Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bad image errors


  • Please log in to reply

#1
kitkaye

kitkaye

    New Member

  • Member
  • Pip
  • 3 posts
i managed to spill water on my laptop a wile back, i sent it to the repair shop and it came back working. however now, a lot of my applications bring up a bad image error in reference to the .dll files. my system is also very slugish and windows explorer brings up a not responding error and restarts when i turn on. help me! im attaching the log that was advised..

OTL logfile created on: 29/06/2013 12:39:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KIT\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.96 Gb Total Physical Memory | 12.98 Gb Available Physical Memory | 81.34% Memory free
23.77 Gb Paging File | 20.14 Gb Available in Paging File | 84.71% Paging File free
Paging file location(s): c:\pagefile.sys 8000 12000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.57 Gb Total Space | 200.16 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 1.39 Gb Free Space | 37.12% Space Free | Partition Type: FAT32

Computer Name: KIT2 | User Name: KIT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/29 12:39:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KIT\Downloads\OTL.exe
PRC - [2013/06/15 02:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/02/29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/21 20:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/05 11:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/04 13:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/09/05 18:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/15 02:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/15 02:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/15 02:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/15 02:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/15 02:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/15 02:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/03 06:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/20 12:27:28 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/16 07:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 23:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/26 02:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 21:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/10 01:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 20:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/04 13:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/02 01:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/26 19:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/02 16:38:36 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/17 15:10:09 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/30 22:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/01/20 12:53:32 | 010,731,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/20 11:34:36 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/05 11:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 11:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 11:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/30 08:25:10 | 002,799,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/19 20:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/17 01:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/12/01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 09:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/17 20:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/24 05:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 22:27:06 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/08/09 01:53:28 | 000,045,168 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/29 19:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 18:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/08/30 18:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/04/26 19:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 19:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 00:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 20:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...59EBCBF0F2541EA
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...59EBCBF0F2541EA
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4B51C980-C6B0-11E1-9136-AED16088709B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE:64bit: - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE:64bit: - HKLM\..\SearchScopes\{E71099AA-202F-4ADF-AC67-FF29DDF0BB6E}: "URL" = http://www.google.co...g}&rlz=1I7TEUA;
IE:64bit: - HKLM\..\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {4B51C980-C6B0-11E1-9136-AED16088709B}
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE - HKLM\..\SearchScopes\{E71099AA-202F-4ADF-AC67-FF29DDF0BB6E}: "URL" = http://www.google.co...g}&rlz=1I7TEUA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...59EBCBF0F2541EA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...59EBCBF0F2541EA
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {4B51C980-C6B0-11E1-9136-AED16088709B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE - HKCU\..\SearchScopes\{265F39A4-0FBB-4A79-9BDF-504F11B4C6E9}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE - HKCU\..\SearchScopes\{E71099AA-202F-4ADF-AC67-FF29DDF0BB6E}: "URL" = http://www.google.co...UA_enGB506GB507
IE - HKCU\..\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25}: "URL" = http://www.safesearc...59EBCBF0F2541EA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\avsoftware.org/safesearch: C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/02/06 21:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/12/12 22:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIT\AppData\Roaming\Mozilla\Firefox\extensions
[2012/12/12 22:27:59 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\KIT\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: SafeSearch (Enabled)
CHR - default_search_provider: search_url = http://www.safesearc...59EBCBF0F2541EA
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\uFFFD? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: uTorrentControl_v2 = C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\
CHR - Extension: SafeSearch = C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_0\
CHR - Extension: AdBlock = C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Bustatech theme = C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnohflgafpephcmdnnghnhappjbdfbko\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: RSS Feed Reader = C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.1.2_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121014185419.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (SafeSearch) - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader64.dll ()
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121014185419.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SafeSearch) - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (SafeSearch Toolbar) - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SafeSearch Toolbar) - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [611847BEB34390893995E8A6B51A0B3DB8D94078._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDE38D1-948C-450D-ACB1-A7D7623F936A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3466b1a8-2f15-11e2-b0d4-4c72b99c4ab3}\Shell - "" = AutoRun
O33 - MountPoints2\{3466b1a8-2f15-11e2-b0d4-4c72b99c4ab3}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{48c885a8-8687-11e2-8cc8-4c72b99c4ab3}\Shell - "" = AutoRun
O33 - MountPoints2\{48c885a8-8687-11e2-8cc8-4c72b99c4ab3}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{ce1134b3-8993-11e2-b6fb-4c72b99c4ab3}\Shell - "" = AutoRun
O33 - MountPoints2\{ce1134b3-8993-11e2-b6fb-4c72b99c4ab3}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/28 19:04:03 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2013/02/05 15:18:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\KIT\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/06/29 12:34:50 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 12:34:50 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 12:01:30 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/29 12:01:30 | 000,664,780 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/29 12:01:30 | 000,125,484 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/29 11:57:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/29 11:41:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/29 11:41:00 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/06/29 11:40:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/29 11:40:45 | 4263,354,366 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/28 19:03:18 | 000,764,746 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/06/28 17:57:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/06/27 16:14:06 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/30 14:35:55 | 008,382,296 | ---- | M] () -- C:\Users\KIT\Documents\signature.tif

========== Files Created - No Company Name ==========

[2013/05/30 14:35:50 | 008,382,296 | ---- | C] () -- C:\Users\KIT\Documents\signature.tif
[2013/03/28 15:11:53 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\nvRegDev.dll
[2013/03/28 15:11:45 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\nvPhotoshopUtil.dll
[2013/03/28 15:11:45 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\nvISWOW64.dll
[2013/03/12 19:02:43 | 000,000,258 | RHS- | C] () -- C:\Users\KIT\ntuser.pol
[2013/02/22 23:33:15 | 000,000,132 | ---- | C] () -- C:\Users\KIT\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/06 14:56:31 | 000,000,080 | ---- | C] () -- C:\Users\KIT\CAMPUS.ppf
[2013/02/05 15:18:55 | 000,099,384 | ---- | C] () -- C:\Users\KIT\AppData\Roaming\inst.exe
[2013/02/05 15:18:55 | 000,007,859 | ---- | C] () -- C:\Users\KIT\AppData\Roaming\pcouffin.cat
[2013/02/05 15:18:55 | 000,001,167 | ---- | C] () -- C:\Users\KIT\AppData\Roaming\pcouffin.inf
[2013/02/04 17:19:44 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2013/01/20 14:30:51 | 000,000,132 | ---- | C] () -- C:\Users\KIT\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/01/15 14:35:23 | 000,000,132 | ---- | C] () -- C:\Users\KIT\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/01/15 14:33:08 | 000,001,456 | ---- | C] () -- C:\Users\KIT\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/10/29 14:58:57 | 000,005,632 | ---- | C] () -- C:\Users\KIT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/16 12:00:43 | 000,764,746 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/29 19:27:43 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/08/29 19:13:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/08/29 19:10:52 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/08/29 19:10:52 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/08/29 19:10:52 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/02/03 06:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/01/20 12:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012/01/20 12:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/07 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Artec
[2013/03/30 22:59:04 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Autodesk
[2013/04/29 17:00:41 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\autodessys
[2012/11/26 11:43:29 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\AVG2013
[2013/03/12 19:02:37 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\AVSoftware
[2013/05/21 23:14:22 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Azureus
[2012/10/16 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Blender Foundation
[2013/01/31 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/21 23:14:26 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\DAEMON Tools Lite
[2013/04/28 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Geomagic
[2012/12/14 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Nico Mak Computing
[2013/02/04 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\PACE Anti-Piracy
[2013/03/22 18:14:48 | 000,000,000 | -H-D | M] -- C:\Users\KIT\AppData\Roaming\RWBYTE
[2012/12/04 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/13 16:59:22 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Toshiba
[2012/11/26 11:30:51 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\TuneUp Software
[2012/10/16 12:10:39 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Unigraphics Solutions
[2013/05/21 23:14:22 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\uTorrent
[2013/05/21 23:14:22 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\Vso
[2012/10/13 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\KIT\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6E64BB99
@Alternate Data Stream - 1024 bytes -> C:\Users\KIT\AppData\Local\JL64haB2:Jg8Zk4vDgnOgg7ZUEcNelnzpKD

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6E64BB99
@Alternate Data Stream - 1024 bytes -> C:\Users\KIT\AppData\Local\JL64haB2:Jg8Zk4vDgnOgg7ZUEcNelnzpKD

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\06292013-some number.log so look there if you don't see it.


Download the adwCleaner

[LIST][*]Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Posted Image
[*]Select the Delete button.
[*]When the scan completes, it will open a notepad windows. Please copy and paste the text into a reply.


Control Panel, Programs and Features, uninstall any old versions of Java. (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
If you must have Java, get the latest version from java.com.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does it complete without complaining?)



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy after you create the log.

Ron
  • 0

#3
kitkaye

kitkaye

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MPOptimizer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:6E64BB99 deleted successfully.
ADS C:\Users\KIT\AppData\Local\JL64haB2:Jg8Zk4vDgnOgg7ZUEcNelnzpKD deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: KIT
->Flash cache emptied: 57354 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: KIT
->Java cache emptied: 622335 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06302013_152254







adw cleaner log


# AdwCleaner v2.303 - Logfile created 06/30/2013 at 15:31:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : KIT - KIT2
# Boot Mode : Normal
# Running from : C:\Users\KIT\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\KIT\AppData\Local\Conduit
Folder Deleted : C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\KIT\AppData\Local\Wondershare
Folder Deleted : C:\Users\KIT\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\KIT\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\KIT\AppData\LocalLow\uTorrentControl_v2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43C9F21B-6D09-4FD7-8952-BFB252ECB04B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7536E2E7-BBD1-45D5-A92B-5A7F44F8BC7A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\KIT\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4260 octets] - [30/06/2013 15:30:53]
AdwCleaner[S1].txt - [4098 octets] - [30/06/2013 15:31:40]

########## EOF - C:\AdwCleaner[S1].txt - [4158 octets] ##########



comand prompt scan compleated to 100% ,but reorted windows resourse protection found corupt files, but was unable to fix some of them






vew system log


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/06/2013 21:06:03

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/06/2013 17:49:33
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 30/06/2013 17:49:31
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 30/06/2013 14:44:32
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/06/2013 17:49:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_PNY&PROD_USB_2.0_FD&REV_0.00#000000004CD1F502&0#.

Log: 'System' Date/Time: 30/06/2013 14:44:35
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig




vew aplication log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/06/2013 21:07:33

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/06/2013 17:49:33
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/06/2013 17:51:43
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:E:/Music/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)


Log: 'Application' Date/Time: 30/06/2013 17:51:43
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:E:/uni/year 4/award design/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)




process explorer log

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.14 0 K 24 K 0
procexp64.exe 1.52 29,652 K 48,260 K 6196 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 0.43 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.21 36,684 K 37,352 K 3996 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.18 4,388 K 11,228 K 560 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 0.17 9,528 K 13,736 K 4212 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
System 0.11 532 K 9,848 K 4
chrome.exe 0.05 126,056 K 141,372 K 6012 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.03 58,404 K 83,868 K 1656 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
c2c_service.exe 0.02 2,904 K 6,044 K 2460 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA
chrome.exe 0.02 119,428 K 114,496 K 5176 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.02 4,744 K 9,896 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CCC.exe 0.01 106,132 K 4,592 K 5356 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
TosDIMonitor.exe 0.01 68,848 K 59,360 K 4912 Toshiba Places Icon Utility Toshiba (Verified) TOSHIBA CORPORATION
LMS.exe 0.01 2,744 K 4,960 K 2940 Local Manageability Service Intel Corporation (Verified) Intel Corporation
MOM.exe 0.01 39,724 K 5,128 K 5124 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
SRSPanel_64.exe 0.01 15,756 K 20,144 K 4204 SRS Control Panel SRS Labs, Inc. (Verified) SRS Labs
chrome.exe 0.01 33,200 K 40,240 K 7708 Google Chrome Google Inc. (Verified) Google Inc
iusb3mon.exe < 0.01 1,816 K 5,324 K 5132 Intel® USB 3.0 Monitor Intel Corporation (Verified) Intel Corporation
avgwdsvc.exe < 0.01 10,272 K 21,228 K 2268 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
TemproTray.exe < 0.01 41,388 K 37,160 K 4472 Toshiba TEMPRO Toshiba Europe GmbH (Verified) Toshiba Europe GmbH
chrome.exe < 0.01 38,724 K 51,732 K 5276 Google Chrome Google Inc. (Verified) Google Inc
avgidsagent.exe < 0.01 15,044 K 13,860 K 2228 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
wmpnetwk.exe < 0.01 10,976 K 7,584 K 3836 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 5,060 K 9,048 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 13,032 K 14,380 K 1068 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 27,708 K 43,756 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,368 K 12,852 K 1532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 5,444 K 10,672 K 3692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 40,232 K 25,496 K 2012 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
avgrsa.exe < 0.01 53,048 K 1,696 K 740 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe < 0.01 15,356 K 17,056 K 1792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 7,256 K 15,000 K 2776 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
csrss.exe < 0.01 2,304 K 4,756 K 708 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
TemproSvc.exe < 0.01 31,052 K 23,548 K 2608 Toshiba TEMPRO Toshiba Europe GmbH (Verified) Toshiba Europe GmbH
svchost.exe < 0.01 237,692 K 245,920 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgnsa.exe < 0.01 12,220 K 360 K 3328 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgui.exe < 0.01 15,944 K 39,104 K 5200 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
spoolsv.exe < 0.01 10,256 K 16,736 K 1744 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
TODDSrv.exe < 0.01 1,720 K 4,252 K 2672 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
StikyNot.exe < 0.01 6,676 K 15,856 K 4792 Sticky Notes Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 2,132 K 6,192 K 4004 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2,228 K 6,608 K 6628 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,652 K 7,664 K 3156 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,504 K 3,464 K 3020 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,320 K 7,728 K 1164 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,800 K 4,912 K 724 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,844 K 5,064 K 3204 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 4,004 K 10,100 K 3084 User Notification Service Intel Corporation (Verified) Intel Corporation
TrustedInstaller.exe 14,040 K 19,932 K 7044 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
TPwrMain.exe 6,084 K 11,044 K 4224 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TPCHWMsg.exe 3,108 K 6,844 K 1988 TOSHIBA PC Health Monitor TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TPCHSrv.exe 8,052 K 8,760 K 7920 TOSHIBA PC Health Monitor TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe 2,780 K 7,432 K 7888 TosSmartSrv.exe TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSENotify.exe 4,384 K 9,816 K 7948 TosSENotify.exe.mui TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosCoSrv.exe 3,820 K 7,340 K 2700 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TecoService.exe 2,988 K 7,072 K 2912 TOSHIBA eco Utility Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
Teco.exe 3,248 K 7,344 K 4328 TOSHIBA eco Utility TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TCrdMain.exe 9,420 K 19,844 K 4296 TOSHIBA Flash Cards Main Module TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskhost.exe 7,696 K 15,528 K 4376 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,580 K 3,656 K 3244 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 25,584 K 20,448 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,588 K 5,940 K 3660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,384 K 14,560 K 2064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 544 K 1,244 K 384 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,600 K 9,428 K 1056 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 8,636 K 10,992 K 4192 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp.exe 2,832 K 7,080 K 2560 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 26,488 K 17,480 K 7352 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
ONENOTEM.EXE 1,160 K 688 K 5060 Microsoft Office OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 2,176 K 7,140 K 7856 Notepad Microsoft Corporation (Verified) Microsoft Windows
NASvc.exe 2,424 K 6,536 K 2904 NeroUpdate Nero AG (Verified) Nero AG
lsm.exe 3,008 K 4,720 K 1084 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,232 K 11,992 K 1076 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Jhi_service.exe 1,740 K 5,308 K 2416 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
itype.exe 8,200 K 1,960 K 4532 IType.exe Microsoft Corporation (Verified) Microsoft Corporation
ipoint.exe 5,648 K 12,604 K 4576 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
IntelMeFWService.exe 1,124 K 3,496 K 2384 (Verified) Intel Corporation
HeciServer.exe 1,960 K 5,468 K 2316 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
GFNEXSrv.exe 2,484 K 6,216 K 2020 GFNEXSrv (Verified) PEGATRON CORPORATION
conhost.exe 1,904 K 5,692 K 7972 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
cmd.exe 2,284 K 3,056 K 6236 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 22,076 K 25,516 K 7284 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 70,292 K 74,260 K 5780 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 8,768 K 15,976 K 4692 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,124 K 27,952 K 7136 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,772 K 9,272 K 6776 Google Chrome Google Inc. (Verified) Google Inc
avgemca.exe 3,656 K 8,364 K 3340 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgcsrva.exe 15,976 K 3,780 K 780 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
audiodg.exe 21,564 K 22,416 K 5684 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,768 K 4,468 K 1368 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,720 K 6,660 K 1728 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,232 K 3,964 K 2180 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AdobeARM.exe 5,584 K 12,952 K 5072 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems
acrotray.exe 2,116 K 5,936 K 5296 AcroTray Adobe Systems Inc. (Verified) Adobe Systems


The event description cannot be found.

Attached Files

  • Attached File  KIT2.txt   146.21KB   23 downloads

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
OK. Let's see what SFC is complaining about:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad should open. If it's not too big, copy and paste the text to a reply. (Close notepad and the command window.)
  • 0

#5
kitkaye

kitkaye

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here is the log file, i had to attach it as it was too big to post

Attached Files

  • Attached File  junk.txt   414.09KB   33 downloads

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
Ouch! Your hard drive seems to have major damage. If it were just a handful of files we could try replacing them but there must be hundreds of files that are shown as corrupt. Not sure what the shop did for you but they didn't do enough. The drive itself may be damaged. You would have to run the drive maker's extended or comprehensive test to see if it is still usable. The drive is a SATA TOSHIBA 466GB MK5075GSX so I would check Toshiba's website.

If the drive is good then I think you need to do an Repair install if you have the Windows DVDs
http://www.sevenforu...ir-install.html
or perhaps a reset to factory
To reset a Toshiba laptop to factory settings from the hidden partition, press on the zero key when turning on the laptop computer (you will lose all data if you do this so back it up first).

In either case the first thing you do after it comes up is connect to Windows Update and get the 100 or so updates that you will be missing. Normally it takes several update attempts to get them all. Seems some updates need updates.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP