Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Low disk space [Solved]

Started by tomvilfroy , Apr 19 2014 12:54 PM

  • This topic is locked This topic is locked

#1
tomvilfroy
Posted 19 April 2014 - 12:54 PM

tomvilfroy

    Member

  • Member
  • PipPip
  • 51 posts

Hello.   My computer started showing in lower toolbar window a message about low disk space.  Found this odd, since I had removed/saved offline 8 gb of pics.   Sure enough, after I deleted other items, it keep showing low disk space.   And we are talking low disk space of 100 mb or less.    So have been running/saving/downloading items onto my flash drive (J:\) to run items like OTL.

 

Here is the OTL log file :

 

OTL logfile created on: 4/19/2014 12:34:12 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = J:\download
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19507)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 3.73 Gb Available Physical Memory | 62.11% Memory free
12.21 Gb Paging File | 9.86 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 0.06 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.16 Gb Free Space | 55.74% Space Free | Partition Type: NTFS
Drive J: | 14.43 Gb Total Space | 14.35 Gb Free Space | 99.42% Space Free | Partition Type: FAT32
 
Computer Name: OWNERR | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - J:\download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\n360.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company)
PRC - C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe (The Nielsen Company)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe (NCP)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\npfirefoxprocessor.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\npffaddons.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\npwmi.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\npsurvey.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\npsp1.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\communication.dll ()
MOD - C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\c4dll.dll ()
MOD - C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\ssleay32.dll ()
MOD - C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\libeay32.dll ()
MOD - C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\zlib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe (Symantec Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NielsenUpdate) -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AirPrint) -- C:\AirPrint\airprint.exe (Apple Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1502000.026\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\1502000.026\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1502000.026\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1502000.026\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1502000.026\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1502000.026\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\DRIVERS\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\DRIVERS\psi_mf.sys (Secunia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\Dnetr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\DRIVERS\anodlwfx.sys ()
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140407.018\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140407.018\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140411.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (nnfwdk) -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\nnfwdk64.sys (The Nielsen Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBF_en
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/02 12:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/04/19 12:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/02 12:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/21 11:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\[email protected] [2014/04/19 12:05:34 | 000,009,382 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/31 12:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/31 12:43:35 | 000,000,000 | ---D | M]
 
[2009/10/31 18:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2013/04/29 12:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\kx43be6t.default\extensions
[2014/04/05 12:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\extensions
[2014/03/31 11:58:00 | 000,537,036 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2014/03/31 12:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/31 12:43:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/02 12:20:36 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: Nielsen = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.8.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\
CHR - Extension: Google Wallet = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/07/08 01:09:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe (NCP)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ncponline.com ([www] * in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2957CC1-5FCC-498D-A092-939CE9B94B1A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 12:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/19 12:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/19 11:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/19 11:27:00 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/19 11:27:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/19 10:38:54 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Outlook Files
[2014/04/18 08:53:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2014/04/18 08:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2014/04/07 14:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/07 14:14:35 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 14:13:18 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/07 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Legacy Family Tree
[2014/04/07 11:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
[2014/04/07 11:15:38 | 000,886,776 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.TaskPanel.v15.0.2.ocx
[2014/04/07 11:15:38 | 000,832,448 | ---- | C] (APEX Software Corporation) -- C:\Windows\SysWow64\tdbg6.ocx
[2014/04/07 11:15:38 | 000,496,384 | ---- | C] (Xceed Software Inc        (450) 442-2626        [email protected]        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2014/04/07 11:15:38 | 000,458,752 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsprint8.ocx
[2014/04/07 11:15:38 | 000,262,144 | ---- | C] (ComponentOne ) -- C:\Windows\SysWow64\vspdf8.ocx
[2014/04/07 11:15:38 | 000,237,568 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\Vsocx6.ocx
[2014/04/07 11:15:38 | 000,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\SysWow64\WSpell.ocx
[2014/04/07 11:15:38 | 000,065,536 | ---- | C] (Sheridan Software Systems, Inc) -- C:\Windows\SysWow64\ssfm1032.dll
[2014/04/07 11:15:38 | 000,065,536 | ---- | C] (Larcom and Young) -- C:\Windows\SysWow64\ReSize32.ocx
[2014/04/07 11:15:37 | 002,660,344 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v15.0.2.ocx
[2014/04/07 11:15:37 | 001,882,104 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.Controls.v15.0.2.ocx
[2014/04/07 11:15:37 | 001,374,200 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.ReportControl.v15.0.2.ocx
[2014/04/07 11:15:37 | 000,501,752 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.ShortcutBar.v15.0.2.ocx
[2014/04/07 11:15:37 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2014/04/07 11:15:37 | 000,200,704 | ---- | C] (CIA, The company) -- C:\Windows\SysWow64\ciaSCls20.dll
[2014/04/07 11:15:37 | 000,184,320 | ---- | C] (CIA, The Company) -- C:\Windows\SysWow64\ciaXPButton30.ocx
[2014/04/07 11:15:37 | 000,053,248 | ---- | C] (CIA, The Company) -- C:\Windows\SysWow64\ciaXPRegSvr20.dll
[2014/04/07 11:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Legacy8
[2014/04/05 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/05 11:56:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/31 12:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 12:42:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/19 12:38:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{05589FB7-93BA-465D-89A0-B5C602FF0A47}.job
[2014/04/19 12:38:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B9EF5B1D-A4FF-4E35-A03D-E8566A5F53EF}.job
[2014/04/19 12:11:48 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/04/19 12:02:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 12:02:25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 12:02:25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 12:02:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 11:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/19 11:27:52 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/19 11:27:19 | 000,000,578 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/19 10:49:03 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CE7E940F-A4B2-4ADF-8F59-AB8568259CFE}.job
[2014/04/19 10:39:07 | 000,000,968 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/04/18 10:35:49 | 000,790,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/18 10:35:49 | 000,664,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/18 10:35:49 | 000,128,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/18 08:53:08 | 000,000,580 | ---- | M] () -- C:\Users\Tom\Desktop\WinDirStat.lnk
[2014/04/17 02:23:42 | 000,032,126 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1502000.026\VT20140417.018
[2014/04/12 12:13:36 | 003,378,223 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1502000.026\Cat.DB
[2014/04/07 11:15:39 | 000,000,549 | ---- | M] () -- C:\Users\Public\Desktop\Legacy 8.0.lnk
[2014/04/05 14:51:10 | 000,449,454 | ---- | M] () -- C:\Users\Tom\Documents\cc_20140405_144959.reg
[2014/04/05 14:10:17 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT
[2014/04/05 14:10:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\PreferencePane
[2014/04/05 14:10:17 | 000,000,000 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Plugins
[2014/04/05 14:10:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\Plug-Ins
[2014/04/05 14:10:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\Metadata Importer
[2014/04/05 14:09:59 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2014/04/05 14:08:22 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2014/04/05 14:08:22 | 000,000,000 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Phaser
[2014/04/05 14:08:19 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2014/04/05 14:08:19 | 000,000,000 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Percussion Kit
[2014/04/05 11:17:45 | 000,440,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/04 14:29:33 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/04/03 09:51:12 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 12:11:48 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/04/19 11:27:19 | 000,000,578 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/19 10:39:06 | 000,000,968 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/04/18 08:53:07 | 000,000,580 | ---- | C] () -- C:\Users\Tom\Desktop\WinDirStat.lnk
[2014/04/07 11:15:39 | 000,000,561 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
[2014/04/07 11:15:39 | 000,000,549 | ---- | C] () -- C:\Users\Public\Desktop\Legacy 8.0.lnk
[2014/04/07 11:15:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2014/04/05 14:50:01 | 000,449,454 | ---- | C] () -- C:\Users\Tom\Documents\cc_20140405_144959.reg
[2014/04/05 14:10:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\PreferencePane
[2014/04/05 14:10:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\Plug-Ins
[2014/04/05 14:10:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\Metadata Importer
[2013/07/28 21:55:39 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2013/06/09 22:24:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNERR-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2013/05/24 00:49:45 | 000,116,866 | ---- | C] () -- C:\Windows\hpqins00.dat
[2013/05/23 23:44:32 | 000,148,895 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/05/23 23:44:20 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/05/23 19:54:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/05/23 19:52:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/05/23 19:52:02 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Phaser
[2013/05/23 19:52:01 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Percussion Kit
[2013/05/23 19:52:00 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/05/23 19:48:27 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Plugins
[2013/05/23 19:48:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/01/22 11:18:04 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/01/22 11:18:04 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/01/22 11:18:02 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/01/22 11:18:01 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/22 10:42:45 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/12/18 11:03:37 | 000,207,348 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/04/06 14:45:42 | 000,007,836 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2012/04/06 14:28:24 | 000,001,460 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps64.dat
[2011/05/20 12:35:12 | 000,001,940 | ---- | C] () -- C:\Users\Tom\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/24 00:57:15 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/12/14 14:44:27 | 000,003,284 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\ANIWZCS{6F197489-71C4-487E-90C4-A453BF248EE7}
[2010/03/15 10:16:36 | 000,000,091 | ---- | C] () -- C:\Users\Tom\AppData\Local\fusioncache.dat
[2010/02/24 10:01:18 | 049,877,254 | ---- | C] () -- C:\Users\Tom\ebp-backup-02242010.zip
[2010/01/29 18:06:20 | 000,012,288 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 14:32:42 | 000,000,632 | RHS- | C] () -- C:\Users\Tom\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWow64\shdocvw.dll -- [2011/01/20 10:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/12/27 13:59:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.minecraft
[2013/01/22 12:15:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\avidemux
[2012/06/12 09:05:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BSW
[2014/04/04 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Dropbox
[2013/11/26 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ID Vault
[2012/04/07 11:09:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Image Zone Express
[2009/12/16 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Namco
[2013/05/23 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Nikon
[2013/07/10 17:25:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Nuance
[2009/12/16 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OtherSide Realm of Eons
[2009/12/16 15:35:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PlayFirst
[2010/04/13 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Printer Info Cache
[2010/02/15 15:20:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\RailGameFans
[2010/08/27 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\runic games
[2011/05/25 10:58:06 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SystemRequirementsLab
[2010/08/04 08:18:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Turbine
[2012/12/04 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Unity
[2011/01/17 12:05:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements

#2
crooleeck
Posted 19 April 2014 - 01:56 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi tomvilfroy and welcome at GeekstoGo!
 
I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.
 
Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.
 
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.
 
Note:
  • Please watch this topic. Part of the fix may require you to being Safe Mode, which will not allow you to access the internet, or my instructions! Please save or print following instrucions.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed
 
Step 1:
Please post J:\download\Extras.txt content. It's second part of OTL log.
 
Step 2:
MBR fix:
  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.
 
aswMBR1.png
 
  • On completion of the scan click Save log, save it to your desktop as mbrfix.txt and post in your next reply.
 
aswMBR2.png
 
  • Click Exit.
 
Step 3:
Download AdwCleaner to your desktop.
  • run AdwCleaner accept license and select Scan
  • On completion of the scan please click on Log button. Log will be showed, please copy content and post in next replay
  • Close AdwCleaner

 


  • 0

#3
tomvilfroy
Posted 19 April 2014 - 02:57 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Wow - didn't expect so quick service...:)

 

I did look in J:\downloads and there is no extras file.   Should I rerun OTL?

 

And also I will presume that anytime you mean desktop to save to my J: drive, since i gather some items you post are copy and paste.

 

No problems with having 2 sets of eyes...even better!   And trust me, I'll be replying/posting as soon as items finish, since my wife is growing impatient about a computer she can't use!

 

Thomas


  • 0

#4
tomvilfroy
Posted 19 April 2014 - 03:12 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

MBR fix log :

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-19 15:05:50
-----------------------------
15:05:50.626    OS Version: Windows x64 6.0.6002 Service Pack 2
15:05:50.626    Number of processors: 2 586 0x170A
15:05:50.626    ComputerName: OWNERR  UserName: Tom
15:06:03.403    Initialize success
15:06:57.242    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:06:57.242    Disk 0 Vendor: ST3750630AS DE13 Size: 715404MB BusType: 3
15:06:57.601    Disk 0 MBR read successfully
15:06:57.601    Disk 0 MBR scan
15:06:57.601    Disk 0 Windows VISTA default MBR code
15:06:57.617    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:06:57.648    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 81920
15:06:57.679    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       700363 MB offset 30801920
15:06:58.038    Disk 0 scanning C:\Windows\system32\drivers
15:07:24.028    Service scanning
15:08:19.127    Modules scanning
15:08:19.127    Disk 0 trace - called modules:
15:08:19.220    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
15:08:19.220    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006354790]
15:08:19.735    3 CLASSPNP.SYS[fffffa6000d3bc33] -> nt!IofCallDriver -> [0xfffffa8005f929b0]
15:08:19.735    5 acpi.sys[fffffa60008e4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80060c1510]
15:08:19.735    Scan finished successfully
15:08:32.028    Disk 0 MBR has been saved successfully to "J:\download\MBR.dat"
15:08:32.168    The log file has been saved successfully to "J:\download\aswMBR.txt"

 


  • 0

#5
tomvilfroy
Posted 19 April 2014 - 03:15 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Adwcleaner Log file :

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 15:10:35
# Updated 18/04/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Tom - OWNERR
# Running from : J:\download\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19507


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\hpefdh0c.default\prefs.js ]


[ File : C:\Users\Krystin\AppData\Roaming\Mozilla\Firefox\Profiles\3gc28118.default\prefs.js ]


[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\kx43be6t.default\prefs.js ]


[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\prefs.js ]


[ File : C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\3gc28118.default\prefs.js ]


[ File : C:\Users\NewKrystin\AppData\Roaming\Mozilla\Firefox\Profiles\xmk0ybxf.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Krystin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\NewKrystin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [42784 octets] - [05/04/2014 11:58:15]
AdwCleaner[R1].txt - [42106 octets] - [05/04/2014 12:03:47]
AdwCleaner[R2].txt - [1774 octets] - [19/04/2014 15:10:35]
AdwCleaner[S0].txt - [1610 octets] - [05/04/2014 12:01:34]
AdwCleaner[S1].txt - [42725 octets] - [05/04/2014 12:04:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1955 octets] ##########
 


  • 0

#6
tomvilfroy
Posted 19 April 2014 - 03:18 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

A few other items :

 

I have noticed, even though I have changed in my browser (Firefox) to change download to the j:\download directory, that after a set time (maybe in 1 hour? - haven't really timed it) that the computer will try to save files on the c:\ drive.   Only way around it is to restart the computer.   Just thought I give you that info as well, since obviously something is definitely amiss here on the computer.

 

Lastly, FYI, the adwcleaner log file button now says Report with a log file icon to the left side of the button.  Not trying to nit pick but just thought I let you know.

 

Thomas


  • 0

#7
crooleeck
Posted 21 April 2014 - 01:54 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
OTL fix:
Please copy following script:

:otl
O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

:commands
[emptytemp]


Run OTL, under Custom Scan/Fixes paste it. Close all windows except OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

Step 2:
I've noticed you have installed Windirstat. Please run it.
  • When the little pacmen have finished investigating the drive you will be presented with a visual image of your folders
  • Select the folder using the most space by click in the little + sign alongside it
  • Locate the folder that is using the most space
  • If there is a + alongside that then click it to dig deeper
  • Highlight the offending folder and press Ctrl + C this will copy the path to your clipboard
  • Then right click the folder and select open
  • This will then open explorer to that folder.. Do you recognise it ?
Then open note pad and select paste... Post the file path in your next reply plus the size
Also if possible post a screen shot of the graphical output.
  • 0

#8
tomvilfroy
Posted 21 April 2014 - 05:05 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

OTL log :

No log was displayed.  i do see a file called 04212014_162547 on the K: drive (somehow the computer no longer has a J drive..so K is what J was) - the usb flash drive.

That file is located under _OTL\MovedFiles

 

Will copy that info here :

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f01858c7-2a68-4d93-9e22-502eae3917c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f01858c7-2a68-4d93-9e22-502eae3917c2}\ deleted successfully.
C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61874dfa-9adf-44e5-8e61-f3913707e7d7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61874dfa-9adf-44e5-8e61-f3913707e7d7}\ deleted successfully.
File Link Toolbar\dlinktb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61874DFA-9ADF-44E5-8E61-F3913707E7D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61874DFA-9ADF-44E5-8E61-F3913707E7D7}\ not found.
File Link Toolbar\dlinktb.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Krystin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NewKrystin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21770828 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1298 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
 
User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Tom
->Temp folder emptied: 31785655 bytes
->Temporary Internet Files folder emptied: 120042 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5022728 bytes
->Google Chrome cache emptied: 6077582 bytes
->Flash cache emptied: 1931 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 861184 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4091707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 67.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04212014_162547
 


  • 0

#9
tomvilfroy
Posted 21 April 2014 - 05:06 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Not following what you are asking for with the WinDirStat program

 

Hopefully this :

 

C:\N360_BACKUP\{A7CD5EEC-60F3-4477-9D0F-195FD64CD46B}
size 373.8 gb

 

Obviously one of my 2 Norton Backup directories (there is another one ({493ADC51-66D7-4EC6-8F00-C2189D82DDC7} but hasn't been accessed since

April of last year) and has about 80 gb of data)

 

Also various directories have a date timestamp 4-6 hours of current time (ran this around 6 pm local time and some of the folders have timestamps of 10 or 11 pm)

 

if not, then have no idea.   Sorry can't save any graphical programs via screenshot since paint won't work (no matter what...think it has to do with the low disk space..was working before!).  Did save it in word though.  Will see if i can download a paint equivalent to usb drive and see if I can send it that way.


Edited by tomvilfroy, 22 April 2014 - 03:05 PM.

  • 0

#10
crooleeck
Posted 23 April 2014 - 09:54 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Do you have any videos, music, photos on C drive? If yes, can you try move them to another partition?
  • 0

Advertisements

#11
tomvilfroy
Posted 23 April 2014 - 01:23 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Yes I do, but I have no partition to put them to, I don't believe.   Since the hard drive is full.

 

And that was what I was doing (saving pics) during the process of getting more hard drive space when the hard drive became full.   As I mentioned above in my first post I know I should have easily 8 gb of hard drive space available...but alas not the case.


Edited by tomvilfroy, 23 April 2014 - 01:25 PM.

  • 0

#12
tomvilfroy
Posted 24 April 2014 - 09:13 AM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

also this morning, I get the following message (has me concerned another virus is on my computer) :

 

Extracting files to temporary folder
Write error in the file installer_msi_win.msi. Probably the disk is full

 

And keeps trying to unzip a file, even when i cancel it.


  • 0

#13
crooleeck
Posted 24 April 2014 - 12:41 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
I think you have some kind of external drive:
Drive J: | 14.43 Gb Total Space | 14.35 Gb Free Space | 99.42% Space Free | Partition Type: FAT32

Please try transfer some files there.
  • 0

#14
tomvilfroy
Posted 25 April 2014 - 10:43 AM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
That's my flash drive

And I know I have more than 16 gb of pics, docs, music and iTunes files on the computer and the flash drive can only handle 16 gb.

So why am I trying to move these??

Edited by tomvilfroy, 25 April 2014 - 11:06 AM.

  • 0

#15
crooleeck
Posted 25 April 2014 - 12:58 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Because I want to check disk behavior. If you move 10GB files to another disk/partition, is free space increasing?

 

What step in WinDirStat instruction you don't follow?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP