"sweetpacks" malware, stij.exe, possible streaming issue [Clos
#16
Posted 05 March 2014 - 07:47 PM
#17
Posted 06 March 2014 - 02:31 PM
Step-1
OTL Fix
Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
:COMMANDS
[createrestorepoint]
:OTL
C:\Program Files (x86)\Sins of a Solar Empire Rebellion\steam_api.dll
C:\Program Files (x86)\Ubisoft\Assassin's Creed III\ubiorbitapi_r2_loader.dll
C:\Users\Dave\Downloads\PowerISO5-x64.exe
C:\Users\Dave\Downloads\FL Studio Producer Edition 11.0.0 Final - R2R [ChingLiu]\flstudio_11.exe
C:\Users\Dave\Downloads\Sins.of.a.Solar.Empire.Rebellion-RELOADED\rld-soaser.iso
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]
:COMMANDS
[emptytemp]
Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open on your desktop. To do that:
- Vista and 7 users: Right click the icon and click Run as Administrator
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
Step-2
Delete a Google Chrome extension:
Open the Chrome browser:
- Click the tools menu icon on the browser toolbar.
- Click Tools.
- Select Extensions. A page like the one shown below will open:
- Look for any Sweetpacks items, or any other extension you don't recognize. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
- A confirmation dialog will appear, click Remove.
Reset Chrome Search Provider
- Click the Chrome menu Chrome menu on the browser toolbar
- Select Settings. The Settings page will open.
- In the "Search" section, click Manage search engines.
- Find all Sweetpacks entries.
- Mouse over them and click the X to remove them.
- Make the search engine of your choice, like Google the (Default) search engine by mousing over it and clicking Make default.
Clear Chrome Cache and Browsing History
- Click the Chrome menu on the browser toolbar.
- Select Tools.
- Select Clear browsing data.
- Select the following:
- Clear browsing history
- Clear download history
- Empty the cache
- Delete cookies and other site and plug-in data
- In the drop-down at the top of the dialog box, select until the beginning of time
- Click Clear browsing data.
Change the Chrome HomePage
- Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)
Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)
- Click on Settings in the left menu pane, if it is not already selected.
- Next, locate the Appearance section.
- By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
- First, activate this option by clicking on the empty check box next to Show Home button.
- When the Show Home button checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change and enter the new address, like http://www.google.com.
- Finally, once you are satisfied with your new setting, click on the OK button.
Step-3.
JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
- For Firefox, install the NoScript add-on.
- For Chrome, install the ScriptNo add-on.
-->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on. - Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
- Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
- Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u51
- Click the "Download button under the JRE" column.
- On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
- Under the Java SE Runtime Environment 7u51 heading:
To install the version for your system:- For Windows 64bit systems, look for Windows x64 29.37MB, click the jre-7u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
- Close any programs you may have running - especially your web browser.
B.
Uninstall all versions of Java
- Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
- Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
- Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
The versions I see on the computer are:
- Java 7 Update 25
Java™ SE Development Kit 7 Update 3
- Java 7 Update 25
- For Vista/7/8: Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
Install the latest JAVA
Back on your desktop:
- Right click the jre-7u51-windows-x64.exefile and click Run as Administrator and OK the UAC prompt to install the newest version.
- When the Java Setup - Welcome window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Step-4.
Update Adobe Flash Player
NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.
- In the Adobe Flash Player column, under Step 1, click the down arrow and choose your operating system.
- Under Step 2, click the down arrow and select the browser you want to install FlashPlayer for.
You will need to download and install each version of FlashPlayer (Flash Player for Internet Explorer AND Flash Player for Other Browsers) seperately
- In the Optional offer: cloumn, make sure to uncheck the box beside Yes, install free McAfee Security Scan Plus before downloading.
- Click the Download now button. The File Download window will open.
- Click Save File and save the install_flashplayerXXxXX_xxxx_xxx_xxx.exeset up file to the desktop.
- Repeat the above for the other version of Flash Player.
- Close the browse and all open windows.
- Back on the desktop, double click on one of the Flash Player setup files to start the installation.
- If you get a Security Warning box, click Run
- If you gat a UAC warning click Continue or Yes
- Once the installation has completed, double click the other Flash Player setup file and repeat the above to install it.
Step-5.
Run OTL again and click the button. Post the log it produces in your next reply.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the Chrome tabs issue is resolved.
2. Let me know if there were any problems updating Java and the FlashPlayer
3. the new OTL.txt log
#18
Posted 09 March 2014 - 10:55 PM
Edited by trusty, 09 March 2014 - 10:55 PM.
#19
Posted 09 March 2014 - 10:59 PM
#20
Posted 11 March 2014 - 10:30 PM
first otl log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dave
->Temp folder emptied: 21571649 bytes
->Temporary Internet Files folder emptied: 50927156 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4147478 bytes
->Google Chrome cache emptied: 67804580 bytes
->Flash cache emptied: 597 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37156446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 173.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03122014_003200
Files\Folders moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
second OTL log:
OTL logfile created on: 3/12/2014 12:57:24 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 52.97% Memory free
7.99 Gb Paging File | 5.63 Gb Available in Paging File | 70.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 421.64 Gb Free Space | 45.27% Space Free | Partition Type: NTFS
Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/03 14:34:54 | 007,382,528 | ---- | M] (Google Inc.) -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/19 03:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
PRC - [2014/01/15 16:45:33 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 02:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/03 14:14:00 | 000,253,440 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/03/03 14:13:32 | 000,231,936 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/03/03 14:13:26 | 000,344,064 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/03/03 14:13:26 | 000,117,248 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/03/01 22:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 22:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 22:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 22:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 22:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 22:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2013/12/10 17:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 17:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 17:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 17:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 17:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/11/29 17:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/06 06:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014/03/12 00:54:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/19 19:07:34 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/14 23:00:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/06 08:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/02/09 00:09:27 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/14 23:31:55 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/03/26 09:28:58 | 005,404,472 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2011/12/03 22:58:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/02/03 02:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/11/25 02:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/10 14:23:24 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/23 02:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/05/19 15:50:28 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 01:42:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/01/26 01:41:00 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/13 07:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/04/26 22:25:18 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV:64bit: - [2010/04/26 22:25:18 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV:64bit: - [2010/04/07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2013/07/02 16:01:03 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 0A 66 94 30 D7 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.3: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/02/09 00:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2014/02/20 02:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions
[2013/10/28 00:56:11 | 000,001,726 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\Bing.xml
[2014/02/14 23:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 23:00:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 23:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 23:00:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 23:00:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: DVR Client (Enabled) = C:\windows\system32\WebClient\npwebclient.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Realm of the Mad God = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: AdBlock = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: [bleep] of Sand = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaafclnkndleaafooaoicagokdpggla\1.1.1_0\
CHR - Extension: Plants vs Zombies = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: HD Facebook Video Downloader = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Dave\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BCE307D-1850-4244-9201-4DD0D2F9BB25}: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F96EEC8F-A6F8-4EB9-B74C-33798C07F3E5}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/12 00:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/12 00:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/03/10 23:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2014/03/10 23:27:03 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Motorola Mobility
[2014/03/10 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2014/03/10 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
[2014/03/10 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
[2014/03/10 23:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Mobility LLC
[2014/03/01 14:36:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Awesomium
[2014/03/01 14:18:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Elder Scrolls Online
[2014/03/01 14:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Elder Scrolls Online
[2014/03/01 04:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta
[2014/03/01 04:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zenimax Online
[2014/02/28 01:07:28 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Skype
[2014/02/28 01:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/28 01:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/25 04:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/24 22:47:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/21 15:42:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/20 02:12:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/19 16:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Octodad Dadliest Catch
[2014/02/19 03:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New folder
[2014/02/19 00:55:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
[2014/02/19 00:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2014/02/19 00:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/02/19 00:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/02/14 23:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2014/03/12 00:57:15 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113028246-842292649-213859181-1000UA.job
[2014/03/12 00:54:50 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/12 00:48:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/12 00:42:31 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/12 00:42:31 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/12 00:40:04 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/12 00:40:04 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/12 00:40:04 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/12 00:35:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/12 00:35:11 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/03/12 00:35:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/12 00:35:05 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/11 23:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113028246-842292649-213859181-1000Core.job
[2014/03/08 22:50:30 | 000,000,132 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/03/04 02:07:34 | 000,064,119 | ---- | M] () -- C:\Users\Dave\Desktop\feature9.jpg
[2014/03/01 04:55:38 | 000,001,399 | ---- | M] () -- C:\Users\Dave\Desktop\The Elder Scrolls Online Beta.lnk
[2014/02/28 01:07:15 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/26 02:52:57 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/21 18:32:56 | 001,201,742 | ---- | M] () -- C:\Users\Dave\Desktop\4WbbXbN.jpg
[2014/02/19 00:35:38 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/02/17 22:03:13 | 000,000,849 | ---- | M] () -- C:\Users\Dave\Desktop\µTorrent.lnk
[2014/02/17 22:03:13 | 000,000,829 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
========== Files Created - No Company Name ==========
[2014/03/04 02:07:33 | 000,064,119 | ---- | C] () -- C:\Users\Dave\Desktop\feature9.jpg
[2014/03/01 04:55:38 | 000,001,399 | ---- | C] () -- C:\Users\Dave\Desktop\The Elder Scrolls Online Beta.lnk
[2014/02/21 18:32:56 | 001,201,742 | ---- | C] () -- C:\Users\Dave\Desktop\4WbbXbN.jpg
[2014/02/17 22:03:13 | 000,000,849 | ---- | C] () -- C:\Users\Dave\Desktop\µTorrent.lnk
[2013/07/12 21:48:57 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/26 13:29:53 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/02/25 22:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/12/13 01:01:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/21 09:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/18 15:31:37 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2012/07/02 16:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/03/31 20:56:35 | 000,000,132 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/15 23:54:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.minecraft
[2013/03/29 09:48:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.mono
[2012/11/04 22:03:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Avanti
[2012/10/06 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG2013
[2014/03/02 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Awesomium
[2014/01/22 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Battle.net
[2012/04/10 10:06:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/19 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DAEMON Tools Ultra
[2012/07/09 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Deckadance19
[2012/04/04 12:35:24 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Digiarty
[2012/02/05 19:41:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DVDVideoSoft
[2013/03/12 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2014/01/23 18:36:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FlowStone
[2014/01/23 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Image-Line
[2011/10/02 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LolClient
[2012/05/23 11:21:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LolClient2
[2012/09/14 17:58:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\mjusbsp
[2012/06/04 16:15:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Motorola
[2014/03/10 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Motorola Mobility
[2013/11/27 21:17:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MultiBit
[2013/07/13 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Natural Selection 2
[2013/05/19 13:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PowerISO
[2011/12/21 23:20:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\REAPER
[2012/08/21 14:39:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SilvestriRN5e
[2013/01/20 23:36:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\skyz
[2012/07/09 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SongManager
[2014/03/09 21:47:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spotify
[2012/08/23 00:11:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Stardock
[2014/02/19 00:55:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
[2012/10/06 12:54:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
[2012/10/07 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\USMA
[2014/03/06 00:00:16 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
thanks for the help!
Edited by trusty, 11 March 2014 - 11:05 PM.
#21
Posted 12 March 2014 - 07:16 AM
Step-1.
OTL Fix
Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
:COMMANDS
[createrestorepoint]
:OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
:FILES
C:\Program Files (x86)\Sins of a Solar Empire Rebellion\steam_api.dll
C:\Program Files (x86)\Ubisoft\Assassin's Creed III\ubiorbitapi_r2_loader.dll
C:\Users\Dave\Downloads\PowerISO5-x64.exe
C:\Users\Dave\Downloads\FL Studio Producer Edition 11.0.0 Final - R2R [ChingLiu]\flstudio_11.exe
C:\Users\Dave\Downloads\Sins.of.a.Solar.Empire.Rebellion-RELOADED\rld-soaser.iso
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]
:COMMANDS
[emptytemp]
Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open on your desktop. To do that:
- Vista and 7 users: Right click the icon and click Run as Administrator
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
Step-2.
Stop Multiple Tabs From Opening in Chrome
Open the Chrome browser.
- Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)
Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)
- Click on Settings in the left menu pane, if it is not already selected.
- Next, locate the On startup section.
- Click the radio button beside Open a specific page or set of pages and click the Set pages link. This should give you a list of tabs that open on Startup.
- Exit out of the tabs you don't want to open at startup
- Finally, once you are satisfied with your new setting, click on the OK button.
- Close the browser and then re-open it.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the multiple tabs issue was resolved.
2. The OTL fixes log
#22
Posted 16 March 2014 - 08:10 AM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users