Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New to me laptop, runs slow [Closed]


  • This topic is locked This topic is locked

#1
KaleysLaptop

KaleysLaptop

    New Member

  • Member
  • Pip
  • 7 posts

I had an Acer Aspire 5517 given to me and it runs slow and has the occasional popup. My dad loaded AVG Free and ran it but it found no viruses, he also installed CCleaner and ran it too.

 

I  found OTL and did the quick scan. Here are the results.

 

 

 

OTL logfile created on: 9/28/2014 4:53:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leigha\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.28% Memory free
3.49 Gb Paging File | 2.22 Gb Available in Paging File | 63.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 86.87 Gb Free Space | 63.43% Space Free | Partition Type: NTFS
Drive D: | 2.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LEIGHA-PC | User Name: Leigha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/28 16:52:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leigha\Downloads\OTL.exe
PRC - [2014/09/05 16:34:22 | 003,364,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/09/05 16:29:52 | 003,593,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/09/05 16:23:18 | 000,293,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2012/01/17 15:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2009/09/10 09:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/10/29 11:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/09/26 18:04:20 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/24 01:09:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/05 16:34:22 | 003,364,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/09/05 16:23:18 | 000,293,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/07/28 16:12:40 | 000,156,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/20 21:45:10 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/08/06 21:39:52 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/24 14:06:36 | 000,247,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/07/18 15:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/07/02 09:58:24 | 000,270,616 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/18 21:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/18 21:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 21:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/02 01:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 06:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...54z1m5t4492y499
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/?s...3F5D48DF5707B9A
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS476
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8FC1F79E-F35F-4505-BDCB-DBAFDAF1163B}: "URL" = http://www.search.as...archTerms}&psv=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Leigha\Desktop\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Leigha\AppData\Local\Roblox\Versions\version-97c0e76356f746a6\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Leigha\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Leigha\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/08/07 13:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/09/28 00:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leigha\AppData\Roaming\Mozilla\Extensions
[2014/09/28 00:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/28 00:01:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Leigha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Leigha\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Leigha\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Leigha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Picasa (Enabled) = C:\Users\Leigha\Desktop\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Leigha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: SiteAdvisor = C:\Users\Leigha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Google Wallet = C:\Users\Leigha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Psykopaint = C:\Users\Leigha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Leigha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F893C0C2-E39C-4505-8004-7B73890D0CEB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/28 16:24:11 | 000,000,000 | R--D | C] -- C:\Users\Leigha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2014/09/28 11:07:14 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Local\{6E6C232C-D5B9-4CF9-888F-4D4445AA9556}
[2014/09/28 00:12:39 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Roaming\AVG2015
[2014/09/28 00:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/09/28 00:10:52 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Roaming\TuneUp Software
[2014/09/28 00:09:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/09/28 00:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/09/28 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/09/28 00:05:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/09/28 00:05:02 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Local\MFAData
[2014/09/28 00:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/09/28 00:05:02 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Local\Avg2015
[2014/09/28 00:01:31 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Local\Mozilla
[2014/09/28 00:01:30 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Roaming\Mozilla
[2014/09/28 00:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/09/28 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/09/28 00:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/27 23:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/27 23:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/27 23:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/09/27 22:15:51 | 000,000,000 | ---D | C] -- C:\Users\Leigha\AppData\Local\{956371D3-03D7-48E2-9FFD-5A4525635410}
[2014/09/26 20:52:47 | 000,000,000 | -HSD | C] -- C:\Users\Leigha\AppData\Local\EmieUserList
[2014/09/26 20:52:47 | 000,000,000 | -HSD | C] -- C:\Users\Leigha\AppData\Local\EmieSiteList
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/28 16:54:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/28 16:38:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/28 16:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 16:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 16:25:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-291638799-846664467-1878699073-1002UA.job
[2014/09/28 16:23:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/28 16:23:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/28 15:26:55 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/28 14:46:13 | 000,002,374 | ---- | M] () -- C:\Users\Leigha\Desktop\Google Chrome.lnk
[2014/09/28 11:02:23 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/28 11:02:23 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/28 11:02:22 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/28 09:34:39 | 000,775,124 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/28 00:10:54 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/09/28 00:01:22 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/09/27 23:20:57 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/27 22:58:12 | 000,417,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/26 18:01:23 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-291638799-846664467-1878699073-1002Core.job
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/28 00:10:54 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/09/28 00:01:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/09/28 00:01:22 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/09/27 23:20:57 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/30 22:22:54 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/26 11:27:20 | 000,173,054 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/07/26 11:27:20 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/06/14 19:56:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/06/14 19:56:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/06/14 19:56:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/06/14 19:56:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/03 18:55:01 | 000,000,024 | ---- | C] () -- C:\Users\Leigha\random.dat
[2012/06/03 18:55:00 | 000,000,045 | ---- | C] () -- C:\Users\Leigha\jagex_cl_runescape_LIVE.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/23 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\.minecraft
[2012/04/09 23:57:57 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\.purple
[2012/03/25 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\Acer
[2014/09/28 00:12:39 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\AVG2015
[2012/12/17 16:38:52 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\Blackboard
[2012/03/25 22:37:14 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\Leadertech
[2014/09/28 11:30:32 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\Samsung
[2013/02/07 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\SecondLife
[2014/09/28 00:10:52 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\TuneUp Software
[2012/04/09 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\Leigha\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 

 

 

 

OTL Extras logfile created on: 9/28/2014 4:53:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leigha\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.28% Memory free
3.49 Gb Paging File | 2.22 Gb Available in Paging File | 63.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 86.87 Gb Free Space | 63.43% Space Free | Partition Type: NTFS
Drive D: | 2.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LEIGHA-PC | User Name: Leigha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0082DE1A-292E-43FE-8579-97BBA87510EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0DA7A3ED-F790-4843-B81A-8739B86F5C2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A6D305C-54DA-44CD-B39E-4999EC03F949}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2796490F-51B2-4AD5-99BA-FA2BE21B2500}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{309CE8FA-3950-4D7C-932D-3F4821C36EB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39615D79-9B24-48E2-A76C-B16B9E2A6A65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4C09B57E-4D4C-44E5-AE69-020234B570A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5021C1A0-7C5F-4605-829D-7F111333EDC6}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C7AB590-D51F-48CB-82AA-31B596363290}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70173EC4-6948-4B13-A29B-19DDBB84ABF8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73B4F765-77EB-4AC8-9133-510B2A825ED3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76362967-E580-4C32-9644-4844C60138BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77A95928-A41B-4517-B9C6-C00E65693707}" = lport=139 | protocol=6 | dir=in | app=system |
"{7EC2E5B0-0EF6-4134-BB7B-C3064050D90B}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EC4AED9-2037-4395-BFFD-5604F932F000}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{86383293-6857-4558-A440-05BF445F3D30}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{86AAED85-6C62-445F-9AD0-1E6D6703543B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A8389F3-C8F3-40AC-A75E-82D27B4A404E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8D22AB11-D31C-4D3E-8037-361ED368772C}" = rport=445 | protocol=6 | dir=out | app=system |
"{BAC5E7B8-49FC-4370-8EB8-E6C7667AD635}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C99CA514-A920-477F-BBEF-6E6D308E4587}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBBBC67E-D42C-42BF-AD66-F66D00D76C63}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFFDBAF9-6530-435A-B78B-F5F415C294D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D3D74D50-7ADB-4A00-8715-4821510F6BF5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E337AF6D-2DE8-49A4-BF71-37FD8624D1A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{EDC937B2-8438-4309-A850-5876C0EE6BAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1D48488-79F7-4B92-8D67-726E472DDFE0}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078B4933-8463-4612-9827-CBDB2BC47E5E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{082EE2DD-3AD0-43AA-A7C6-EBC803195576}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1EF5CD46-2AC2-47C2-977A-2424D2FDC2D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{233E1080-CE95-4EA4-AA52-20790B28D08B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32E22A1F-C168-4216-A175-354C0EF2E397}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{348DDBBA-CC04-46B5-B17C-BC524566C587}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{4E1B19DB-6C97-4027-9CDA-C0E2EDF07217}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5000D005-01A9-4E7E-BFFC-805DC62A627C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{535B772C-25E8-41D8-A9C3-A0012CDC8E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{5B510F82-8931-4E74-AEC0-874E03C55713}" = protocol=1 | dir=in | [email protected],-28543 |
"{5CDB2997-E759-4E89-9984-0CFA4DD1B1D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FB5E1EB-B16C-446F-98F6-FEC11D68E650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63CD0EDB-4710-4291-95EB-BDE4677995E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6964FF84-0D21-459E-B5D0-DDFA06BC1978}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70EA5B44-23FC-434C-876B-8A5A7506242A}" = protocol=1 | dir=out | [email protected],-28544 |
"{71DF677D-C359-4084-9100-6E238D0F319A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72ACCAD5-46D7-4BB8-8C50-96535DE9609D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78EB570F-6D31-4962-890F-06E1B089F528}" = protocol=58 | dir=out | [email protected],-28546 |
"{7FA6E65E-AEE8-403C-8808-7B73EF5EB0E0}" = protocol=58 | dir=in | [email protected],-28545 |
"{86BE2CEE-C0AC-4055-A530-60FE8BDA3B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{9289AEDE-41FA-4622-9261-33786A4028D2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9563528E-C33F-4FC1-A940-BD2584319EA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{9684E073-8DCD-42B8-92E2-0A695FBD0F14}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{99AFE968-1232-45E6-A65E-E9C8EF9E3462}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EA9BDFD-C350-4EBD-B008-FDAD6BF38CA8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A09CD814-B5D3-4C5F-ABAA-199D2FAF6AC7}" = protocol=6 | dir=out | app=system |
"{A60FEB86-FD10-4A0E-8487-BD36BFF73339}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{B2BE03FD-E5CE-4D9F-9DB3-327216C12877}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE7B91D-FF2B-453A-B433-0BCBE60BC409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C73EC19B-4621-4295-A711-F168AE632EBD}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D517DBE0-DF9A-490C-891D-B19EE866E9F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{E1E7C209-C34D-482F-868F-83EFE218BA2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E666F1F5-F9BB-46CC-B2E6-068277835267}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7F4399A-7A31-4F16-B024-321888DD5AA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEF7E580-C9C8-4408-ACEF-4C53B7DA59E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{F302664F-03FF-41A1-91F2-9AC01CE76DED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{F58CA409-0F55-4D6D-BDC7-D624CD0998AB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FD970526-E1F2-4B6A-BDD7-5388C85FAD8D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{426E8080-E591-436B-9F7A-3C61D0AB742D}" = AVG 2015
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{B2913230-094D-4F41-9EEF-CE9571C450D8}" = SpyroPortalDriver
"{BA450551-ACCA-46A8-890A-48B9B3C4E02F}" = AVG 2015
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"AVG" = AVG 2015
"CCleaner" = CCleaner
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 67
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"chat-messenger" = Chat Messenger
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LManager" = Launch Manager
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUSR" = Microsoft Office Professional Plus 2007
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Leigha
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/31/2014 12:16:41 PM | Computer Name = Leigha-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 7/31/2014 12:16:41 PM | Computer Name = Leigha-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 7/31/2014 12:16:41 PM | Computer Name = Leigha-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 7/31/2014 12:16:41 PM | Computer Name = Leigha-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 7/31/2014 10:03:14 PM | Computer Name = Leigha-PC | Source = Application Error | ID = 1000
Description = Faulting application name: visicom_antiphishing.exe, version: 1.0.1.32,
 time stamp: 0x4f15c5e2  Faulting module name: RPCRT4.dll, version: 6.1.7601.18205,
 time stamp: 0x51db9710  Exception code: 0xc0000005  Fault offset: 0x0001af21  Faulting
 process id: 0x1220  Faulting application start time: 0x01cfacdafb608e7d  Faulting application
 path: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe  Faulting
 module path: C:\Windows\syswow64\RPCRT4.dll  Report Id: fe51600d-191f-11e4-b2b2-705ab6392982
 
Error - 8/2/2014 1:07:56 PM | Computer Name = Leigha-PC | Source = Application Error | ID = 1000
Description = Faulting application name: visicom_antiphishing.exe, version: 1.0.1.32,
 time stamp: 0x4f15c5e2  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x002f8ca0  Faulting process id:
 0x10ac  Faulting application start time: 0x01cfadd5235849f7  Faulting application path:
 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe  Faulting module
 path: unknown  Report Id: 8bb73396-1a67-11e4-9c16-705ab6392982
 
Error - 8/4/2014 6:17:38 PM | Computer Name = Leigha-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.1.9.8, time stamp:
 0x51d2fcd3  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x1330  Faulting application
 start time: 0x01cfadd52efdc294  Faulting application path: C:\Program Files (x86)\Common
 Files\Java\Java Update\jusched.exe  Faulting module path: unknown  Report Id: 23f5bfe0-1c25-11e4-9c16-705ab6392982
 
Error - 8/10/2014 9:39:03 PM | Computer Name = Leigha-PC | Source = Application Error | ID = 1000
Description = Faulting application name: visicom_antiphishing.exe, version: 1.0.1.32,
 time stamp: 0x4f15c5e2  Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4a5bda75  Exception code: 0xc0000005  Fault offset: 0x6c832505  Faulting
 process id: 0x1140  Faulting application start time: 0x01cfb267ade86eb3  Faulting application
 path: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe  Faulting
 module path: netprofm.dll  Report Id: 458b57b7-20f8-11e4-9edc-705ab6392982
 
Error - 8/18/2014 12:39:14 AM | Computer Name = Leigha-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.1.9.8, time stamp:
 0x51d2fcd3  Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp:
 0x4ce7b96f  Exception code: 0xc0000096  Fault offset: 0x00048665  Faulting process id:
 0x11fc  Faulting application start time: 0x01cfb267b0796a7e  Faulting application path:
 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe  Faulting module
 path: C:\Windows\syswow64\ole32.dll  Report Id: 9adccc4d-2691-11e4-9edc-705ab6392982
 
Error - 8/18/2014 12:39:16 AM | Computer Name = Leigha-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file  for one of the following reasons:  there
 is a problem with the network connection, the disk that the file is stored on,
or the storage  drivers installed on this computer; or the disk is missing.  Windows
 closed the program Java™ Update Scheduler because of this error.    Program: Java™
 Update Scheduler  File:     The error value is listed in the Additional Data section.
User
 Action  1. Open the file again.  This situation might be a temporary problem that corrects
 itself when the program runs again.  2.  If the file still cannot be accessed and   -
It is on the network,  your network administrator should verify that there is not
a problem with the network and that the server can be contacted.   - It is on a removable
 disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
 into the computer.  3. Check and repair the file system by running CHKDSK. To run
 CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
 type CHKDSK /F, and then press ENTER.  4. If the problem persists, restore the file
 from a backup copy.  5. Determine whether other files on the same disk can be opened.
 If not, the disk might be damaged. If it is a hard disk, contact your administrator
 or computer hardware vendor for  further assistance.    Additional Data  Error value: 00000000
Disk
 type: 0
 
[ System Events ]
Error - 9/27/2014 10:15:01 PM | Computer Name = Leigha-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
 error:   %%1053
 
Error - 9/27/2014 10:54:55 PM | Computer Name = Leigha-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
 a preshutdown control.
 
Error - 9/27/2014 10:57:59 PM | Computer Name = Leigha-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 9/27/2014 10:57:59 PM | Computer Name = Leigha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 9/28/2014 12:22:37 AM | Computer Name = Leigha-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly.  It
has done this 1 time(s).  The following corrective action will be taken in 60000
 milliseconds: Restart the service.
 
Error - 9/28/2014 12:27:16 AM | Computer Name = Leigha-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly.  It
has done this 2 time(s).  The following corrective action will be taken in 60000
 milliseconds: Restart the service.
 
Error - 9/28/2014 12:29:57 AM | Computer Name = Leigha-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly.  It
has done this 3 time(s).
 
Error - 9/28/2014 12:38:27 AM | Computer Name = Leigha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 9/28/2014 2:34:31 AM | Computer Name = Leigha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 9/28/2014 9:05:34 AM | Computer Name = Leigha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to GeeksToGo! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.

aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP