Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Machine works slowly [Solved]


  • This topic is locked This topic is locked

#1
tal5

tal5

    Member

  • Member
  • PipPip
  • 42 posts
Hello!!

I have I5 machine 3.3GHZ with 4GB RAM, Im using Windows 7 Home Premium, its feel for me like i have pentium 2.
dont know why, everything works slow.
IE and google chrome- like old computer.
windows start- Very slow.
how can i fix it?
how can i know exactly if its hardware problem or if its virus/another from that family?

many thanks!!

Tal.
  • 0

Advertisements


#2
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
There is something incorrect at my topic??
I've watch the rules and it seems to be ok...
any answer??
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first we will need to see what if anything is causing the slow start

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#4
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hello!
Thanks for that reply, im sorry for the delay, please do not close that topic, i will send my log at the next 12 hours.

I have 2 problem computers, i will start with my own- Im using here win 7 Ultimate.

As i said, i will update my logs soon. thanks!!!
  • 0

#5
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL logfile created on: 11/11/2013 16:21:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tal\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 67.75% Memory free
6.50 Gb Paging File | 4.41 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 175.78 Gb Total Space | 133.38 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 168.54 Gb Free Space | 86.30% Space Free | Partition Type: NTFS
Drive E: | 225.07 Gb Total Space | 178.29 Gb Free Space | 79.21% Space Free | Partition Type: NTFS

Computer Name: TAL-PC | User Name: Tal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 16:19:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tal\Downloads\OTL.exe
PRC - [2013/11/11 05:22:14 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/11/11 05:22:14 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013/11/11 05:22:14 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 22:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/03 21:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/09/02 10:19:00 | 000,669,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/08/20 22:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2012/12/19 21:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/12/19 21:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/28 05:42:12 | 011,499,824 | ---- | M] (www.BitComet.com) -- E:\Program Files\BitComet\BitComet.exe
PRC - [2010/12/28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- E:\Program Files\BitComet\tools\BitCometService.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/07/24 12:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/11 05:22:14 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/11/11 05:22:14 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013/11/11 05:22:14 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013/10/09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013/10/09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 02:01:50 | 000,698,832 | ---- | M] () -- C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 02:01:49 | 000,099,792 | ---- | M] () -- C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/04/11 14:23:42 | 000,256,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\8ea4f2a14f034a52843ddf37991c9f6d\WindowsFormsIntegration.ni.dll
MOD - [2013/04/11 14:22:15 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\dcf2b1a7011858156e5b759de2e5e598\PresentationFramework-SystemXml.ni.dll
MOD - [2013/04/10 22:44:01 | 013,319,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\273389de0b6e286cb2bdc83ecb428704\System.Web.ni.dll
MOD - [2013/04/10 22:43:49 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4cfa42c8b69a64e192f3255ec900457d\System.Runtime.Remoting.ni.dll
MOD - [2013/04/10 22:43:45 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2013/04/10 22:43:39 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2013/04/10 22:43:36 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2013/04/10 22:43:30 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2013/04/10 22:43:26 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2013/04/10 22:43:26 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2013/04/10 22:43:24 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll
MOD - [2013/04/10 22:43:19 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2013/04/10 22:43:19 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2013/04/10 22:43:18 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll
MOD - [2013/04/10 22:43:16 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2013/04/10 22:43:11 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV - [2013/11/11 05:22:14 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/10/08 23:27:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/03/29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/19 21:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- E:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/11/11 05:22:14 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/25 19:57:14 | 000,120,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/09/10 21:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 21:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 09:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 09:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 09:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 09:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/20 21:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/19 22:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/12/19 22:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/12/19 21:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/11/06 13:11:46 | 000,084,992 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/09/30 20:48:21 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2011/09/30 20:47:50 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/07/16 17:27:07 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/18 06:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/
IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he
IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\SearchScopes,DefaultScope = {9E9F6E56-2C4C-412A-A8F5-00EF260A2962}
IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\SearchScopes\{9E9F6E56-2C4C-412A-A8F5-00EF260A2962}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3579686740-1948245414-1388583087-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tal\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tal\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/04 12:20:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/04 12:20:21 | 000,000,000 | ---D | M]

[2013/04/12 04:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/22 18:16:34 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tal\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tal\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: AdBlock = C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AVG Secure Search = C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0\
CHR - Extension: Google Wallet = C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001..\Run: [BitComet] E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &הורד עם BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: הורד ה&כל עם BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...r_5.0.127.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bhome.bezeq....SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990CFC23-579C-4FE9-81EF-8A006E26DD54}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e11ed53-afa4-11e0-8406-001fd0d54707}\Shell - "" = AutoRun
O33 - MountPoints2\{0e11ed53-afa4-11e0-8406-001fd0d54707}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 19:49:30 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/11/05 00:24:10 | 000,000,000 | ---D | C] -- C:\winbez
[2013/11/05 00:24:10 | 000,000,000 | ---D | C] -- C:\tbewv
[2013/11/04 00:27:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/11/04 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/04 00:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/04 00:27:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/11/04 00:27:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/11/04 00:27:33 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/11/04 00:27:33 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/11/04 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/11 16:13:45 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 16:04:15 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA.job
[2013/11/11 16:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 15:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/11 14:03:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core.job
[2013/11/11 05:22:14 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/10 22:13:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/10 00:20:28 | 000,656,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/10 00:20:28 | 000,393,910 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2013/11/10 00:20:28 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/10 00:20:28 | 000,084,926 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2013/11/08 03:34:34 | 000,014,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 03:34:34 | 000,014,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 03:27:18 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/18 01:11:39 | 000,002,360 | ---- | M] () -- C:\Users\Tal\Desktop\Google Chrome.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/03 07:20:57 | 000,000,483 | ---- | C] () -- C:\Windows\eReg.dat
[2013/06/08 16:29:59 | 000,001,818 | ---- | C] () -- C:\Windows\disney.ini
[2013/01/16 19:15:34 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/12/19 15:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/11/29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/09/19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012/09/04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012/09/04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012/06/23 15:16:28 | 000,033,758 | ---- | C] () -- C:\Users\Tal\AppData\Local\dt.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/02/15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/22 00:09:48 | 000,138,056 | ---- | C] () -- C:\Users\Tal\AppData\Roaming\PnkBstrK.sys

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/09 23:51:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 23:51:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/12/21 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\2K Sports
[2013/10/03 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\AVG2014
[2011/08/02 19:45:53 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\BitComet
[2011/08/02 19:18:59 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\DAEMON Tools Lite
[2012/08/07 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Juniper Networks
[2012/04/11 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Kalypso Media
[2011/01/02 03:43:30 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Leadertech
[2013/04/12 05:36:27 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\ObviousIdea
[2013/07/30 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Origin
[2011/02/02 01:03:04 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Rovio
[2011/03/22 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Samsung
[2013/08/17 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\Systweak
[2012/11/09 17:07:55 | 000,000,000 | ---D | M] -- C:\Users\Tal\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/14 03:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/07/14 03:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/07/14 03:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/07/14 03:15:00 | 000,102,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 03:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/14 03:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/14 03:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/07/14 03:16:17 | 000,294,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009/07/14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/14 03:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/07/14 03:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/07/14 03:16:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/14 03:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2009/07/14 03:16:13 | 000,743,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/07/14 03:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/07/14 03:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/07/14 03:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/07/14 03:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/07/14 03:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2009/07/14 03:15:41 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/07/14 03:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009/07/14 03:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 03:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/07/14 03:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/14 03:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/14 03:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/14 06:53:46 | 000,032,566 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011/10/21 15:18:39 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 15:18:40 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 22:24:15 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/09/23 18:36:33 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core.job
[2012/09/23 18:36:34 | 000,000,930 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Vol1
Volume Serial Number is F05A-9BD4
Directory of C:\
07/14/2009 06:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows NT
01/01/2011 01:43 AM <JUNCTION> ’†˜‰ [C:\Program Files\Windows NT\Accessories]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 06:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 06:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 06:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 06:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 06:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
01/01/2011 01:43 AM <JUNCTION> ™…Œ‡ „’…ƒ„ [C:\Users\Public\Desktop]
01/01/2011 01:43 AM <JUNCTION> š”˜‰ˆ „š‡Œ„ [C:\ProgramData\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\ProgramData\Microsoft\Windows\Start Menu
01/01/2011 01:43 AM <JUNCTION> š…‹‰…š [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 06:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 06:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 06:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 06:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 06:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 06:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 06:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
01/01/2011 01:43 AM <JUNCTION> ™…Œ‡ „’…ƒ„ [C:\Users\Public\Desktop]
01/01/2011 01:43 AM <JUNCTION> š”˜‰ˆ „š‡Œ„ [C:\ProgramData\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Microsoft\Windows\Start Menu
01/01/2011 01:43 AM <JUNCTION> š…‹‰…š [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 06:53 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 06:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 06:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 06:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 06:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 06:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 06:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 06:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 06:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
01/01/2011 01:43 AM <JUNCTION> š”˜‰ˆ „š‡Œ„ [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 06:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 06:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
01/01/2011 01:43 AM <JUNCTION> š…‹‰…š [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 06:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 06:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 06:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 06:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 06:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 06:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Tal
01/01/2011 01:43 AM <JUNCTION> Application Data [C:\Users\Tal\AppData\Roaming]
01/01/2011 01:43 AM <JUNCTION> Cookies [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Cookies]
01/01/2011 01:43 AM <JUNCTION> Local Settings [C:\Users\Tal\AppData\Local]
01/01/2011 01:43 AM <JUNCTION> My Documents [C:\Users\Tal\Documents]
01/01/2011 01:43 AM <JUNCTION> NetHood [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/01/2011 01:43 AM <JUNCTION> PrintHood [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/01/2011 01:43 AM <JUNCTION> Recent [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Recent]
01/01/2011 01:43 AM <JUNCTION> SendTo [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\SendTo]
01/01/2011 01:43 AM <JUNCTION> Templates [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Templates]
01/01/2011 01:43 AM <JUNCTION> š”˜‰ˆ „š‡Œ„ [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Users\Tal\AppData\Local
01/01/2011 01:43 AM <JUNCTION> Application Data [C:\Users\Tal\AppData\Local]
01/01/2011 01:43 AM <JUNCTION> History [C:\Users\Tal\AppData\Local\Microsoft\Windows\History]
01/01/2011 01:43 AM <JUNCTION> Temporary Internet Files [C:\Users\Tal\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Start Menu
01/01/2011 01:43 AM <JUNCTION> š…‹‰…š [C:\Users\Tal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Users\Tal\Documents
01/01/2011 01:43 AM <JUNCTION> My Music [C:\Users\Tal\Music]
01/01/2011 01:43 AM <JUNCTION> My Pictures [C:\Users\Tal\Pictures]
01/01/2011 01:43 AM <JUNCTION> My Videos [C:\Users\Tal\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Tal Oren
07/27/2012 07:05 PM <JUNCTION> Application Data [C:\Users\Tal Oren\AppData\Roaming]
07/27/2012 07:05 PM <JUNCTION> Cookies [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Cookies]
07/27/2012 07:05 PM <JUNCTION> Local Settings [C:\Users\Tal Oren\AppData\Local]
07/27/2012 07:05 PM <JUNCTION> My Documents [C:\Users\Tal Oren\Documents]
07/27/2012 07:05 PM <JUNCTION> NetHood [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/27/2012 07:05 PM <JUNCTION> PrintHood [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/27/2012 07:05 PM <JUNCTION> Recent [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Recent]
07/27/2012 07:05 PM <JUNCTION> SendTo [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\SendTo]
07/27/2012 07:05 PM <JUNCTION> Templates [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Templates]
07/27/2012 07:05 PM <JUNCTION> š”˜‰ˆ „š‡Œ„ [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Users\Tal Oren\AppData\Local
07/27/2012 07:05 PM <JUNCTION> Application Data [C:\Users\Tal Oren\AppData\Local]
07/27/2012 07:05 PM <JUNCTION> History [C:\Users\Tal Oren\AppData\Local\Microsoft\Windows\History]
07/27/2012 07:05 PM <JUNCTION> Temporary Internet Files [C:\Users\Tal Oren\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Start Menu
07/27/2012 07:05 PM <JUNCTION> š…‹‰…š [C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Users\Tal Oren\Documents
07/27/2012 07:05 PM <JUNCTION> My Music [C:\Users\Tal Oren\Music]
07/27/2012 07:05 PM <JUNCTION> My Pictures [C:\Users\Tal Oren\Pictures]
07/27/2012 07:05 PM <JUNCTION> My Videos [C:\Users\Tal Oren\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
08/08/2011 06:50 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/08/2011 06:50 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/08/2011 06:50 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/08/2011 06:50 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
08/08/2011 06:50 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/08/2011 06:50 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/08/2011 06:50 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
08/08/2011 06:50 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
08/08/2011 06:50 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
08/08/2011 06:50 AM <JUNCTION> š”˜‰ˆ „š‡Œ„ [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/08/2011 06:50 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/08/2011 06:50 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/08/2011 06:50 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
08/08/2011 06:50 AM <JUNCTION> š…‹‰…š [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
08/08/2011 06:50 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/08/2011 06:50 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/08/2011 06:50 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
94 Dir(s) 145,726,820,352 bytes free

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi prior to the slowdown did you install or update any of your programmes ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2013/11/05 00:24:10 | 000,000,000 | ---D | C] -- C:\winbez
[2013/11/05 00:24:10 | 000,000,000 | ---D | C] -- C:\tbewv

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 1

#7
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-11 16:31:13
-----------------------------
16:31:13.235 OS Version: Windows 6.1.7600
16:31:13.235 Number of processors: 2 586 0x170A
16:31:13.237 ComputerName: TAL-PC UserName: Tal
16:31:13.943 Initialize success
18:02:28.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:02:28.068 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610479MB BusType: 3
18:02:28.195 Disk 0 MBR read successfully
18:02:28.197 Disk 0 MBR scan
18:02:28.199 Disk 0 Windows 7 default MBR code
18:02:28.211 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 180001 MB offset 63
18:02:28.214 Disk 0 Partition - 00 0F Extended LBA 430468 MB offset 368643555
18:02:28.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199996 MB offset 368643618
18:02:28.253 Disk 0 Partition - 00 05 Extended 230471 MB offset 778236795
18:02:28.285 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230471 MB offset 778236858
18:02:28.375 Disk 0 scanning sectors +1250242560
18:02:28.533 Disk 0 scanning C:\Windows\system32\drivers
18:02:33.589 Service scanning
18:02:42.493 Modules scanning
18:02:44.955 Disk 0 trace - called modules:
18:02:44.982 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:02:44.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86748798]
18:02:44.991 3 CLASSPNP.SYS[8c39359e] -> nt!IofCallDriver -> [0x8667a790]
18:02:44.996 5 ACPI.sys[8be4d3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x858fc338]
18:02:45.000 Scan finished successfully
18:03:40.171 Disk 0 MBR has been saved successfully to "C:\Users\Tal\Desktop\MBR.dat"
18:03:40.176 The log file has been saved successfully to "C:\Users\Tal\Desktop\aswMBR.txt"
  • 0

#8
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hi prior to the slowdown did you install or update any of your programmes ? - No there is no updates, maybe origin, but i think its safe... the slowdown was after i use facebook, i think.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot - I have windows 7 ultimate 32bit. but im using intel64bit processor.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2013/11/05 00:24:10 | 000,000,000 | ---D | C] -- C:\winbez
[2013/11/05 00:24:10 | 000,000,000 | ---D | C] -- C:\tbewv

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.


Edited by tal5, 11 November 2013 - 10:18 AM.

  • 0

#9
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
please read my previous answer- Is it problem- this version with my win7 32bit? (my computer can work with 64bit but i haven't.)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No there is no problem, OTL will determine the system and act accordingly
  • 0

Advertisements


#11
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3579686740-1948245414-1388583087-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3579686740-1948245414-1388583087-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3579686740-1948245414-1388583087-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3579686740-1948245414-1388583087-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\winbez folder moved successfully.
C:\tbewv folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tal
->Temp folder emptied: 201906483 bytes
->Temporary Internet Files folder emptied: 299719265 bytes
->Java cache emptied: 6448077 bytes
->Google Chrome cache emptied: 400388695 bytes
->Flash cache emptied: 17699 bytes

User: Tal Oren
->Temp folder emptied: 78429 bytes
->Temporary Internet Files folder emptied: 75735 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 365543003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 60576486 bytes

Total Files Cleaned = 1,273.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11112013_205159

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by Tal on Mon 11/11/2013 at 20:57:25.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoods_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoods_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2405280
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger[1]_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\starapp"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Tal\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Tal\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Tal\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\Tal\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{03AE6EEE-B159-496B-A865-AFF97DB7A129}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{043E1A57-8CB0-48BF-A537-1953AC233935}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{05D37596-5245-430E-A81C-B2EA3E417C8A}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{0702DFF3-EC4B-4E02-B53B-B701C5350145}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{0C131811-F602-41AB-B067-084F30E9B407}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{0D6B4CEB-49A4-4B56-8D90-0D954B9B05DA}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{10810990-3864-47EC-8C24-8E5D37C5B2AC}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{10B4471D-6741-4F57-B4A0-56A05DB99890}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{12C96722-AD4D-4131-BCD3-5A26586EF0A0}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{1369D026-1E2E-4489-A625-08C8524E950B}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{13E198D7-2FD2-4D04-A092-21274F34D162}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{14FC89DF-C53D-4957-BF20-F5835AF69ACB}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{15D16F10-5047-4177-8336-8261843D03EF}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{1885E2B2-A6B9-4778-97EA-9B80D417EADA}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{1AFD35EE-CEDA-4698-B8B1-DBD74FE4BD1F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{1B409A5D-1E45-477E-8A0A-83E75FB38614}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{1DAC53B3-0988-4594-BAA4-DDD328445E9E}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{1E6CE8F5-96BE-44CC-B149-7499DA7CAF2C}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2021A8D3-8D30-4551-9E3E-947F3393BCE4}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{21D1B130-B531-4306-90D1-42581BD8D3B3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{22942C32-CE93-4945-A036-AE48F46B0A7F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2321DF04-6FA2-4E60-B7B2-15FE688DAF66}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{23816117-A943-4505-97F7-54F07AAD7602}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{23BFFCFE-1680-4D25-891E-0F3088B0E6B6}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{241DDE79-075F-4E1F-BC85-27C05EA67604}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{247DB6E8-C3E0-48B0-8DED-BB9391056945}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{28021861-BE18-4C34-BCB5-CBA4A6064AEF}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2AB8259F-D22C-4051-B97D-9EB273E66BB6}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2B6C8EE2-915D-47CA-B8C3-E4E308344BD9}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2BF8D311-627B-4D8F-B12A-237340AFAF7F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2D8B905B-9B14-4E4F-9316-F98E624E3F4B}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{2FB95C2C-89C1-4F40-A988-FB0850645AD3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{31CB6922-CE8B-455D-9C16-8FA66E8C546D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{3219005D-9782-41ED-9FB5-290DA95AB4E8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{33D57060-E4C2-4D19-B8C0-5651BA15CEB8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{3422D891-A3A4-4373-B5C0-5A52E6F9752C}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{3BDC0C09-C6EE-483C-A214-B0A00E0A3A1C}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{3EC497E4-5317-47B5-80BC-319B42A865B9}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{40CA6A4C-82AA-4454-9C00-25405E3855B8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{40D2EF4B-B6B9-4747-B3B3-EE06DABC6100}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{41D0A52F-19CC-43C2-A2DC-694D1B152731}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{41EF1912-77B3-402A-BFF1-EE62ED928005}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{42B51342-4F8C-482F-8CF6-E8BF03971E01}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{4414BAF5-811C-4927-9451-8DF5CD367906}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{47BF744E-E754-43BE-B9D5-35AE044A6BF2}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{49ADC8A0-A24D-4A8C-AE3A-4E648805D6ED}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{4A1680BE-1FB0-45AD-892C-BFC0A9EA7930}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{4AB14C33-9D6D-4FFE-AB2B-CD4A278F055B}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{4CAF9736-D64B-41CF-8D02-F64F332966CF}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{504AA76F-22CD-4DAD-BE59-18A5C4624B69}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{53513576-00D8-425F-AD6A-9514B2B8211F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{586E8CD5-25C8-4ADD-B3E5-B1DF7F0B6EC0}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{5BBE8C8C-A848-472C-956D-0FA66D18B413}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{5C297BCC-5F80-44EE-911E-E09E39A53936}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{5C30DF06-6F00-4128-9C2F-4BE5910979F5}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{612CDBD8-8F04-463F-AA13-912D84E36216}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{634C8CCD-D554-4703-91F4-085765CE8902}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{6AC08755-5BB2-4B1D-B7EA-43F9CB281B44}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{6B266A18-31DA-441F-AAB7-6417FAF331B7}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{6E1CCFFB-1E25-47E8-BBB5-DCD6C5328BC8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{6E6B026B-4901-44A6-9819-BF5B0FC136F1}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{6FB563C0-256E-4C51-B971-F8DDB2C5E9E9}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{74140D9E-DF4F-4D09-B018-A7938004917D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{750FA083-D81F-40D5-AF33-A148A4F47A25}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{75321858-3D87-49FC-82FD-816C605D9724}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{7662FE6D-C390-4B58-A5C7-A31372E7B155}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{7B6E5D7B-A8DA-43F6-8503-4A978F78F501}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{7B7157F1-E714-451D-818F-075B7FC79D5D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{7C9EE7E1-144A-4C19-8767-D59D8FEB7F4B}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{7CE667D3-C9BD-425E-B396-01C89326847D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{7F54EAF3-50E2-4811-A57A-1091460D1832}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{827CA265-84D4-4828-9005-CA150429B4BF}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{868288FC-6E96-4FBC-BDC7-186839D37EC3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{86F7E5CB-259E-43A8-9BD7-8C40FC55A44E}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{87C70DB3-0375-4427-AB35-CA28EC5B7F68}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{89D6264F-8240-4140-8458-66F95A6C1395}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{8A5866AA-BAB5-42B0-81E2-3D333D0B6225}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{8C157303-86C2-404A-9F38-2F16852A6977}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{9843629E-138D-47A6-BF41-84E79B3CF1C6}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{9EC593EE-5389-42F3-9B3A-D30E3534F5FA}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{9F3562F3-E4D3-4695-BDEA-A8F1E5D1D421}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{A20F9ED0-995A-45DE-B1B8-F253EDA84A82}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{A311D5C6-7734-411A-9A32-2D5D01D1245B}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{A37C1D71-1DFA-4510-9624-CEA1FC2344D3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{A5083194-C693-402C-8DC9-10B32DA96FC3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{A8D712CC-A57A-4F25-B5C1-ED4A661DCC0A}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{AC0E2F47-98F6-4D29-8F81-0EFF7880400D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{AD37379E-ED8C-4750-9830-635E158A73A8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{AD83FA2C-A951-46AC-89A0-E8C54AA5BEBB}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{B15B8527-0B9C-4B0B-8E39-0CC0957AE9FD}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{B6D51829-A9F4-4C4B-B794-4BF2C2E4B452}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{B8C67CB8-70E6-4EF9-A112-6CDC0B09464F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{B8D6B85C-3AC2-4261-9DE7-37EEBAE803FE}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{B983DD51-D475-4832-BF65-B8715FD34C6E}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{BCAA8FAD-7598-40DC-8B0A-977F763D3209}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{BD3594C0-8B37-436F-A395-46015A45EE64}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{BDB392D8-8365-4D4A-96D3-0D0A49B71A4E}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{BED6CEED-1B4F-4BC2-99D8-063BCF788F8D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C09C1BA8-51FD-40CC-B3B2-48BDA5DFB689}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C2180321-C343-4561-8305-343E48AC68D7}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C360DE9D-23F2-4EA4-8439-94F160C5B685}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C4E6326C-5C30-419C-AF2E-3F0A9B8FA63D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C6DC41B7-0C4C-46A9-AFCD-F0206AD70CD0}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C7127B27-8890-4C41-A13D-83C341DBB651}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C72398C0-0942-47B3-8A00-12D08E22A213}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C74F1D02-B25F-41A1-ADA4-E0026149A42E}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{C832C714-80DD-4F92-981B-96EF322AF20D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CA1C1C1A-8510-4FB0-9E7A-5F24228ACB4F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CACE91FC-FCFE-4BB1-8E99-DF22CB997649}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CB08EB2A-216A-4CA8-8462-108FC1579D8F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CBB489CC-63EE-4E57-A083-A807B790579D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CDA3B64B-3E64-40C6-BDAB-36B6C2E40FEB}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CE8EB7B7-C203-4A70-AD66-231C1077E4FD}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CED505A4-4EA4-445B-BE6F-1B1C1746D194}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CF00603D-056B-4E63-BF42-0B7860060C29}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{CFD077E5-CB8C-4E47-9DCD-CE2B72BC97BF}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D1A7EBF6-4FA6-483A-90B6-3CA87679AA39}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D1B4DB19-BE55-4C3C-8074-38AF95F5DB64}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D40BB4A3-96C1-4BA8-BED9-9D996D085BF3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D55935EB-B3E1-4C00-B5E2-5D7C1995755A}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D59C3F41-4C07-4355-9842-403AEA6D48C3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D79303B2-7A6E-4D71-96A2-B217481E25DA}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D83A3730-5E71-4072-8C0C-C8DD8C4A34CF}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D9144465-6BDA-47A7-9984-F87FF0B93C48}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D916066A-51E1-4725-A5FA-FCE73584F232}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{D9C33050-1DFD-4E28-9F27-557B5792BED3}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{DA8C663C-8136-4B31-A33F-DE6643B28E37}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{DC55E71C-2367-4ECD-B79D-F1E6DA70A7CA}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{DF18EDEA-B1D7-4F7E-97C5-A00E38593BF8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{DF371BE1-9905-4EA4-B3E8-7D22E8C812A2}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E1138175-A31A-4AF9-A8CE-E1025D8BB21A}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E17E0461-6D43-4CB3-B38B-3B3922F13A31}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E4427072-14CC-4C50-911B-E59FF4B16EC4}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E611EF03-D77B-41D9-8AD1-C95CC17ABBBE}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E65AECE9-AAE2-4FD5-AB0A-94F28CAD541D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E774624D-6834-4927-B32F-3A1D4EA08396}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{E94BEF75-1249-48C8-8ED5-C2C317BCF09C}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{EC90D13C-5D59-418F-A120-D2F7D096BD49}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{ED5BAD8B-C26A-4B91-9C4B-0CB9C8D5F45E}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{EF95D4AC-2826-4D53-BAD9-F8F38AD84A43}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F020816C-66ED-42D6-B94B-0EE6508B615F}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F2C25ECA-7167-441E-AE82-A34F1780E59D}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F4248638-04AE-4162-9924-619431D588D8}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F5808AC3-F284-4AAE-BAB1-56E261BFB300}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F6ACFFCC-3CC6-46DC-81A1-12293ACB9D16}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F72F914B-C3A2-42DE-82E1-ED90EC3496A9}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F77FA5C9-4858-4F24-A9B8-0BACC72E6094}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{F972CECA-FDD5-4AD8-9F4B-2B8127D5A673}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{FDE6FEF5-53C2-4D87-A0EF-681C4C861B88}
Successfully deleted: [Empty Folder] C:\Users\Tal\appdata\local\{FF4344F3-40DA-4E41-9587-318F0360246A}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/11/2013 at 20:59:48.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the boot time now and does the internet work any better ?
  • 0

#14
tal5

tal5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I founded an improvment even after the first check.... but dunno maybe its just me..
Explorer works better, yes, but chrome, its not perfect and also the desktop, not 100%.
but the the loggin to windows and reset much better.. thanks..
what else you think shall I check??

I'm curious, what was the problem until now?

Edited by tal5, 11 November 2013 - 03:08 PM.

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Total Files Cleaned = 1,273.00 mb this was the total of junk files on the computer, mainly within the internet temporary files which would cause a slowdown..

The next task will be a quick sweep for any remnants of the adware remaining and then run a disc defragment to tidy it up a bit more :)

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

THEN

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

FOLLOWED BY

A defragmentation of your disc.. Dependant on when this was last done it may take up to 30 minutes
There are step by step instructions here http://www.sevenforu...r-open-use.html
Start at option one and go direct to defragment the drive :)


Once done let me know how the computer is now behaving
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP