Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Slow & Laggy Performance on my PC [Closed]

slow lag

  • This topic is locked This topic is locked

#1
esmith26

esmith26

    New Member

  • Member
  • Pip
  • 7 posts

My computer's hardware and software doesn't seem to outdated to be running this slow. I don't have any error messages or anything, it just runs incredibly slow from time to time during extremely simple tasks like browsing the internet. It can't even run old games like counter strike 1.6 without being choppy. I don't know what the problem is, help is appreciated. Thank you

 

 

 

 

OTL logfile created on: 3/29/2014 2:40:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Evan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 35.98% Memory free
7.73 Gb Paging File | 5.15 Gb Available in Paging File | 66.62% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 672.17 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.88 Mb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive K: | 238.37 Gb Total Space | 215.51 Gb Free Space | 90.41% Space Free | Partition Type: NTFS
 
Computer Name: EVAN-PC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 14:39:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe
PRC - [2014/03/20 16:44:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- K:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/17 15:39:10 | 001,393,984 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2014/03/17 15:35:04 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2014/03/12 00:05:16 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2014/02/05 05:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 05:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/28 20:12:40 | 004,580,256 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/08/12 18:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/18 13:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/10/21 00:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/20 16:44:13 | 003,642,480 | ---- | M] () -- K:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/12 00:05:14 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/11/28 20:00:00 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SMINI.dll
MOD - [2013/11/28 19:59:54 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SATA.dll
MOD - [2013/11/28 19:59:50 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAT.dll
MOD - [2013/11/28 19:59:24 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAS.dll
MOD - [2013/11/28 19:59:20 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\PAL.dll
MOD - [2013/11/28 13:14:32 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/05 05:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014/03/20 16:44:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/17 15:35:04 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2014/03/12 00:05:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/07 23:18:42 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2014/02/05 05:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Sandra.sys -- (SANDRA)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/12/27 14:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 09:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/04 04:16:46 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 07:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 07:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/30 15:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/25 07:27:40 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/18 14:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 14:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 14:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 14:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 14:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 14:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 14:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 14:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/03/18 14:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 14:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 14:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 14:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 14:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 14:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 14:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 14:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 14:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/12/21 11:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2009/12/21 11:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/19 22:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/01/17 16:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/12/02 22:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007/08/02 09:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/04/10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 A6 E8 7A E6 31 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {01FABB58-7308-48ea-9399-DF6337D2614C}
IE - HKCU\..\SearchScopes\{01FABB58-7308-48ea-9399-DF6337D2614C}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{080DDC33-2D8D-4d6f-9C1A-EC2827628E4A}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{E83A191C-99C8-4D07-A0A5-5FFB731B9F01}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.204.10.68:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=994519_yhs3tst"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: K:\Program Files (x86)\Mozilla Firefox\components [2014/03/20 16:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: K:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/23 17:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Extensions
[2014/03/26 21:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions
[2014/03/26 21:48:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/25 20:26:30 | 000,010,433 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected]
[2013/11/06 03:30:37 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected]
[2011/08/26 13:53:57 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected]
[2014/03/24 06:28:03 | 000,675,577 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2013/05/15 13:54:50 | 000,089,171 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2013/10/01 22:21:48 | 000,000,905 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\searchplugins\yahoo_ff.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\
CHR - Extension: Domain Error Assistant = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\
CHR - Extension: Slick Savings = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\
CHR - Extension: Google Wallet = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Gmail = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/01/14 21:17:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Evan\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Evan\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Slick Savings] C:\Users\Evan\AppData\Roaming\Slick Savings\CouponsHelper.exe (Spigot, Inc.)
O4 - Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60B8DCC-5DB3-4EC1-93A9-61962817C301}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/29 14:39:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe
[2014/03/27 21:55:16 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/03/27 21:50:35 | 000,000,000 | ---D | C] -- C:\ecf590bc5b66d347e481c26119
[2014/03/26 22:42:32 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\NVIDIA Corporation
[2014/03/26 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\NVIDIA
[2014/03/26 22:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/26 22:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/03/26 22:36:18 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/03/26 22:29:25 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Users\Evan\Desktop\ccsetup412.exe
[2014/03/20 19:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2014/03/20 19:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Remote Toolbar
[2014/03/11 23:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/11 23:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/11 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/11 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/11 23:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/11 23:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/29 14:39:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe
[2014/03/29 14:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/29 13:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 03:01:42 | 000,778,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/29 03:01:42 | 000,665,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/29 03:01:42 | 000,123,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/29 03:01:34 | 000,778,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/28 14:57:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/27 21:52:39 | 000,000,134 | ---- | M] () -- C:\Users\Evan\Desktop\Internet Explorer Troubleshooting.url
[2014/03/27 21:52:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/27 17:00:20 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/27 11:43:55 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 11:43:55 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/26 22:30:05 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Users\Evan\Desktop\ccsetup412.exe
[2014/03/24 05:35:08 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2014/03/23 16:22:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/23 16:21:29 | 3113,865,216 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/23 13:23:53 | 000,033,568 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/23 13:23:53 | 000,033,568 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/23 13:23:53 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/23 13:23:53 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/23 13:23:53 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/23 13:23:17 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000001-00001102-00000008-10221102}.CDF
[2014/03/12 03:29:45 | 010,963,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/11 23:46:16 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/11 23:33:16 | 002,940,738 | ---- | M] () -- C:\Users\Evan\Desktop\Troy Ave - OG Bobby Johnson (Freestyle) - HotNewHipHop.mp3
[2014/03/04 10:35:23 | 000,024,544 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/04 09:05:53 | 003,649,185 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/27 21:52:39 | 000,000,134 | ---- | C] () -- C:\Users\Evan\Desktop\Internet Explorer Troubleshooting.url
[2014/03/27 17:00:20 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/26 22:31:57 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/11 23:46:16 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/11 23:33:15 | 002,940,738 | ---- | C] () -- C:\Users\Evan\Desktop\Troy Ave - OG Bobby Johnson (Freestyle) - HotNewHipHop.mp3
[2014/01/14 23:38:10 | 000,001,071 | ---- | C] () -- C:\Users\Evan\Documents - Shortcut.lnk
[2013/08/02 22:01:55 | 000,033,193 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\UserTile.png
[2013/02/15 21:59:28 | 000,000,132 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
[2013/01/14 20:42:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/14 20:42:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/14 20:42:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/14 20:42:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/14 20:42:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/07 23:54:19 | 000,000,132 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/12/08 13:34:46 | 001,229,424 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/21 23:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Helper Scripts
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Help
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\Users\Evan\AppData\Roaming\HAL
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\Users\Evan\AppData\Roaming\Guitars
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\Users\Evan\AppData\Roaming\Guitar
[2012/05/21 21:42:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/05/21 21:42:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/05/21 21:42:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/05/21 21:42:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2012/05/21 21:42:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2012/05/21 21:42:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Image Manipulation
[2011/08/18 06:49:02 | 000,004,608 | ---- | C] () -- C:\Users\Evan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 22:10:06 | 000,067,584 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\chrtmp
[2011/07/09 01:14:12 | 000,000,132 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/04 01:52:00 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Acoustica
[2014/03/26 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Azureus
[2011/08/31 03:49:24 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/21 23:09:49 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1
[2014/03/23 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Dropbox
[2013/02/16 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\gnupg
[2013/05/20 11:47:49 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\LolClient
[2012/05/21 21:56:35 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Nikon
[2013/06/13 13:10:37 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\OpenCandy
[2012/12/19 00:35:09 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PDAppFlex
[2013/08/02 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PeerNetworking
[2011/07/22 22:10:05 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\pNUbGSS
[2013/05/20 09:57:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Riot Games
[2014/03/20 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Slick Savings
[2012/05/24 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/29 06:34:28 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Steinberg
[2011/08/04 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\SynthMaker
[2013/10/12 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 162 bytes -> C:\Users\Evan\Desktop\20131122_112942.jpg:com.dropbox.attributes

< End of report >
 


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, esmith26

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

anqpskr7.png

94gcza5x.png

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

There should be an Extras.txt on your Desktop, please post the content of that log. If there isn't any Extras.txt on your Desktop do this:
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Click the none Button
  • Change the following options:
    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, Extras.txt will open
  • Copy (Ctrl+C) and Paste (Ctrl+V) the content of Extras.txt into your next post please.

  • 0

#3
esmith26

esmith26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hey Machiavelli thanks for responding so quick! Here's that Extras log ya asked for.

 

 

OTL Extras logfile created on: 3/29/2014 2:40:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Evan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 35.98% Memory free
7.73 Gb Paging File | 5.15 Gb Available in Paging File | 66.62% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 672.17 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.88 Mb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive K: | 238.37 Gb Total Space | 215.51 Gb Free Space | 90.41% Space Free | Partition Type: NTFS
 
Computer Name: EVAN-PC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- K:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061BA977-5F4C-4059-AD95-A7A67A4C6C77}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FB5B108-44D2-4953-9040-3E57847AD999}" = rport=445 | protocol=6 | dir=out | app=system |
"{1102C1E8-ADAA-47C7-8AC9-23956AC5D3A8}" = rport=139 | protocol=6 | dir=out | app=system |
"{181E5690-44CF-4742-BA04-115243938EE5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2553BAF6-8C65-4FC1-9707-5659F213AC0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2892219D-F2F3-444D-9854-4467C22F0FEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{28DD8CEC-1C91-4690-A888-3FCD8F4CB913}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{43843C05-2323-4B4F-887A-AA2615A68F4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C02C500-2AA9-49A8-A6AC-483774A3145A}" = rport=137 | protocol=17 | dir=out | app=system |
"{542A9DD5-32CB-496F-9954-941A0218444D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58CB22BA-9C78-4CE4-B86F-40BA03A9BE06}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{5FEA0E9F-B4F8-4BFC-8DC0-F0B4AAF49E5D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7357008F-81D9-48D1-8CAA-D1B48FCBDC3A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7BE944D1-0050-4060-90DB-3A5E6371301B}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{7D4F2BAD-8FF3-46DB-B8C3-6DAD2BCE90E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{85BB91EE-6FC1-40C4-8430-FDF461D1811A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CB0AA6F-CD08-40BF-90DF-CCCB40D679A6}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9BFF238C-7202-43D3-A82C-56F9DD32418A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AE7D04D3-E133-494F-AE5E-91268632A7C5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{BECF1912-048B-40EF-AC85-6032B44F6F88}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{D188165C-E0D4-4108-9CC0-71705C5FA760}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D4046C7E-357C-456E-8BFF-2B51AC089245}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED692D54-613E-4F73-9604-735D057D1A80}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFE67E3-4FB2-4862-8AF8-C74D51B529F4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{16BCC88F-5023-4C04-B556-00D23A2255CE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{17DCC306-0FB0-430E-8E81-BA6B0039594A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{1936E339-B444-422E-B92B-B67D4EA38DFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1955A5A9-7E9C-4E2F-AE59-2D5902DC24D7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{19E05625-FCF2-457C-9A2B-455E96014DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1FFE92D8-CB90-4C6D-87F6-D673EFCC4743}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{22CBA178-BFF9-4C12-827D-883E9699935B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{2F7D338B-9895-44D2-9E1A-2A2A11F5530C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{3AB372BE-9F08-4513-A89C-74C90A9E4D81}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{3AC5234D-94EC-4E57-8B0C-20F9207DE0EE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3D23A80B-C37F-4BC2-A911-C7496D0849AB}" = protocol=17 | dir=in | app=k:\program files (x86)\vuze\azureus.exe |
"{40240201-A528-4CD4-ABAE-B62DFEEC43E6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{41E1E01D-35F4-4937-BB97-D174FF5621CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{43F53BAE-F287-4DFE-8A45-5514AB2ED836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{479867FA-9D74-4F0D-B54A-6B284F9D4425}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B316D91-297C-41A5-8697-E78ED02EC08F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{4DAAF5F4-776B-49BC-98C5-C2B89B7AC6F0}" = protocol=6 | dir=in | app=k:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5009BD83-6D07-43BE-BCFD-C4CE39845D04}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{533CBF6E-71C8-47BF-9E56-E68D5228F89B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{57A951F4-8FBE-4D13-9D20-228821EAA35C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C38A1FF-DA7F-4967-BBE8-13D90CFE2EFB}" = protocol=6 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"{5DAD6F5C-15A8-4CD4-ACC4-A0E49FAEB91D}" = protocol=58 | dir=in | [email protected],-28545 |
"{61BF7421-E47D-43DF-8702-DB63014CCE33}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6EF35397-0EC9-4B3C-9BF9-C8FEBDEE0126}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7640F490-FABD-43C8-8399-86AA49A6F150}" = protocol=1 | dir=in | [email protected],-28543 |
"{7866A105-728B-4DAF-92AE-F4F4D163A21B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{78C0BB65-7472-4E06-8AFD-02A22B08A827}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{7AE0F49E-AE15-4950-B416-0EEFEC21D9C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{8256EE6A-BD42-456E-A28C-682D2625212D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{831B1A9F-26DD-42BF-BCE8-1E854E8F268E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{833D11CB-677F-4C37-A4C8-65DC69A1830F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8980DC72-A6DE-4872-A6C7-3D7C292D1E93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96A1CAB2-DBBE-4921-A7B6-2702C26CD088}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{97FC9485-FA47-4F02-9345-6B68D3A9800F}" = protocol=58 | dir=out | [email protected],-503 |
"{981965BA-41E9-496F-AB4A-E4BEDE84612B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9DA61C61-C49D-4807-8894-C8B9E2369F49}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{9DD9547A-37F1-4041-B095-1F2F6C186AF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{9EA2E0A1-C56D-4EEF-9127-F0573141D447}" = protocol=17 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5128EDA-9A76-499C-B08C-F68D17783EE9}" = protocol=58 | dir=in | app=system |
"{B6BE370A-FAC4-4F2F-A6E8-648E66D632C0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B6E0008A-8B1C-4EDE-BA14-12BC0AA7D12B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BFB5D041-84BD-46ED-9F61-2D76A79D2775}" = protocol=1 | dir=out | [email protected],-28544 |
"{C262728C-F59C-46BA-AEBA-ACA30A31F9F3}" = protocol=17 | dir=in | app=k:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C29E3567-02EB-468B-8255-5050C6E0E34C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5BF29F8-1233-40A9-94ED-D40D45450876}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{C6FFBC0C-1A5B-4485-97C4-B380055AE1FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBDC9CC3-1189-496F-9343-1892269075F4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CCBC51D7-BCAF-49E9-9F8C-65F471309083}" = protocol=6 | dir=in | app=k:\program files (x86)\vuze\azureus.exe |
"{EC44EBF3-D5E3-48A1-8F95-48112457B6E7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ED22643F-9F6C-4517-BF4F-F5288751067C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ED82AF8F-6F6C-4465-9085-B88BD13B5139}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F0EBB921-6607-45EA-A369-E0BB8D35A18E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F350B2B5-0DF7-43D9-8E7A-1BAC6813ABEA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{F60932EF-5B70-4504-B26A-BFA4B1DD6FF4}" = protocol=58 | dir=out | [email protected],-28546 |
"{FDF4BCF3-FBFA-45A1-B1CB-2560753AAF17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{714AE5FB-476A-49A3-A31D-8992F2E4E71D}C:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7F6ACFE7-D01F-4CB4-8AE5-B5DDE32D9E6A}K:\program files (x86)\steam\steamapps\common\half-life\hl.exe" = protocol=6 | dir=in | app=k:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"TCP Query User{935AB9AA-0B1A-4688-A7D0-DE7E7656D5EA}C:\users\evan\desktop\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\users\evan\desktop\vuze\azureus.exe |
"TCP Query User{ADD8CDC5-4AB8-419B-A0C9-EEF9AC36D509}K:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=k:\program files (x86)\steam\steam.exe |
"TCP Query User{B7FDCF4F-8076-403B-AFF7-0531231DDB94}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{02417CF9-D681-4119-BFE8-AECC8F0AF3B3}C:\users\evan\desktop\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\users\evan\desktop\vuze\azureus.exe |
"UDP Query User{74D8F1E8-C1E7-4FDC-B0EC-5E42B5329F61}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{7DF663E4-9491-459B-B1FF-331ECFC62152}K:\program files (x86)\steam\steamapps\common\half-life\hl.exe" = protocol=17 | dir=in | app=k:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"UDP Query User{B84783CA-EBF7-43F8-AF3B-179929AC64D8}C:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B9921D52-CE74-43B2-9FD5-F5D731A7C98B}K:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=k:\program files (x86)\steam\steam.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92734F25-4B90-4775-B5D4-F48BFFF77A8A}" = Double Agent
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BA3D5FF2-A405-4654-826E-A09FABB01853}" = Topaz Fusion Express 2 (64-bit)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)
"{FB237A35-F491-4AC1-95E0-85118D6751D9}" = Topaz Adjust 4 (64-bit)
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Slick Savings
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DE3DB4-7734-47E5-8D92-B80146311406}" = Samsung Data Migration
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2BDB56B-464B-49D7-AF12-B34C5E2E284B}" = Vuze Remote Toolbar v8.9
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"ASIO4ALL" = ASIO4ALL
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"Diablo III" = Diablo III
"energyXT_is1" = energyXT2.5
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Frohmage VST2" = OhmForce Frohmage VST2
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"Steam" = Steam
"TeamViewer 8" = TeamViewer 8
"Topaz Adjust 4" = Topaz Adjust 4
"Topaz Adjust 4 (64-bit)" = Topaz Adjust 4 (64-bit)
"Topaz Clean 3" = Topaz Clean 3
"Topaz Clean 3 (64-bit)" = Topaz Clean 3 (64-bit)
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz Fusion Express 2 (64-bit)" = Topaz Fusion Express 2 (64-bit)
"VirtualCloneDrive" = VirtualCloneDrive
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WWAYM - NWEQ V1.21" = WWAYM - NWEQ V1.21
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/20/2013 2:28:19 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6427
 
Error - 10/20/2013 2:28:20 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/20/2013 2:28:20 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7441
 
Error - 10/20/2013 2:28:20 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7441
 
Error - 10/20/2013 2:28:21 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/20/2013 2:28:21 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8455
 
Error - 10/20/2013 2:28:21 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8455
 
Error - 10/20/2013 2:28:22 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/20/2013 2:28:22 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9469
 
Error - 10/20/2013 2:28:22 AM | Computer Name = Evan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9469
 
[ System Events ]
Error - 3/23/2014 3:01:14 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/23/2014 1:23:40 PM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/24/2014 3:02:17 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/25/2014 3:04:10 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/26/2014 3:04:53 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/26/2014 9:53:50 PM | Computer Name = Evan-PC | Source = JRAID | ID = 262261
Description = The driver for device \Device\Scsi\JRAID1 detected a port timeout
due to prolonged inactivity. All associated busses were reset in an effort to clear
 the condition.
 
Error - 3/27/2014 3:01:40 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/27/2014 9:52:45 PM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/28/2014 3:01:50 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error - 3/29/2014 3:05:35 AM | Computer Name = Evan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
 
< End of report >
 


  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey,
I hope everything is well. :) Please give me feedback on how the computer is running after you have completed all the instructions below.

Step 1: P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: VUZE
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 2: Google Chrome Homepage

Please visit this site here and change the homepage to whatever you want. I recommend changing it to Google.com.

Step 3: Google Chrome Extensions

Run Chrome and please enter this into the address bar: chrome:extensions
This will display a page of all installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

Extensions to be removed:
  • Domain Error Assistant
  • Slick Savings
  • Amazon Shopping Assistant by Spigot
  • Ebay Shopping Assistant by Spigot
Step 4: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - [2014/03/17 15:35:04 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {01FABB58-7308-48ea-9399-DF6337D2614C}
    IE - HKCU\..\SearchScopes\{01FABB58-7308-48ea-9399-DF6337D2614C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.204.10.68:80
    FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=994519_yhs3tst"
    FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8
    FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
    FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found
    [2013/10/01 22:21:48 | 000,000,905 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\searchplugins\yahoo_ff.xml
    [2013/10/25 20:26:30 | 000,010,433 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected]
    [2013/11/06 03:30:37 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected]
    O2:64bit: - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Evan\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
    O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Evan\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
    O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKCU..\Run: [Slick Savings] C:\Users\Evan\AppData\Roaming\Slick Savings\CouponsHelper.exe (Spigot, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2014/03/20 19:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
    [2014/03/20 19:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Remote Toolbar
    [2014/03/11 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2011/08/18 06:49:02 | 000,004,608 | ---- | C] () -- C:\Users\Evan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/22 22:10:06 | 000,067,584 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\chrtmp
    [2013/06/13 13:10:37 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\OpenCandy
    [2014/03/20 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Slick Savings
    
    :Files
    dir C:\ProgramData\Hip Hop /s /C
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply
Step 5 : Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 6: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 7: OTL Quickscan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
 

Logs I need to see the next post:
  • OTL Fixlog
  • Adwarecleaner Log
  • JRT Log
  • OTL.txt
  • How is your PC running?

  • 0

#5
esmith26

esmith26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I ran the OTL custom fix you posted but when it restarted my computer the log wasnt up anymore, I'm not sure how to access it I don't see it anywhere. I'm sorry about that, here are the other logs you requested. Oh and I am going to uninstall Vuze too, I mostly only use it for television shows and music but I think that there might be a problem here with that seeing how my Macbook Pro has similar slow behavior. Maybe it is the P2P program?

My PC performance is still the same as before, I haven't noticed much of a difference.

 

Adwarecleaner

# AdwCleaner v3.022 - Report created 30/03/2014 at 12:51:31
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Evan - EVAN-PC
# Running from : C:\Users\Evan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Evan\AppData\Local\apn
Folder Deleted : C:\Users\Evan\AppData\Local\Conduit
Folder Deleted : C:\Users\Evan\AppData\Local\PackageAware
Folder Deleted : C:\Users\Evan\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Evan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Evan\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\Smartbar
File Deleted : C:\END
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\invalidprefs.js
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4353 octets] - [30/03/2014 12:14:21]
AdwCleaner[S0].txt - [4100 octets] - [30/03/2014 12:51:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4160 octets] ##########
 

 

 

 

 

 

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Evan on Sun 03/30/2014 at 23:42:12.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{35FF0DC9-326F-486A-9795-B8ED54166146}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{41449099-9A14-4684-8D2A-E219A6B53A7D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{682AFA3D-201C-4657-B45E-E36AEFF07298}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{6C5C37C8-9471-43DA-86CF-7F959B5D10F0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{713CBEF2-FC51-4DC3-977F-C1D886FBDB71}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7E70EA33-CBED-48F8-A423-4DE059D5E402}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9427479C-67B2-4E9B-B7B7-1D57B39241D0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A6B219A8-E7B6-40CB-8103-D64D1E64E471}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{BBC8757E-8B61-4B5B-AC00-FCF922D7B302}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{E417F4BD-E1DB-4950-905F-B274A630D869}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/30/2014 at 23:52:07.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

 

OTL

OTL logfile created on: 3/30/2014 11:54:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Evan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 63.10% Memory free
7.73 Gb Paging File | 6.25 Gb Available in Paging File | 80.82% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 672.13 Gb Free Space | 72.16% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.88 Mb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive K: | 238.37 Gb Total Space | 215.54 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
 
Computer Name: EVAN-PC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 14:39:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe
PRC - [2014/03/20 16:44:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- K:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2014/02/05 05:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 05:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/28 20:12:40 | 004,580,256 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/12 18:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/18 13:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/10/21 00:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/20 16:44:13 | 003,642,480 | ---- | M] () -- K:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/11/28 20:00:00 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SMINI.dll
MOD - [2013/11/28 19:59:54 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SATA.dll
MOD - [2013/11/28 19:59:50 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAT.dll
MOD - [2013/11/28 19:59:24 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAS.dll
MOD - [2013/11/28 19:59:20 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\PAL.dll
MOD - [2013/11/28 13:14:32 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/05 05:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014/03/20 16:44:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 00:05:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/07 23:18:42 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2014/02/05 05:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Sandra.sys -- (SANDRA)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/12/27 14:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 09:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/04 04:16:46 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 07:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 07:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/30 15:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/25 07:27:40 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/18 14:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 14:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 14:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 14:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 14:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 14:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 14:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 14:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/03/18 14:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 14:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 14:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 14:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 14:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 14:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 14:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 14:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 14:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/12/21 11:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2009/12/21 11:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/19 22:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/01/17 16:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/12/02 22:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007/08/02 09:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/04/10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 A6 E8 7A E6 31 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{080DDC33-2D8D-4d6f-9C1A-EC2827628E4A}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{E83A191C-99C8-4D07-A0A5-5FFB731B9F01}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: K:\Program Files (x86)\Mozilla Firefox\components [2014/03/20 16:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: K:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/23 17:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Extensions
[2014/03/30 12:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions
[2014/03/26 21:48:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/26 13:53:57 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected]
[2014/03/24 06:28:03 | 000,675,577 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2013/05/15 13:54:50 | 000,089,171 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/01/14 21:17:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60B8DCC-5DB3-4EC1-93A9-61962817C301}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/30 23:42:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/30 23:41:49 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\Evan\Desktop\JRT.exe
[2014/03/30 12:14:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 12:03:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/29 14:39:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe
[2014/03/27 21:55:16 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/03/26 22:42:32 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\NVIDIA Corporation
[2014/03/26 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\NVIDIA
[2014/03/26 22:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/26 22:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/03/26 22:29:25 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Users\Evan\Desktop\ccsetup412.exe
[2014/03/11 23:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/11 23:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/11 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/11 23:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/11 23:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/30 23:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 23:41:51 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\Evan\Desktop\JRT.exe
[2014/03/30 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/30 20:37:31 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 20:37:15 | 000,786,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/30 20:37:15 | 000,665,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/30 20:37:15 | 000,123,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/30 20:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 20:32:07 | 3113,865,216 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 20:31:22 | 000,033,568 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/30 20:31:22 | 000,033,568 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/30 20:31:22 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/30 20:31:22 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/30 20:31:22 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000001-00001102-00000008-10221102}.rfx
[2014/03/30 12:14:05 | 001,950,720 | ---- | M] () -- C:\Users\Evan\Desktop\AdwCleaner.exe
[2014/03/30 04:47:31 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000001-00001102-00000008-10221102}.CDF
[2014/03/30 04:47:31 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000001-00001102-00000008-10221102}.BAK
[2014/03/29 14:39:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Desktop\OTL.exe
[2014/03/29 03:01:42 | 000,778,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/27 21:52:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/27 17:00:20 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/27 11:43:55 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 11:43:55 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/26 22:30:05 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Users\Evan\Desktop\ccsetup412.exe
[2014/03/24 05:35:08 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2014/03/12 03:29:45 | 010,963,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/11 23:46:16 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/11 23:33:16 | 002,940,738 | ---- | M] () -- C:\Users\Evan\Desktop\Troy Ave - OG Bobby Johnson (Freestyle) - HotNewHipHop.mp3
[2014/03/04 10:35:23 | 000,024,544 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/04 09:05:53 | 003,649,185 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/30 12:14:02 | 001,950,720 | ---- | C] () -- C:\Users\Evan\Desktop\AdwCleaner.exe
[2014/03/30 04:47:32 | 004,958,588 | ---- | C] () -- C:\Windows\{00000006-00000000-00000001-00001102-00000008-10221102}.BAK
[2014/03/27 17:00:20 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/26 22:31:57 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/11 23:46:16 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/11 23:33:15 | 002,940,738 | ---- | C] () -- C:\Users\Evan\Desktop\Troy Ave - OG Bobby Johnson (Freestyle) - HotNewHipHop.mp3
[2014/01/14 23:38:10 | 000,001,071 | ---- | C] () -- C:\Users\Evan\Documents - Shortcut.lnk
[2013/08/02 22:01:55 | 000,033,193 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\UserTile.png
[2013/02/15 21:59:28 | 000,000,132 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
[2013/01/14 20:42:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/14 20:42:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/14 20:42:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/14 20:42:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/14 20:42:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/07 23:54:19 | 000,000,132 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/12/08 13:34:46 | 001,229,424 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/21 23:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Helper Scripts
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Help
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\Users\Evan\AppData\Roaming\HAL
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\Users\Evan\AppData\Roaming\Guitars
[2012/05/21 21:42:15 | 000,000,268 | RH-- | C] () -- C:\Users\Evan\AppData\Roaming\Guitar
[2012/05/21 21:42:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/05/21 21:42:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/05/21 21:42:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/05/21 21:42:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2012/05/21 21:42:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2012/05/21 21:42:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Image Manipulation
[2011/07/09 01:14:12 | 000,000,132 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/04 01:52:00 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Acoustica
[2014/03/26 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Azureus
[2011/08/31 03:49:24 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/21 23:09:49 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1
[2014/03/23 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Dropbox
[2013/02/16 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\gnupg
[2013/05/20 11:47:49 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\LolClient
[2012/05/21 21:56:35 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Nikon
[2012/12/19 00:35:09 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PDAppFlex
[2013/08/02 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PeerNetworking
[2011/07/22 22:10:05 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\pNUbGSS
[2013/05/20 09:57:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Riot Games
[2012/05/24 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/29 06:34:28 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Steinberg
[2011/08/04 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\SynthMaker
[2013/10/12 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 162 bytes -> C:\Users\Evan\Desktop\20131122_112942.jpg:com.dropbox.attributes

< End of report >


 


  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey,
I hope everything is going well so far.
 

I ran the OTL custom fix you posted but when it restarted my computer the log wasnt up anymore, I'm not sure how to access it I don't see it anywhere.

OK, no problem, there should be also a Log located here (Fixlog): C:\_OTL\MovedFiles - post all documents you find there.


Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKCU\..\SearchScopes\{E83A191C-99C8-4D07-A0A5-5FFB731B9F01}: "URL" = http://us.yhs4.searc...p={searchTerms}
    IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
    FF - prefs.js..browser.search.param.yahoo-fr: ""
    FF - user.js - File not found
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:

      e922iil8.png
      • Click Run ESET Online Scanner

        4e3svhbd.png
      • A Window will open (see above) - please click on the link
      • A window will pop up - please download the file to your Desktop
      • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

        p35jbmyy.png
      • Tick the box next to YES, I accept the Terms of Use then click on: Start
      • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

        p3b9meru.png
      • Make sure that the option Remove found threats is NOT checked.
      • Make sure that the option Scan archives is checked.
      • Now click on Advanced Settings and select the following:
        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology
      • Then click on Start
      • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
      • When completed the Online Scan will begin automatically. The scan may take several hours.
      • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
      • After the scan is finished please click on Finish
    • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
      • ESET Online Scanner
    Step 4: SecurityCheck

    Download Security Check from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#7
esmith26

esmith26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

first OTL log requested

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ deleted successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01FABB58-7308-48ea-9399-DF6337D2614C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FABB58-7308-48ea-9399-DF6337D2614C}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=994519_yhs3tst" removed from browser.search.param.yahoo-fr
Prefs.js: savingsslider%40mybrowserbar.com:2.8 removed from extensions.enabledAddons
Prefs.js: smarterwiki%40wikiatic.com:5.2.1 removed from extensions.enabledAddons
Prefs.js: "http://search.yahoo.....type=994519&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\adobe.com/AdobeExManDetect\ deleted successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\searchplugins\yahoo_ff.xml moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected] moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\extensions\[email protected] moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
C:\Users\Evan\AppData\Roaming\Slick Savings\Coupons64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ not found.
File C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
C:\Users\Evan\AppData\Roaming\Slick Savings\Coupons.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ deleted successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ not found.
File C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AsioReg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Slick Savings deleted successfully.
C:\Users\Evan\AppData\Roaming\Slick Savings\CouponsHelper.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\Res folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9 folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\IE folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\FF\components folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar\FF folder moved successfully.
C:\Program Files (x86)\Vuze Remote Toolbar folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 folder moved successfully.
C:\Users\Evan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Evan\AppData\Roaming\chrtmp moved successfully.
C:\Users\Evan\AppData\Roaming\OpenCandy\OpenCandy_0D5E3B3794B84EC5A7D75649C6B11973 folder moved successfully.
C:\Users\Evan\AppData\Roaming\OpenCandy\0D5E3B3794B84EC5A7D75649C6B11973 folder moved successfully.
C:\Users\Evan\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\Evan\AppData\Roaming\Slick Savings folder moved successfully.
========== FILES ==========
< dir C:\ProgramData\Hip Hop /s /C >
 Volume in drive C has no label.
 Volume Serial Number is 8E25-9BB5
C:\Users\Evan\Desktop\cmd.bat deleted successfully.
C:\Users\Evan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Evan
->Temp folder emptied: 30579733 bytes
->Temporary Internet Files folder emptied: 2190093 bytes
->Java cache emptied: 2299880 bytes
->FireFox cache emptied: 360847475 bytes
->Google Chrome cache emptied: 6752843 bytes
->Flash cache emptied: 61701 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11617845 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304297 bytes
RecycleBin emptied: 1783 bytes
 
Total Files Cleaned = 436.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_120333

Files\Folders moved on Reboot...
C:\Users\Evan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

 

 

second OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E83A191C-99C8-4D07-A0A5-5FFB731B9F01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E83A191C-99C8-4D07-A0A5-5FFB731B9F01}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
Prefs.js: "" removed from browser.search.param.yahoo-fr
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Evan
->Temp folder emptied: 12147266 bytes
->Temporary Internet Files folder emptied: 573311 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25610942 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2986901 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 368176760 bytes
 
Total Files Cleaned = 391.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03312014_172619

Files\Folders moved on Reboot...
C:\Users\Evan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Evan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

MBAM log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/31/2014
Scan Time: 6:36:14 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.31.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Evan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275567
Time Elapsed: 51 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages, No Action By User, [f808817f7f81fe029ce2c295ec16a957],

Files: 57
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.1000034.Settings, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.129079840422026594.search.history, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.129079840422026594.search.selectedEngineId, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.129079840422026594.search.settings, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.129079840422964131.feed_129079840422964131, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.AlertService, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.AlertsInfoData, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.appOptions, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.cookiesRepo, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.NotificationSettings, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_toolbarSettings, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_translation, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_toolbarContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_toolbarSettings, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_translation, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_appsMetadata, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_appTrackingFirstTime, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_gottenAppsContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_login, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_optimizer, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_otherAppsContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_searchAPI, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_serviceMap, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbar_initializing_logger.txt, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\uninstallData, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\uninstallUrl, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.NOTIFICATION_ID.alert_login_service, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_serviceMap, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_toolbarContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_toolbarContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_toolbarSettings, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.27.6.serviceLayer_services_translation, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_appsMetadata, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_appTrackingFirstTime, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_gottenAppsContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_login, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_optimizer, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_otherAppsContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_searchAPI, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_RAW.serviceLayer_services_serviceMap, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.NOTIFICATION_ID.notifications_serviceMap, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.searchProtectorData, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091.skin, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_appsMetadata, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_appTrackingFirstTime, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_gottenAppsContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_login, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_optimizer, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_otherAppsContextMenu, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\CT2504091_10.10.20.14.serviceLayer_services_searchAPI, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000.gif, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000.gif, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000.gif, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250.png, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000.gif, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif, No Action By User, [f808817f7f81fe029ce2c295ec16a957],
PUP.Optional.VuzeRemoteTB.A, C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages\storage.conduit.com, No Action By User, [f808817f7f81fe029ce2c295ec16a957],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ESET log

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b9ce1dd75631dd448ae85d819b01a25d
# engine=17697
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-01 04:56:46
# local_time=2014-04-01 12:56:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 21792633 147871656 0 0
# scanned=297135
# found=18
# cleaned=0
# scan_time=25562
sh=AC1B5BB23EE702480BA7290305EF556447376EEA ft=1 fh=807e014ce028bdbe vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir"
sh=7BD4630DDA81BC3072AC88CDA860EA83A9C8940B ft=1 fh=da5533699b700f9b vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth179.dll.vir"
sh=3054BD091104B868FF740FCB5621EF67F5EE9E14 ft=1 fh=604aff4aaf8d287c vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx179.dll.vir"
sh=7AFD70B805F472B442C109791F51FF65E6C883F8 ft=1 fh=2b635b2e5b118e14 vn="Win32/Toolbar.Widgi.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\SlickSavings\SlickSavingsSetup.exe.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir"
sh=4CE66ABF8F95798FBEF42D836E756E21BF4C1EDF ft=1 fh=3a31d5ec7f9e4f4a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Evan\Documents\Vuze Downloads\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4us\flstudio_10.0.exe"
sh=28BB8D29CCFAA43DF3D826D34689BEC9B59C59B4 ft=0 fh=0000000000000000 vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Windows\Installer\1868c5.msi"
sh=59A6EB9C86C0A9818A025215A96BC4A6BACAE5F6 ft=1 fh=45f34dd517244455 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03302014_120333\C_Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll"
sh=6F57F940433F5301185CD5655EB440101465020F ft=1 fh=244eb31b41fca29b vn="Win32/Toolbar.Widgi.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03302014_120333\C_Users\Evan\AppData\Roaming\Slick Savings\Coupons.dll"
sh=C9946D3535781EC9189885374E4A18CCAC22C08C ft=1 fh=1d80a455cd5f2f75 vn="Win64/Toolbar.Widgi.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03302014_120333\C_Users\Evan\AppData\Roaming\Slick Savings\Coupons64.dll"
sh=05E6E9A9840645E0FA788718EBC6C20CCC84FAF0 ft=1 fh=3f7669b28f528729 vn="a variant of Win32/Toolbar.Widgi.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03302014_120333\C_Users\Evan\AppData\Roaming\Slick Savings\CouponsHelper.exe"
sh=9366878083C915082FD52E60602F492B61DDF328 ft=1 fh=554f8fb76016b264 vn="Win32/Toolbar.Widgi.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03302014_120333\C_Users\Evan\AppData\Roaming\Slick Savings\Uninstall.exe"
sh=ACCD946F7E8F0DE34AA535DC7ABC3D2E1AB107E4 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="K:\Program Files (x86)\Vuze\spg.zip"
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="K:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="K:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="K:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll"

 

 

 

 

 

Security Check log

Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 


  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey! ;)

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Users\Evan\Documents\Vuze Downloads\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4u
    C:\Windows\Installer\1868c5.msi
    K:\Program Files (x86)\Vuze
    C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
 

How is the PC running?
  • 0

#9
esmith26

esmith26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hey Machiavelli, okay so I did that fix with the OTL program. My PC is still not making any dramatic changes, still acting as it was. :( Not sure what the problem is

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Evan\Documents\Vuze Downloads\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4u not found.
C:\Windows\Installer\1868c5.msi moved successfully.
K:\Program Files (x86)\Vuze\plugins\azupnpav folder moved successfully.
K:\Program Files (x86)\Vuze\plugins\azupdater folder moved successfully.
K:\Program Files (x86)\Vuze\plugins\azrating folder moved successfully.
K:\Program Files (x86)\Vuze\plugins\azplugins folder moved successfully.
K:\Program Files (x86)\Vuze\plugins\azitunes folder moved successfully.
K:\Program Files (x86)\Vuze\plugins folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\SystemV folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Pacific folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Indian folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Europe folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Etc folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Australia folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Asia folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\America\North_Dakota folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\America\Kentucky folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\America folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi\Africa folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\zi folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\servicetag folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\security folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\management folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\images\cursors folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\images folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\im folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\i386 folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\fonts folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\ext folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ie folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff\chrome\content folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff\chrome folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\deploy\jqs folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\deploy folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib\cmm folder moved successfully.
K:\Program Files (x86)\Vuze\jre\lib folder moved successfully.
K:\Program Files (x86)\Vuze\jre\bin\new_plugin folder moved successfully.
K:\Program Files (x86)\Vuze\jre\bin\client folder moved successfully.
K:\Program Files (x86)\Vuze\jre\bin folder moved successfully.
K:\Program Files (x86)\Vuze\jre folder moved successfully.
K:\Program Files (x86)\Vuze\.install4j\user folder moved successfully.
K:\Program Files (x86)\Vuze\.install4j folder moved successfully.
K:\Program Files (x86)\Vuze folder moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091\toolbarImages folder moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bvics5x6.default\CT2504091 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Evan
->Temp folder emptied: 1877821 bytes
->Temporary Internet Files folder emptied: 142164 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 241004389 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 792 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3457935 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 235.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04022014_172804

Files\Folders moved on Reboot...
C:\Users\Evan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Evan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey,

chkdsk /f

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    chkdsk c: /f

  • Reboot
  • Download ListChkdskResult.exe (by SleepyDude) from the link below:

    https://dl.dropboxus...hkdskResult.exe
  • Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post please!

  • 0

Advertisements


#11
esmith26

esmith26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

The message  I get when I type that command into the cmd prompt is

 

"the type of file system is NTFS

cannot lock current drive

 

chkdsk cannot run because the volume is in use by another process. would you like to schedule this volume to be checked the next time the system restarts? (y/n)"

 

I hit yes and ran the chkdsk result program and it came back with no results


  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey esmith26,

I hit yes and ran the chkdsk result program and it came back with no results

Did it said anything about the current health of your hard drive? Did it detected any errors etc?

Still laggy, slow performance?
  • 0

#13
esmith26

esmith26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

The exact message was "No Events found for Winlogon, Chkdsk or Wininit!"

 

No errors or messages about the current health of my drive.

 

My PC is still acting up with the laggyness and unneceessary slowness of things, it's also weird because I recently installed an SSD too.


  • 0

#14
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey,
can you tell me the content of that folder: C:\ProgramData\Hip Hop
  • Click on the Start Start%20Orb.jpg button and select All Programs, then Accessories.
  • Choose System Tools, and then select Disk Defragmenter.
  • Maybe you must enter your password. Click on Defragment Now.
  • This can take a while.
Still laggy, slow performance? It looks like your hard drive etc. is damaged.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: slow, lag

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP