\Users\garysmithafc\AppData\Local\temp\NOSEventM essages.dll" => File/Directory not found. C:\Users\garysmithafc\AppData\Local\temp\SDShelEx-win32.dll => Moved successfully. "C:\Users\garysmithafc\AppData\Local\temp\stubhelpe r.dll" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C7C5960-A04D-4815-AC12-494F80B358EA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C7C5960-A04D-4815-AC12-494F80B358EA} => Key deleted successfully. C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 Startup Task => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C265C4D-07ED-4CC7-9315-4B8840ED96BC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C265C4D-07ED-4CC7-9315-4B8840ED96BC} => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FF20573-A382-4828-B157-C7C51C57CA92} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF20573-A382-4828-B157-C7C51C57CA92} => Key deleted successfully. C:\Windows\System32\Tasks\ParetoLogic Update Version3 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F348759-CBA4-4CF0-896F-B3A919FF4A16} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F348759-CBA4-4CF0-896F-B3A919FF4A16} => Key deleted successfully. C:\Windows\System32\Tasks\RegCure Pro => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7EF6C78-1000-47ED-AD76-FB077470454B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7EF6C78-1000-47ED-AD76-FB077470454B} => Key deleted successfully. C:\Windows\System32\Tasks\ParetoLogic Registration3 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2967FDA-85A2-47C9-82C6-EF4793A695BD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2967FDA-85A2-47C9-82C6-EF4793A695BD} => Key deleted successfully. C:\Windows\System32\Tasks\REGSERVO => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGSERVO => Key deleted successfully. C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully. C:\ProgramData\TEMP => ":A2947BEA" ADS removed successfully. "AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2" => "AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2" ADS not found. The system needed a reboot. ==== End of Fixlog ==== Quote
Slumdog Posted May 2, 2014 Author Posted May 2, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x86 Ran by garysmithafc on 02/05/2014 at 19:07:48.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] hshld Successfully deleted: [service] hshld Successfully stopped: [service] hsstrayservice Successfully deleted: [service] hsstrayservice Failed to stop: [service] hsswd ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bandoocore.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\shoppingreport2 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bandoo Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclick Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclickmg Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} ~~~ Files Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll" ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\hotspot shield" Failed to delete: [Folder] "C:\ProgramData\application data\hotspot shield" Successfully deleted: [Folder] "C:\Users\garysmithafc\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\garysmithafc\AppData\Roaming\getrighttogo" Successfully deleted: [Folder] "C:\Users\garysmithafc\AppData\Roaming\hotspot shield" Successfully deleted: [Folder] "C:\Users\garysmithafc\appdata\locallow\babylontoolbar" Successfully deleted: [Folder] "C:\Users\garysmithafc\appdata\locallow\shoppingreport2" Successfully deleted: [Folder] "C:\Users\garysmithafc\Local Settings\Application Data\ilivid" Successfully deleted: [Folder] "C:\Users\garysmithafc\Local Settings\Application Data\ilivid player" Successfully deleted: [Folder] "C:\Program Files\babylon" Successfully deleted: [Folder] "C:\Program Files\bandoo" Successfully deleted: [Folder] "C:\Program Files\hotspot shield" Successfully deleted: [Folder] "C:\Program Files\ilivid" Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{05D40405-902F-4CEF-ABD9-156210583D18} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{0673FC45-E4A3-46A6-90CF-97ADF4701402} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{0918556A-F439-4A35-9DB4-1058721013AB} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{09911691-2B6B-4052-A24D-795C1DD82A78} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{0D4A344A-D47A-44BF-99D8-25391D355848} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{0E16B0D3-F096-4087-9B74-5B3923F1142F} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{0F690325-5493-4E59-A201-753FD6544C72} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{12FBA4A0-60B5-45FD-B3EE-457E7763E096} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{13074229-E558-47DB-A3FB-F30110D0FFB5} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{13CFB09E-6E94-4C24-814C-5BEAE0F1B8BF} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{150E1E24-619B-41E2-89F8-8BE5AE1B2F20} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{16A073B3-51CD-4B16-8766-31894A037C22} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{1892032D-533A-4A76-8FAC-E2733CA88BD2} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{198792DA-989D-4DDF-A4B1-A739D42FACF0} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{1BFB5328-6727-478E-8879-2AAB797A6D89} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{1C67643C-6C2E-4A38-89D8-E9E98F9B960D} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{1CE53D65-643C-4C18-A77E-6F4830656B3A} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{1D9EAFE7-231A-4326-9D12-EB981F112DFF} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{1E943D31-7867-49C0-BFDE-71BB01DDD4CC} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{2153B674-DBC1-4B90-B5DD-D27D491D9F98} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{217A545A-26F5-4A34-8B00-A03AD710FA59} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{24C55F8C-C0E3-4B47-8088-59115C5DA1F4} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{257A0488-0E8D-47A8-970B-E4BA88AA407C} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{25A5E34D-2003-4FDA-9F16-C1EDDD224E90} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{2CBA2780-2885-4431-9EED-1E28ABA278C5} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3570F2CA-98A3-4DA8-B204-894BD51E8B66} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{37477A39-B485-44F6-A942-6322F605A060} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3763B55F-24C0-4A0D-A4E6-EEA8AD6C9169} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{37BD6D6B-B4F7-420A-AB25-0FC45309D948} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{37EED5BB-9054-4254-996D-085526E33D26} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{390C8760-C0E0-4488-A0CD-E18F7DEDD530} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3B20B416-853B-4EA2-B620-6CF069B945D9} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3C2DDDBA-F508-4C9A-8C68-918969824AE4} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3D012C40-CD89-4FC1-9472-8844CDC321A1} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3D84D32F-DB2C-4F28-8897-64C0AEDEC4EE} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3DB8FA85-3C63-41E3-BFB5-DF2354DD8196} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3ECF2F4A-9C3E-4635-A626-9D2A00CDB2CD} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3F149C31-E833-4F87-A42E-D3576DACDC16} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{3FA4BEAA-DFD2-4FC4-80F2-7C9B78BD2838} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{401BF687-E5AF-41E6-A889-73C641E68A1A} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{441292F7-9CEF-4470-945A-F22E17357335} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{4643BEFA-9988-4074-8298-D7BFDD7E03CD} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{4A0697C0-2FBE-411D-B9E1-1DE3FAB18E30} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{4A217D04-C2F4-4CFD-8CB5-9E1E44E3FE3D} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{4A30470B-921E-4156-A121-4AB68572361E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{51638CF2-2432-4E08-85AD-1601E39C378C} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{531BDAFD-6DF2-4D8F-BAC5-117FC497429D} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{5651BB59-0AED-4BD1-ADC7-8E68CD00C157} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{57406ABF-E70D-4C26-B173-BEBE49C38A13} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{5A91B023-226D-4DCE-92EE-1817880C943B} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{5AD6761E-60A8-475C-AF35-DD70A1BF2C6E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{5DCF6362-5F8A-4BB9-8538-F9E62B3CB6AF} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{5EEB1DA9-E9EC-4D5B-ADE6-CC85968E0C7D} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{606C4D54-820D-4F1D-A0DC-686E149111AA} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{640742EF-32D6-4E80-9EF0-AC8DDCA58D09} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{64523CF8-7C99-43A5-B5B5-31DDC3704480} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{697DFEF5-0CA8-438F-A5CF-33B36726810F} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{69A20CAE-93FE-4582-BB48-EE2C80D781F2} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{6DBDA051-FEA1-4999-A692-A10B82E9E360} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{713D8826-6077-4608-80C3-C2E36A53CD98} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{72EA6B6D-4534-43AA-B304-59BE68630A5E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{768D748A-2779-4A1E-9C52-B8674DB15E69} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{7AE8897C-44A2-41B8-9109-3675EA132604} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{7BDC241F-74B3-4257-A798-D986F2E2C01B} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{83CC6594-5970-4A26-AE68-290BEB7F6F04} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{8422745A-84E5-43CB-80F2-A1A75E33CE36} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{8542E155-9212-4263-A616-84E705633BF2} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{86D8354B-8C24-44BD-9760-52E8822EA22F} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{8D78F22F-0BE8-4425-902C-4359BCE58381} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{8E66A3FB-D391-4381-8492-03C0A77538C3} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{90023734-CE48-4C38-ADB7-FF3B3FBFD04D} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{917FE02B-5504-457A-9E52-4F9A11E9AE46} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{9E1CDDD2-7442-433E-9397-7E0CC336DF57} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{9F861F29-2772-46D7-A682-3A8162C795C2} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{A5C143D6-B295-44C3-81F8-650EE595DD83} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{A770A30F-9E93-4B65-A877-0116AC02A913} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{A7A4F59A-EE84-4C3D-AE3F-F299CB9B10C2} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{A7BBA377-BD37-4AB1-9BDB-2669549784D3} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{A998C574-474B-4BAF-838E-FF0A74D68E14} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{ABE1048B-8C96-4894-B0E7-42D9EA8707AA} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{AED51D99-2AE6-402D-8E60-3E83B30E0B51} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{AF7F23F6-3133-4D8A-BF4F-F2DC860949D5} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{AFE77BC5-B115-482B-A967-A42050AE2392} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B289DAAB-4E14-4501-8200-E0C873396F6E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B3D966FA-F706-4764-969C-03046E136ABB} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B4271E3F-91B8-4F1F-B9E8-63844B36D0C6} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B53EF24E-F8EF-477B-89B3-1BE87A986CDF} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B59F71E4-FCDB-4B1F-B5FE-501F97229851} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B6013CBF-C503-43DA-B165-45B2D949BCAA} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{B712D201-03CD-4698-9C59-6CAFFC201BEB} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{BAD8E0B7-F74E-49D2-BCE4-380EBB4A4FF3} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{BBF9E022-A242-46E1-8130-3A7D52F4E349} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{BFEC90E9-6C47-4036-A9C7-F74970CC695A} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{C0D597BE-E14E-4737-BB3F-DC12A64A82F0} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{C175FBDB-6DB2-48C5-9975-FEAC501B59C0} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{C738F8CD-7281-45DD-AF10-F546940AF035} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{CEE0A5B0-A40C-4CF0-BA8D-97C089E28F59} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{D305BB17-DF46-4E11-BCDA-7700482683FE} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{D64EBBB1-E2EE-4EF1-BBE7-365B07D7C641} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{D9416396-2163-4309-8EBA-3364D2672A6F} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{DA2DE2CF-4BC2-4462-B0F1-6CCD3A01D91E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{DB29684C-0FBA-45D6-A5A6-64A991AE8C25} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{DB75E123-9FC3-4ED3-B8F8-418495C26CB0} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{DC05D03A-146A-414E-8D1A-27EF65B025D6} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{E1AA7536-10DE-4A66-B2C3-20E3E4D0F33D} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{E212D3F1-774E-4625-9C2A-177526C2C240} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{E3AE80AD-839B-4119-B229-AB5BD31CE0EE} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{E844899D-020F-4A37-9CAA-2FD62DC91913} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{E88A84BB-9806-41BD-AFCF-58290EA4D32B} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{E9DA748C-0AB7-431F-924B-6A34A1F9651B} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{EFAB36B3-6929-4C6D-B082-5EC9F6D9999E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F32B9B11-3C51-4271-97EA-D7AB6DFD2C77} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F3E6CE03-D0D1-4B4A-9741-A2F5576E82EE} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F4E56789-7398-4B0F-840D-B51423F1768E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F8F3EBC8-BBEF-4A4F-B4F5-ED92A4FA4A48} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F9176BC3-9AF2-46F5-A91B-0BBE305E9B11} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F96F05C7-D283-46BB-991F-4C8B61E8D42C} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{F97D3382-60F2-418C-BB55-F738D71DF5C9} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{FCA08C61-4BB4-4896-8F86-1A49E889C94E} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{FF0E47DC-A890-4338-A60C-DB402F0ADA3C} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{FF1734D4-2975-4FC5-815A-701A99EFF187} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{FF46219B-237F-47E2-A1C3-D00A0DE3AEEF} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{FF77D57C-8116-43D3-BB45-32BD8D696BFA} Successfully deleted: [Empty Folder] C:\Users\garysmithafc\appdata\local\{FF9E14B8-A559-457B-B3D0-44BFF8114A3D} ~~~ FireFox Successfully deleted: [File] C:\Users\garysmithafc\AppData\Roaming\mozilla\firefox\profiles\w8lqr85o.default\user.js Successfully deleted: [File] C:\Users\garysmithafc\AppData\Roaming\mozilla\firefox\profiles\w8lqr85o.default\invalidprefs.js Successfully deleted the following from C:\Users\garysmithafc\AppData\Roaming\mozilla\firefox\profiles\w8lqr85o.default\prefs.js user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02/05/2014 at 19:11:38.90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quote
ExTS Admin Starbuck Posted May 2, 2014 ExTS Admin Posted May 2, 2014 Hi Slumdog, Before we continue........ How is the boot up and shut down now? Any progress there? Quote Member of:UNITE
Slumdog Posted May 3, 2014 Author Posted May 3, 2014 Hi Starbuck and thanks for your help so far!! Shut down is fine, boot up is very slow. 25 seconds on the microsoft corporation screen with the flashing line, 30 seconds on a black screen. Then, at the log in stage there are two icons; my one which I never used to have to click on and an extra one for 'administrator'. Then once desktop is showing, another minute maybe before I can access internet. So all in all, from starting to actual internet access, appx 2 minutes. Rather slow I think, or is this normal? Quote
ExTS Admin Starbuck Posted May 3, 2014 ExTS Admin Posted May 3, 2014 Hi Slumdog, Then, at the log in stage there are two icons; my one which I never used to have to click on and an extra one for 'administrator'. So yours is the only account on the system? Did you have no password set ..... so that the system booted straight to windows without any actual log in? Did the disc check run when you rebooted the system? (you didn't mention whether it finally ran or not) Quote Member of:UNITE
Slumdog Posted May 3, 2014 Author Posted May 3, 2014 Sorry, yes disc check ran (for about two hours!!). It used to go to my password page, but suddenly I have to choose mine or administrator. I originally couldn't update Nokia Suite, it said I didn't have privileges? So I may have tinkered a little. User accounts now has three accounts. Mine, password protected. Administrator, password protected? And one that says 'guest' which is 'off'. Probably should have mentioned this before? Quote
ExTS Admin Starbuck Posted May 3, 2014 ExTS Admin Posted May 3, 2014 I originally couldn't update Nokia Suite, it said I didn't have privileges? So I may have tinkered a little. Yes, there were errors in the report pointing to Nokia: Error: (05/01/2014 07:19:49 PM) (Source: MsiInstaller) (User: laptop) Description: Product: Nokia Suite -- Error 1326. Error getting file security: C:\ProgramData\Nokia\ GetLastError: 5 Error: (05/01/2014 07:11:25 PM) (Source: MsiInstaller) (User: laptop) Description: Product: Nokia Suite -- Error 1326. Error getting file security: C:\ProgramData\Nokia\ GetLastError: 5 Error: (05/01/2014 07:04:58 PM) (Source: Application Error) (User: ) Description: Faulting application nokia_pc_suite_en.exe, version 0.0.0.0, time stamp 0x2a425e19, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0x0eedfade, fault offset 0x0003fc16, process id 0x2d1c, application start time 0xnokia_pc_suite_en.exe0. Error: (05/01/2014 07:19:49 PM) (Source: MsiInstaller)(User: laptop) Description: Product: Nokia Suite -- Error 1326. Error getting file security: C:\ProgramData\Nokia\ GetLastError: 5(NULL)(NULL)(NULL)(NULL) Error: (05/01/2014 07:11:25 PM) (Source: MsiInstaller)(User: laptop) Description: Product: Nokia Suite -- Error 1326. Error getting file security: C:\ProgramData\Nokia\ GetLastError: 5(NULL)(NULL)(NULL)(NULL) Error: (05/01/2014 07:04:58 PM) (Source: Application Error)(User: ) Description: nokia_pc_suite_en.exe0.0.0.02a425e19kernel32.dll6. 0.6002.187045065ccb60eedfade0003fc162d1c01cf6567d5 393574 I also noticed that Nokia has been stopped from running: MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray I would suggest reversing the MsConfig entry to start and then uninstalling Nokia Suite and installing a fresh copy. User accounts now has three accounts. Mine, password protected. Administrator, password protected? And one that says 'guest' which is 'off'. We can sort that fairly easily for you later. I want to see if we can pinpoint the problem with the startup slowness. Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. It won't produce a report, but it will tell you on the screen how much in Mb has been removed. Let me know this. Step 2 Hold down the Windows key on your keyboard and press the R key. With the Run dialogue window open, type in msconfig and click the OK button. You should now be looking at the System Configuration window. Click on the Services tab. On the Services tab, youll notice a long list of services available on your PC First, check the box labeled Hide All Microsoft Services. <<<<<<<<<<< Important Next, click the Disable All button By performing these two steps, you have effectively turned off all services from third-party software developers. All Microsoft services remain intact and will be ready to load when you reboot Windows. Finally, click the OK button and reboot the system When you reboot, you may get messages that certain hardware and software are not unavailable. This is normal. Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC. Remember, running Windows like this is just temporary. We need to clarify if the system boots up a lot quicker this way. If it does, then the slowness would seem to be due to a third party program. To restore Windows to a normal start up functionality: Start the System Configuration Utility again (MSCONFIG) On the "General" tab: Click to select "Normal Startup" Click "OK" Choose the "Exit with Restart" option to restart your computer. Quote Member of:UNITE
Slumdog Posted May 3, 2014 Author Posted May 3, 2014 I was told to uninstall Nokia suite by someone in a nokia forum and then try to re-install it, which I cannot do for the same reasons. I can save my photos etc from my phone to windows live gallery, so that is not a big problem. I have tried to run TFC but it keeps stalling and says not responding. It deleted 750bytes then stopped. I haven't proceeded any further until I hear from you regarding this. Quote
ExTS Admin Starbuck Posted May 3, 2014 ExTS Admin Posted May 3, 2014 Hi Slumdog, I was told to uninstall Nokia suite by someone in a nokia forum and then try to re-install it, which I cannot do for the same reasons. The last FRST report shows these entries in the uninstall list: MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Suite (Version: 3.8.30.0 - Nokia) Hidden Maybe we need to look into this. I have tried to run TFC but it keeps stalling and says not responding. It deleted 750bytes then stopped. Ok, try this.......... Uninstall MalwareBytes Antimalware and then try running TFC again. There was a conflict problem with the old version of MBAM and TFC, maybe they haven't sorted this out yet. MBAM can always be reinstalled once TFC has been run. Please run another scan with FRST Make sure that Addition.txt is selected at the bottom Press Scan button. Please let me have the 2 new reports. Thanks Quote Member of:UNITE
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 Uninstalled Mbam, tfc still doesn't work. Should I continue with FRST? Quote
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014 Ran by garysmithafc at 2014-05-04 01:20:05 Running from C:\Users\garysmithafc\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - ) Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - ) Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies) AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Convert MP4 to MP3 1.5 (HKLM\...\{5067397A-2935-4290-AE14-1BE2863B00A3}_is1) (Version: - ConvertMP4toMP3.com) Cooliris for Internet Explorer (HKLM\...\{9F9BE2A8-2FA2-438E-934B-6F237B641167}) (Version: 1.12.0.33689 - Cooliris Inc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell) Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.) Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08100 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric) Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - ) Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - ) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.) EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - ) EPSON Copy Utility (HKLM\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - ) EPSON Photo Print (HKLM\...\EPSON Photo Print) (Version: - ) EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - ) EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.) File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools) Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Desktop (HKLM\...\Google Desktop) (Version: - - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden iCopyExpert 3.1.2 (HKLM\...\iCopyExpert_is1) (Version: - iCopyExpert.com) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) iRip (HKLM\...\{7662F66F-ED2D-4CB8-9E4D-5DD11CBF7D70}) (Version: 1.0.1.25 - The Little App Factory, LLC.) iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - ) Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.) Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.) MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 24.0 (x86 en-US) (HKLM\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla) MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenAL (HKLM\...\OpenAL) (Version: - ) OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - ) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden T-Mobile Internet Manager (HKLM\...\T-Mobile Internet Manager) (Version: 11.301.05.06.105 - Huawei Technologies Co.,Ltd) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell) Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Restore Points ========================= 13-04-2014 02:00:18 Windows Update 13-04-2014 17:46:56 Installed AVG PC TuneUp 2014 13-04-2014 20:45:26 Installed AVG 2014 13-04-2014 20:48:09 Installed AVG 2014 13-04-2014 21:33:27 Windows Update 13-04-2014 21:42:47 Windows Update 13-04-2014 21:44:06 Windows Update 13-04-2014 22:23:31 Windows Update 13-04-2014 22:34:57 Restore Point before Microsoft Silverlight was removed using Program Install and Uninstall troubleshooter 13-04-2014 22:35:59 Microsoft Silverlight 21-04-2014 09:06:03 Installed Java 7 Update 55 23-04-2014 14:48:53 Device Driver Package Install: Nokia Wireless Communication Devices 23-04-2014 14:49:33 Device Driver Package Install: Nokia Network adapters 23-04-2014 14:52:51 Device Driver Package Install: Nokia Wireless Communication Devices 23-04-2014 14:53:13 Device Driver Package Install: Nokia Network adapters 24-04-2014 11:12:02 Windows Update 24-04-2014 11:13:09 Windows Update 25-04-2014 23:45:42 Device Driver Package Install: Nokia Wireless Communication Devices 25-04-2014 23:46:35 Device Driver Package Install: Nokia Network adapters 28-04-2014 12:57:18 Installed AVG 2014 28-04-2014 12:58:12 Installed AVG 2014 29-04-2014 09:39:18 Removed AVG PC TuneUp 2014 29-04-2014 09:40:52 Removed AVG PC TuneUp 2014 (en-US) 30-04-2014 11:02:46 Device Driver Package Install: Nokia Wireless Communication Devices 30-04-2014 11:03:28 Device Driver Package Install: Nokia Network adapters 30-04-2014 22:35:56 Revo Uninstaller Pro's restore point - Nokia Suite 30-04-2014 22:44:23 Revo Uninstaller Pro's restore point - Nokia Suite 30-04-2014 22:50:18 Revo Uninstaller Pro's restore point - Nokia Suite 30-04-2014 22:53:37 Removed Nokia Connectivity Cable Driver 30-04-2014 22:56:57 Device Driver Package Install: Nokia Wireless Communication Devices 30-04-2014 22:57:37 Device Driver Package Install: Nokia Network adapters 30-04-2014 23:35:59 Device Driver Package Install: Nokia Wireless Communication Devices 30-04-2014 23:36:59 Device Driver Package Install: Nokia Network adapters 01-05-2014 08:57:05 Windows Modules Installer 01-05-2014 19:20:05 Windows Update 01-05-2014 23:59:34 Windows Backup 02-05-2014 08:23:41 Windows Update 03-05-2014 12:06:42 Windows Update ==================== Hosts content: ========================== 2006-11-02 11:23 - 2013-08-10 21:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D42FA32-E8DF-4AAE-A272-76A1FB4A5B11} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-09] () Task: {0DF2DCD1-4F52-48EB-B05B-0CFCE7EE257E} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {1C754BA7-581B-4684-8D5B-0E067BDE680C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1FB6B2AF-AC36-45D6-AF24-5CB271BE0560} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {32E8ED82-068E-4E2B-BFBC-FE3C3A87C098} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {37C90D7E-336C-4655-B30D-D7E896F1B540} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {517C71D8-0E6E-4DA4-9E6A-29CD7511C23E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {54C95D41-DE3B-4030-B8B5-BD3B45D5317E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {5DE3985F-5F35-4DCD-B3A8-57DB502689C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.) Task: {6A601C19-A9EC-4E5C-8A2B-C95D2F553A36} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {8CE03844-C0E6-4D8A-954C-F5B4B5FE2BC5} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7f0041000920 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.) Task: {9B1F79B3-BF8A-4B12-884B-9D161FD6B9D4} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe [2014-04-25] (RealNetworks, Inc.) Task: {9F5364CE-EE72-4AB7-AF19-7774415C2E26} - System32\Tasks\Microsoft\Windows\RestartManager\{1361AA97-F071-424e-89B6-6FCD79DEF9A2} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {A754F5D6-B2F4-4500-A164-6D2355893F77} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4e4a2a673282 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.) Task: {A9F9F5CD-C92A-4EB7-8B41-FC484FCB9412} - System32\Tasks\Microsoft\Windows\RestartManager\{6B7CC817-BFB9-4aae-A0B7-227C28CAE080} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {B190A185-8A9F-46B5-9780-AE87D0FAD903} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {CD8715E8-7223-4BD0-9995-ED447AE87B71} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7958c2f247c0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.) Task: {D4B4AFD4-2CCA-4505-92F3-077277BA72FE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {D8137202-A734-4DE0-958D-2AB8C83F5267} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4d96b753a090 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.) Task: {DFA40750-3F23-40B7-8DFC-77803002F051} - System32\Tasks\0214dUpdateInfo => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [2014-03-24] () Task: {E075E658-F648-4369-9493-B7B5885BD6FD} - System32\Tasks\GoogleUpdateTaskMachineCore1cec426df14aab0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F3EEEEB4-D3BE-4F1D-ABA1-AF608AEA4FFE} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe Task: {F4171F71-BF20-40E1-975B-CA3357FA1846} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3510410515-3114074607-2372607737-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4e4a2a673282.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-07-24 20:10 - 2008-05-16 13:17 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE 2008-07-24 20:10 - 2008-05-16 13:16 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-04-14 01:13 - 2012-11-09 05:02 - 01752576 _____ () C:\Program Files\File Shredder\fsshell.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: Norton Internet Security => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\garysmithafc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" MSCONFIG\startupreg: HW_OPENEYE_OUC_T-Mobile Internet Manager => "C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2014 01:13:20 AM) (Source: LoadPerf) (User: ) Description: WmiApRplWmiApRpl8 Error: (05/04/2014 01:13:20 AM) (Source: LoadPerf) (User: ) Description: Performance16 Error: (05/04/2014 01:06:26 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 01:04:33 AM) (Source: Application Hang) (User: ) Description: The program TFC.exe version 3.1.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1294 Start Time: 01cf672c4db50e47 Termination Time: 0 Error: (05/04/2014 01:02:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 00:59:43 AM) (Source: Application Hang) (User: ) Description: The program TFC.exe version 3.1.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c74 Start Time: 01cf672bb2414025 Termination Time: 0 Error: (05/04/2014 00:10:40 AM) (Source: LoadPerf) (User: ) Description: WmiApRplWmiApRpl8 Error: (05/04/2014 00:10:40 AM) (Source: LoadPerf) (User: ) Description: Performance16 Error: (05/04/2014 00:03:59 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 00:01:50 AM) (Source: Application Hang) (User: ) Description: The program TFC.exe version 3.1.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c68 Start Time: 01cf67230970004b Termination Time: 0 System errors: ============= Error: (05/04/2014 01:07:19 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: BMLoad Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: HWDeviceService.exe%%1053 Error: (05/04/2014 01:06:26 AM) (Source: Service Control Manager) (User: ) Description: 30000HWDeviceService.exe Error: (05/04/2014 01:03:45 AM) (Source: Service Control Manager) (User: ) Description: NVIDIA Display Driver Service1 Error: (05/04/2014 01:02:57 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (05/04/2014 01:13:20 AM) (Source: LoadPerf)(User: ) Description: WmiApRplWmiApRpl8 Error: (05/04/2014 01:13:20 AM) (Source: LoadPerf)(User: ) Description: Performance16 Error: (05/04/2014 01:06:26 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 01:04:33 AM) (Source: Application Hang)(User: ) Description: TFC.exe3.1.9.0129401cf672c4db50e470 Error: (05/04/2014 01:02:07 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 00:59:43 AM) (Source: Application Hang)(User: ) Description: TFC.exe3.1.9.0c7401cf672bb24140250 Error: (05/04/2014 00:10:40 AM) (Source: LoadPerf)(User: ) Description: WmiApRplWmiApRpl8 Error: (05/04/2014 00:10:40 AM) (Source: LoadPerf)(User: ) Description: Performance16 Error: (05/04/2014 00:03:59 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 00:01:50 AM) (Source: Application Hang)(User: ) Description: TFC.exe3.1.9.0c6801cf67230970004b0 CodeIntegrity Errors: =================================== Date: 2014-05-04 01:19:38.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-04 01:19:38.619 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-04 01:19:38.331 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-04 01:19:38.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-03 10:11:43.727 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-03 10:11:43.463 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-03 10:11:43.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-03 10:11:42.891 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-03 10:11:42.372 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-03 10:11:42.105 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 3069.33 MB Available physical RAM: 1553.03 MB Total Pagefile: 6342.92 MB Available Pagefile: 4789.82 MB Total Virtual: 2047.88 MB Available Virtual: 1899.07 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:220.26 GB) (Free:113.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 60000000) Partition 1: (Not Active) - (Size=125 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=220 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended) ==================== End Of Log ============================ Quote
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by garysmithafc (administrator) on LAPTOP on 04-05-2014 01:19:07 Running from C:\Users\garysmithafc\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (IDT, Inc.) C:\Windows\System32\stacsv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16545_none_5897fa7febb6a84b\iexplore.exe (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16545_none_5897fa7febb6a84b\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16545_none_5897fa7febb6a84b\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe [253952 2012-05-26] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-14] (Google Inc.) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {96A9E1EC-B58E-4562-BAE7-F79E71ACEF34} URL = https://www.flickr.com/search/?q=%7BsearchTerms%7D SearchScopes: HKCU - {9BCE324A-85C7-4461-A177-5C43111827FD} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6CF01016-9473-408F-BF3A-FDD1FDDC080A}: [NameServer]8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF Homepage: about:home FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\garysmithafc\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: Microsoft .NET Framework Assistant - C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-30] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-30] FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-04-30] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012-05-26] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Facebook for Desktop) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\beigfmnnhaciohpncoecphcmekklgffh [2013-10-05] CHR Extension: (PartyCloud DJ) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2013-10-05] CHR Extension: (365Scores) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocaejggjgdmkhmbinicknpbhagkblop [2013-10-05] CHR Extension: (avast! Online Security) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-08-08] CHR Extension: (TweetDeck by Twitter) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-10-05] CHR Extension: (InstaTwit) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhalcamddihdpdgdjkjbgikgobnbbpif [2013-07-24] CHR Extension: (Until AM Web App) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2013-10-05] CHR Extension: (Party List Dj (playlist music player)) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbjmlkceipalmoohcalibhlonbbllli [2013-10-05] CHR Extension: (WGT Golf Game) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2013-10-05] CHR Extension: (Google Wallet) - C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation) S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-16] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-09-17] (AnchorFree Inc.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-01-30] (Huawei Technologies Co., Ltd.) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-09-17] (Anchorfree Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S0 BMLoad; system32\drivers\BMLoad.sys [X] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2010-12-24] (Huawei Technologies Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-03 23:24 - 2014-05-03 23:24 - 00448512 _____ (OldTimer Tools) C:\Users\garysmithafc\Desktop\TFC.exe 2014-05-03 17:54 - 2014-05-03 17:54 - 00000314 _____ () C:\Windows\Tasks\0414bUpdateInfo.job 2014-05-03 17:54 - 2014-05-03 17:54 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{64C7CEA9-FAF5-4D4A-9FDC-55D927093FD2} 2014-05-02 20:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-02 20:05 - 2014-05-02 20:07 - 00000000 ____D () C:\AdwCleaner 2014-05-02 20:05 - 2014-05-02 20:05 - 01310621 _____ () C:\Users\garysmithafc\Desktop\AdwCleaner.exe 2014-05-02 19:11 - 2014-05-02 19:11 - 00019342 _____ () C:\Users\garysmithafc\Desktop\JRT.txt 2014-05-02 19:07 - 2014-05-02 19:07 - 00000000 ____D () C:\Windows\ERUNT 2014-05-02 19:06 - 2014-05-02 19:06 - 01016261 _____ (Thisisu) C:\Users\garysmithafc\Desktop\JRT.exe 2014-05-02 19:05 - 2014-05-02 19:05 - 01016261 _____ (Thisisu) C:\Users\garysmithafc\Downloads\JRT.exe 2014-05-02 09:33 - 2014-05-02 09:36 - 00032295 _____ () C:\Users\garysmithafc\Desktop\Addition.txt 2014-05-02 09:32 - 2014-05-04 01:19 - 00018157 _____ () C:\Users\garysmithafc\Desktop\FRST.txt 2014-05-02 09:31 - 2014-05-02 09:31 - 01050624 _____ (Farbar) C:\Users\garysmithafc\Desktop\FRST.exe 2014-05-02 09:24 - 2014-04-29 11:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-02 09:24 - 2014-04-29 11:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-02 00:44 - 2014-05-04 01:19 - 00000000 ____D () C:\FRST 2014-05-01 20:21 - 2014-03-08 00:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-01 20:21 - 2014-03-07 23:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-01 20:21 - 2014-03-07 23:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-01 20:21 - 2014-03-07 23:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-01 20:21 - 2014-03-07 23:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-01 20:21 - 2014-03-07 23:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-01 20:21 - 2014-03-07 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-01 20:20 - 2014-03-08 00:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-01 20:20 - 2014-03-08 00:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-01 20:20 - 2014-03-08 00:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-01 20:20 - 2014-03-08 00:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-01 20:20 - 2014-03-08 00:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-01 20:20 - 2014-03-07 23:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-01 20:20 - 2014-03-07 23:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-01 00:49 - 2014-05-01 00:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2014 2014-05-01 00:08 - 2014-05-01 00:09 - 91665264 _____ () C:\Users\Administrator\Desktop\Nokia_Ovi_Suite_webinstaller_ALL.exe 2014-05-01 00:06 - 2014-05-01 00:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2014 2014-05-01 00:05 - 2014-05-01 00:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2014 2014-04-30 23:34 - 2014-04-30 23:34 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\VS Revo Group 2014-04-30 23:34 - 2014-04-30 23:34 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-04-30 19:51 - 2014-04-30 19:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-29 11:40 - 2014-04-29 11:44 - 00389654 _____ () C:\Users\garysmithafc\Club 2014-04-28 14:00 - 2014-04-28 14:00 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\AVG2014 2014-04-28 13:59 - 2014-04-28 13:59 - 00000804 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-28 13:59 - 2014-04-28 13:59 - 00000804 _____ () C:\ProgramData\Desktop\AVG 2014.lnk 2014-04-28 13:59 - 2014-04-28 13:59 - 00000000 ___HD () C:\$AVG 2014-04-28 13:59 - 2014-04-28 13:59 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-28 13:56 - 2014-05-03 17:54 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-28 13:56 - 2014-04-28 14:30 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\Avg2014 2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\MFAData 2014-04-28 13:39 - 2014-04-28 13:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Real 2014-04-28 13:39 - 2014-04-28 13:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2014-04-28 13:38 - 2014-04-28 13:38 - 00001933 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk 2014-04-28 13:38 - 2014-04-28 13:38 - 00000911 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-28 13:38 - 2014-04-28 13:38 - 00000906 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-28 13:38 - 2014-04-28 13:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Dell 2014-04-28 13:37 - 2014-04-28 13:38 - 00000000 ____D () C:\Users\Guest 2014-04-28 13:37 - 2014-04-28 13:37 - 00067152 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-28 13:37 - 2014-04-28 13:37 - 00000877 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-04-28 13:37 - 2014-04-28 13:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-04-28 13:37 - 2014-04-28 13:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-04-28 13:37 - 2013-09-27 09:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software 2014-04-28 13:37 - 2013-08-08 13:11 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-04-28 13:37 - 2011-05-17 23:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\SoftThinks 2014-04-28 13:37 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-28 13:37 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-26 15:37 - 2014-04-26 15:37 - 08434176 _____ () C:\Users\garysmithafc\Elaine.3gp 2014-04-26 01:23 - 2014-05-03 13:02 - 00004297 _____ () C:\Windows\setupact.log 2014-04-26 01:23 - 2014-04-26 01:23 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-26 01:16 - 2014-04-26 01:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-04-26 01:15 - 2014-04-26 01:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google 2014-04-26 01:15 - 2014-04-26 01:15 - 00001933 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk 2014-04-26 01:14 - 2014-04-26 01:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-04-26 01:02 - 2014-04-26 01:02 - 00067152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-26 01:02 - 2014-04-26 01:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real 2014-04-26 01:02 - 2014-04-26 01:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer 2014-04-26 01:01 - 2014-04-26 01:01 - 00000911 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-26 01:01 - 2014-04-26 01:01 - 00000906 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-26 01:01 - 2014-04-26 01:01 - 00000877 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-04-26 01:01 - 2014-04-26 01:01 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-04-26 01:01 - 2014-04-26 01:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell 2014-04-26 01:01 - 2014-04-26 01:01 - 00000000 ____D () C:\Users\Administrator 2014-04-26 01:01 - 2013-09-27 09:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software 2014-04-26 01:01 - 2013-08-08 13:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-04-26 01:01 - 2011-05-17 23:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SoftThinks 2014-04-26 01:01 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-26 01:01 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-26 00:47 - 2014-04-30 12:04 - 00018346 _____ () C:\Windows\DPINST.LOG 2014-04-25 15:01 - 2014-04-25 15:01 - 00067152 _____ () C:\Users\garysmithafc\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-25 00:26 - 2014-04-25 00:26 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll 2014-04-25 00:26 - 2014-04-25 00:26 - 00001031 _____ () C:\Users\Public\Desktop\RealPlayer.lnk 2014-04-25 00:26 - 2014-04-25 00:26 - 00001031 _____ () C:\ProgramData\Desktop\RealPlayer.lnk 2014-04-25 00:26 - 2014-04-25 00:26 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-25 00:26 - 2014-04-25 00:26 - 00000000 ____D () C:\Program Files\Common Files\xing shared 2014-04-25 00:25 - 2014-04-25 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-25 00:25 - 2014-04-25 00:25 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll 2014-04-25 00:25 - 2014-04-25 00:25 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll 2014-04-25 00:25 - 2014-04-25 00:25 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll 2014-04-24 17:59 - 2014-05-02 22:11 - 00070956 _____ () C:\Windows\PFRO.log 2014-04-24 17:59 - 2014-04-24 17:59 - 00282152 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-21 10:10 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-21 10:10 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-21 10:10 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-21 10:10 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-21 10:07 - 2014-04-21 10:10 - 00004024 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2014-04-16 10:44 - 2014-05-03 10:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-14 23:52 - 2014-04-14 23:52 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job 2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-04-13 23:35 - 2014-04-13 23:35 - 00000000 ____D () C:\MATS 2014-04-13 23:19 - 2014-04-13 23:20 - 00000000 ____D () C:\498ce0fcf4dc88db014a 2014-04-13 23:18 - 2014-04-13 23:21 - 00000000 ____D () C:\8b1bcfd843758430a8a328d0 2014-04-13 18:48 - 2014-04-13 18:48 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\AVG 2014-04-13 18:48 - 2014-04-13 18:48 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\AVG 2014-04-13 18:46 - 2014-04-13 18:56 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-13 18:46 - 2014-04-13 18:54 - 00000000 ____D () C:\ProgramData\AVG 2014-04-09 15:38 - 2014-02-06 02:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll ==================== One Month Modified Files and Folders ======= 2014-05-04 01:19 - 2014-05-02 09:32 - 00018157 _____ () C:\Users\garysmithafc\Desktop\FRST.txt 2014-05-04 01:19 - 2014-05-02 00:44 - 00000000 ____D () C:\FRST 2014-05-04 01:13 - 2006-11-02 11:33 - 00006632 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-04 01:10 - 2008-07-24 20:52 - 01635916 _____ () C:\Windows\WindowsUpdate.log 2014-05-04 01:06 - 2009-11-18 21:02 - 00082200 _____ () C:\ProgramData\nvModes.dat 2014-05-04 01:06 - 2009-11-18 21:02 - 00082200 _____ () C:\ProgramData\nvModes.001 2014-05-04 01:06 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-04 01:06 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-04 01:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-04 01:04 - 2008-07-24 20:53 - 00001076 _____ () C:\Windows\bthservsdp.dat 2014-05-04 01:04 - 2006-11-02 14:01 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-04 01:03 - 2010-04-01 11:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-04 00:43 - 2013-07-26 21:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-03 23:24 - 2014-05-03 23:24 - 00448512 _____ (OldTimer Tools) C:\Users\garysmithafc\Desktop\TFC.exe 2014-05-03 17:54 - 2014-05-03 17:54 - 00000314 _____ () C:\Windows\Tasks\0414bUpdateInfo.job 2014-05-03 17:54 - 2014-05-03 17:54 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-05-03 17:54 - 2014-04-28 13:56 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-03 13:49 - 2010-04-12 17:08 - 00000000 ____D () C:\ProgramData\Nokia 2014-05-03 13:49 - 2009-11-18 20:28 - 00000000 ____D () C:\Program Files\Nokia 2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\{64C7CEA9-FAF5-4D4A-9FDC-55D927093FD2} 2014-05-03 13:02 - 2014-04-26 01:23 - 00004297 _____ () C:\Windows\setupact.log 2014-05-03 12:47 - 2010-07-27 23:41 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\CrashDumps 2014-05-03 10:06 - 2014-04-16 10:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 22:11 - 2014-04-24 17:59 - 00070956 _____ () C:\Windows\PFRO.log 2014-05-02 20:07 - 2014-05-02 20:05 - 00000000 ____D () C:\AdwCleaner 2014-05-02 20:05 - 2014-05-02 20:05 - 01310621 _____ () C:\Users\garysmithafc\Desktop\AdwCleaner.exe 2014-05-02 19:11 - 2014-05-02 19:11 - 00019342 _____ () C:\Users\garysmithafc\Desktop\JRT.txt 2014-05-02 19:08 - 2013-10-15 17:38 - 00000000 ____D () C:\ProgramData\Hotspot Shield 2014-05-02 19:07 - 2014-05-02 19:07 - 00000000 ____D () C:\Windows\ERUNT 2014-05-02 19:06 - 2014-05-02 19:06 - 01016261 _____ (Thisisu) C:\Users\garysmithafc\Desktop\JRT.exe 2014-05-02 19:05 - 2014-05-02 19:05 - 01016261 _____ (Thisisu) C:\Users\garysmithafc\Downloads\JRT.exe 2014-05-02 13:37 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-02 11:03 - 2011-05-14 15:57 - 00000000 ____D () C:\Program Files\Common Files\Nokia 2014-05-02 09:36 - 2014-05-02 09:33 - 00032295 _____ () C:\Users\garysmithafc\Desktop\Addition.txt 2014-05-02 09:31 - 2014-05-02 09:31 - 01050624 _____ (Farbar) C:\Users\garysmithafc\Desktop\FRST.exe 2014-05-01 00:49 - 2014-05-01 00:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2014 2014-05-01 00:37 - 2009-11-18 17:21 - 00000000 ____D () C:\Users\garysmithafc 2014-05-01 00:09 - 2014-05-01 00:08 - 91665264 _____ () C:\Users\Administrator\Desktop\Nokia_Ovi_Suite_webinstaller_ALL.exe 2014-05-01 00:06 - 2014-05-01 00:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2014 2014-05-01 00:05 - 2014-05-01 00:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2014 2014-04-30 23:50 - 2010-04-12 16:56 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\Nokia 2014-04-30 23:34 - 2014-04-30 23:34 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\VS Revo Group 2014-04-30 23:34 - 2014-04-30 23:34 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-04-30 21:29 - 2013-04-11 19:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-30 19:52 - 2014-04-30 19:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-30 12:04 - 2014-04-26 00:47 - 00018346 _____ () C:\Windows\DPINST.LOG 2014-04-29 11:44 - 2014-04-29 11:40 - 00389654 _____ () C:\Users\garysmithafc\Club 2014-04-29 11:28 - 2014-05-02 09:24 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 11:07 - 2014-05-02 09:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 10:40 - 2013-08-12 17:12 - 00000000 ____D () C:\Program Files\AVG 2014-04-28 22:29 - 2013-07-26 21:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-28 22:29 - 2013-07-26 21:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-28 14:30 - 2014-04-28 13:56 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\Avg2014 2014-04-28 14:00 - 2014-04-28 14:00 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\AVG2014 2014-04-28 13:59 - 2014-04-28 13:59 - 00000804 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-28 13:59 - 2014-04-28 13:59 - 00000804 _____ () C:\ProgramData\Desktop\AVG 2014.lnk 2014-04-28 13:59 - 2014-04-28 13:59 - 00000000 ___HD () C:\$AVG 2014-04-28 13:59 - 2014-04-28 13:59 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-28 13:59 - 2013-10-11 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\MFAData 2014-04-28 13:39 - 2014-04-28 13:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Real 2014-04-28 13:39 - 2014-04-28 13:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2014-04-28 13:38 - 2014-04-28 13:38 - 00001933 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk 2014-04-28 13:38 - 2014-04-28 13:38 - 00000911 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-28 13:38 - 2014-04-28 13:38 - 00000906 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-28 13:38 - 2014-04-28 13:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Dell 2014-04-28 13:38 - 2014-04-28 13:37 - 00000000 ____D () C:\Users\Guest 2014-04-28 13:37 - 2014-04-28 13:37 - 00067152 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-28 13:37 - 2014-04-28 13:37 - 00000877 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-04-28 13:37 - 2014-04-28 13:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-04-28 13:37 - 2014-04-28 13:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-04-27 23:43 - 2013-07-28 11:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-26 15:37 - 2014-04-26 15:37 - 08434176 _____ () C:\Users\garysmithafc\Elaine.3gp 2014-04-26 01:23 - 2014-04-26 01:23 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-26 01:16 - 2014-04-26 01:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-04-26 01:16 - 2014-04-26 01:15 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google 2014-04-26 01:15 - 2014-04-26 01:15 - 00001933 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk 2014-04-26 01:15 - 2014-04-26 01:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-04-26 01:02 - 2014-04-26 01:02 - 00067152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-26 01:02 - 2014-04-26 01:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real 2014-04-26 01:02 - 2014-04-26 01:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer 2014-04-26 01:01 - 2014-04-26 01:01 - 00000911 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-26 01:01 - 2014-04-26 01:01 - 00000906 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-26 01:01 - 2014-04-26 01:01 - 00000877 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-04-26 01:01 - 2014-04-26 01:01 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-04-26 01:01 - 2014-04-26 01:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell 2014-04-26 01:01 - 2014-04-26 01:01 - 00000000 ____D () C:\Users\Administrator 2014-04-26 00:50 - 2009-11-18 20:27 - 00000000 ____D () C:\ProgramData\Installations 2014-04-26 00:28 - 2009-11-18 20:34 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\Nokia 2014-04-25 15:01 - 2014-04-25 15:01 - 00067152 _____ () C:\Users\garysmithafc\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-25 10:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help 2014-04-25 00:26 - 2014-04-25 00:26 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll 2014-04-25 00:26 - 2014-04-25 00:26 - 00001031 _____ () C:\Users\Public\Desktop\RealPlayer.lnk 2014-04-25 00:26 - 2014-04-25 00:26 - 00001031 _____ () C:\ProgramData\Desktop\RealPlayer.lnk 2014-04-25 00:26 - 2014-04-25 00:26 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-25 00:26 - 2014-04-25 00:26 - 00000000 ____D () C:\Program Files\Common Files\xing shared 2014-04-25 00:26 - 2014-04-25 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-25 00:26 - 2012-08-28 16:47 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\Real 2014-04-25 00:26 - 2012-08-28 16:47 - 00000000 ____D () C:\Program Files\Real 2014-04-25 00:26 - 2012-08-28 16:45 - 00000000 ____D () C:\ProgramData\Real 2014-04-25 00:25 - 2014-04-25 00:25 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll 2014-04-25 00:25 - 2014-04-25 00:25 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll 2014-04-25 00:25 - 2014-04-25 00:25 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll 2014-04-25 00:25 - 2008-07-24 20:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll 2014-04-25 00:25 - 2008-07-24 20:09 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll 2014-04-24 17:59 - 2014-04-24 17:59 - 00282152 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-24 17:20 - 2013-03-28 13:01 - 00000000 ____D () C:\found.001 2014-04-24 17:20 - 2012-05-30 21:24 - 00000000 ____D () C:\found.000 2014-04-24 17:20 - 2008-02-04 00:07 - 00000000 ____D () C:\Windows\Panther 2014-04-24 17:16 - 2011-04-30 12:26 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-04-23 15:27 - 2009-11-18 17:22 - 00000906 _____ () C:\Users\garysmithafc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-23 15:18 - 2009-11-19 20:11 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\Adobe 2014-04-21 10:10 - 2014-04-21 10:07 - 00004024 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-04-21 10:10 - 2008-07-24 20:05 - 00000000 ____D () C:\Program Files\Java 2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2014-04-16 10:36 - 2011-05-24 16:11 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\Malwarebytes 2014-04-16 10:35 - 2011-05-24 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 10:35 - 2011-05-24 16:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-14 23:52 - 2014-04-14 23:52 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job 2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-04-14 20:13 - 2014-04-21 10:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-04-21 10:10 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-14 20:05 - 2014-04-21 10:10 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-14 20:04 - 2014-04-21 10:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-14 10:28 - 2013-03-29 16:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-14 10:27 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning 2014-04-13 23:40 - 2013-03-29 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-13 23:35 - 2014-04-13 23:35 - 00000000 ____D () C:\MATS 2014-04-13 23:21 - 2014-04-13 23:18 - 00000000 ____D () C:\8b1bcfd843758430a8a328d0 2014-04-13 23:20 - 2014-04-13 23:19 - 00000000 ____D () C:\498ce0fcf4dc88db014a 2014-04-13 18:56 - 2014-04-13 18:46 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-13 18:56 - 2013-08-21 01:21 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2014-04-13 18:56 - 2011-06-16 00:50 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\Sony 2014-04-13 18:56 - 2010-04-01 16:35 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2014-04-13 18:56 - 2009-11-18 20:41 - 00000000 ____D () C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2014-04-13 18:54 - 2014-04-13 18:46 - 00000000 ____D () C:\ProgramData\AVG 2014-04-13 18:48 - 2014-04-13 18:48 - 00000000 ____D () C:\Users\garysmithafc\AppData\Roaming\AVG 2014-04-13 18:48 - 2014-04-13 18:48 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\AVG 2014-04-09 16:02 - 2013-07-13 01:43 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 15:56 - 2006-11-02 11:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\garysmithafc\AppData\Local\temp\lowproc.exe C:\Users\garysmithafc\AppData\Local\temp\NEventMessages.dll C:\Users\garysmithafc\AppData\Local\temp\NOSEventMessages.dll C:\Users\garysmithafc\AppData\Local\temp\Quarantine.exe C:\Users\garysmithafc\AppData\Local\temp\stubhelper.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-04 01:12 ==================== End Of Log ============================ Quote
ExTS Admin Starbuck Posted May 4, 2014 ExTS Admin Posted May 4, 2014 Hi Slumdog, You may as well remove TFC then. Right click on the icon and select delete. Did you try starting the system with the 'Clean Boot'? Did it make any difference? A few more clean up measures to do: Step 1 Chrome is not cleaning up very well with FRST. We'll clean this up with it's own tools. To reset Google Chrome Click the Menu option button at the top right of the Google Chrome screen Select Settings. Click Show advanced settings and find the "Reset browser settings” section. Click Reset browser settings. In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes. Resetting your browser settings will impact the settings below: Default search engine and saved search engines will be reset and to their original defaults. Homepage button will be hidden and the URL that you previously set will be removed. Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook. New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved. Pinned tabs will be unpinned. Content settings will be cleared and reset to their installation defaults. Cookies and site data will be cleared. Extensions and themes will be disabled. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Thanksfixlist.txt Quote Member of:UNITE
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 What was the "clean boot"? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014 Ran by garysmithafc at 2014-05-04 15:44:52 Run:2 Running from C:\Users\garysmithafc\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - DefaultScope value is missing. S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S0 BMLoad; system32\drivers\BMLoad.sys [X] 2014-04-24 17:16 - 2011-04-30 12:26 - 00000000 ____D () C:\ProgramData\ParetoLogic C:\Users\garysmithafc\AppData\Local\temp\lowproc.exe C:\Users\garysmithafc\AppData\Local\temp\NEventMessages.dll C:\Users\garysmithafc\AppData\Local\temp\NOSEventMessages.dll C:\Users\garysmithafc\AppData\Local\temp\Quarantine.exe C:\Users\garysmithafc\AppData\Local\temp\stubhelper.dll 2014-05-02 11:03 - 2011-05-14 15:57 - 00000000 ____D () C:\Program Files\Common Files\Nokia 2014-05-01 00:09 - 2014-05-01 00:08 - 91665264 _____ () C:\Users\Administrator\Desktop\Nokia_Ovi_Suite_web installer_ALL.exe 2014-04-30 23:50 - 2010-04-12 16:56 - 00000000 ____D () C:\Users\garysmithafc\AppData\Local\Nokia 2014-05-03 13:49 - 2010-04-12 17:08 - 00000000 ____D () C:\ProgramData\Nokia 2014-05-03 13:49 - 2009-11-18 20:28 - 00000000 ____D () C:\Program Files\Nokia MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2 Reboot: ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. BCM42RLY => Service deleted successfully. BMLoad => Service deleted successfully. C:\ProgramData\ParetoLogic => Moved successfully. C:\Users\garysmithafc\AppData\Local\temp\lowproc.exe => Moved successfully. C:\Users\garysmithafc\AppData\Local\temp\NEventMessages.dll => Moved successfully. C:\Users\garysmithafc\AppData\Local\temp\NOSEventMessages.dll => Moved successfully. C:\Users\garysmithafc\AppData\Local\temp\Quarantine.exe => Moved successfully. C:\Users\garysmithafc\AppData\Local\temp\stubhelper.dll => Moved successfully. C:\Program Files\Common Files\Nokia => Moved successfully. "C:\Users\Administrator\Desktop\Nokia_Ovi_Suite_web installer_ALL.exe" => File/Directory not found. C:\Users\garysmithafc\AppData\Local\Nokia => Moved successfully. C:\ProgramData\Nokia => Moved successfully. C:\Program Files\Nokia => Moved successfully. "AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2" => "AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2" ADS not found. The system needed a reboot. ==== End of Fixlog ==== Quote
ExTS Admin Starbuck Posted May 4, 2014 ExTS Admin Posted May 4, 2014 What was the "clean boot"? Hold down the Windows key on your keyboard and press the R key. With the Run dialogue window open, type in msconfig and click the OK button. You should now be looking at the System Configuration window. Click on the Services tab. On the Services tab, youll notice a long list of services available on your PC First, check the box labeled Hide All Microsoft Services. <<<<<<<<<<< Important Next, click the Disable All button By performing these two steps, you have effectively turned off all services from third-party software developers. All Microsoft services remain intact and will be ready to load when you reboot Windows. Finally, click the OK button and reboot the system When you reboot, you may get messages that certain hardware and software are not unavailable. This is normal. Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC. Remember, running Windows like this is just temporary. We need to clarify if the system boots up a lot quicker this way. If it does, then the slowness would seem to be due to a third party program. To restore Windows to a normal start up functionality: Start the System Configuration Utility again (MSCONFIG) On the "General" tab: Click to select "Normal Startup" Click "OK" Choose the "Exit with Restart" option to restart your computer. Quote Member of:UNITE
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 Yes, that way it boots in about half the previous time. So about one minute from scratch to internet access. Quote
ExTS Admin Starbuck Posted May 4, 2014 ExTS Admin Posted May 4, 2014 that way it boots in about half the previous time. So that points to a 3rd party program or programs that are the cause. The only way to find out exactly which is causing this..... is down to elimination. Start with the clean boot instructions and then add one of the entries back. Try booting up and see if it's still as fast. If it is, then add another entry back. When you get a sudden slowness, you'll know which of the programs has caused it. Quote Member of:UNITE
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 I had a feeling you was going to say that!!! Quote
ExTS Admin Starbuck Posted May 4, 2014 ExTS Admin Posted May 4, 2014 There's no peace for the wicked. :) Quote Member of:UNITE
Slumdog Posted May 4, 2014 Author Posted May 4, 2014 Phew!! As far as I can tell, the main culprit is MBAM Service. The three Google updaters also seem a bit slower. Quote
ExTS Admin Starbuck Posted May 5, 2014 ExTS Admin Posted May 5, 2014 You could get around the MBAM services by only running the free version. The trial or Premium versions will run in 'Realtime' so these services will be needed. The free version wouldn't need them. Have you tried tried running the system with MBAM removed.... to see what difference it actually makes. As for the Google updaters.... if using Google Chrome, these will be needed. ( so you may have to live with those) Quote Member of:UNITE
Slumdog Posted May 5, 2014 Author Posted May 5, 2014 "Have you tried tried running the system with MBAM removed.... to see what difference it actually makes". Yes, I am now sure that it is a cause. I uninstalled it and run without it and it was better. When I re-installed it, it didn't ask this time if I wanted free trial. How long is free trial for? I have unticked "start with windows" on it aswell. Quote
ExTS Admin Starbuck Posted May 5, 2014 ExTS Admin Posted May 5, 2014 When I re-installed it, it didn't ask this time if I wanted free trial. How long is free trial for? 14 Days. When you uninstalled MBAM, it may well have left a small entry in the registry. So when reinstalled, it would have picked this up and not offered the full options at the end. I have unticked "start with windows" on it aswell. Good move. Are the Administrator and Guest accounts still showing on the login screen? As Ken stated earlier in this thread: To get rid of the Administrator login account try the following: Start ....type in ....cmd ....right click on ...cmd.exe ... that appears top left. Click on "Run as Administrator" At the prompt ( black background ) type ..... net user administrator /active:no ..... hit ENTER [ there is a space before the / and a colon before "no" ] An image of what this should look like is: http://img.photobucket.com/albums/v708/starbuck50/disable-command-prompt_zps7c5fefbe.jpg Now type exit and press the Enter key on your keyboard to exit the Elevated Command Prompt. See if this hides it for you. You can substitute the word administrator for guest to hide the guest account. Quote Member of:UNITE
Slumdog Posted May 5, 2014 Author Posted May 5, 2014 My account is now the only one which shows at the log-in stage. On the control panel, administrator has gone but guest is still there (as well as mine) but it is turned off. It stayed there even after your above instructions. Quote
ExTS Admin Starbuck Posted May 6, 2014 ExTS Admin Posted May 6, 2014 On the control panel, administrator has gone but guest is still there (as well as mine) but it is turned off. It stayed there even after your above instructions. That's normal. The instructions we gave will only hide it from the login screen. If you go to the user section in Control panel.... the other accounts will show. Are you ready to finish off the cleaning process now? Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.