Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something keeps eating space on my HD


  • Please log in to reply

#1
Phlegmbot

Phlegmbot

    Member

  • Member
  • PipPipPip
  • 403 posts

Hi,

 

So I noticed recently that I very suddenly was down to just under 2 gigs of space on my HD. So I cleared out a bunch of files. I got it back up to 8GB and figured I'd do more maintenance later. I go back to it the next day, and it's much lower. So I clear out more avi/mkv files, delete some MP3s, etc. I get it back up to 10GB.

 

While I admit I've DL'd a few things since, they're small avi files that I'm deleting as soon as I'm done with them. And somehow I'm back down to under 4GB of space. I've done all the usual maintenance by clearing browser cache and having C-Cleaner do a more detailed cleaning. I've not yet performed a de-frag, b/c I wanted to finish my maintenance before doing that.

 

 

I saw this in my OTL and don't know what it is:

[2013/11/18 02:35:38 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Python-Eggs

 

The entire OTL log is below. And, yes, I still have the AOL program on my computer...what can I say, it's bulky and annoying, but it organizes my mail better than Gmail. =] 

 

Thank you in advance!

 

PBot

 

OTL logfile created on: 2/17/2015 1:37:57 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\K-OK\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.38% Memory free
11.98 Gb Paging File | 7.87 Gb Available in Paging File | 65.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 3.86 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
 
Computer Name: K-OK_PFFT | User Name: K-OK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/27 02:08:55 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/01/26 21:02:24 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/18 03:15:24 | 001,378,640 | ---- | M] (BitTorrent Inc.) -- C:\Users\K-OK\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/12/02 21:02:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/02 01:14:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K-OK\Desktop\OTL.exe
PRC - [2011/04/25 16:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
PRC - [2011/04/25 16:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
PRC - [2011/03/21 10:02:03 | 002,211,152 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1371693082\ee\aolupdates.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1371693082\ee\aolsoftware.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
PRC - [2004/04/20 13:03:44 | 001,575,936 | ---- | M] (David Ayton) -- C:\Program Files (x86)\CDisplay\CDisplay.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/27 02:08:54 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/12/02 21:02:08 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/12 12:22:15 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1f861b2b88c8a5a5b3b6c6144dc261d2\IAStorUtil.ni.dll
MOD - [2014/11/12 12:18:24 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2014/11/08 16:30:20 | 000,097,624 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler32.dll
MOD - [2014/10/16 11:00:58 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/10/16 11:00:15 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 11:00:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 11:00:02 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 10:59:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 10:59:44 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/16 10:59:38 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/11 03:19:06 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/04/25 16:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll
MOD - [2011/04/25 16:52:30 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2011/04/25 16:52:30 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\DataSvcs.dll
MOD - [2001/06/12 07:00:00 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\CDisplay\UnzDll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/11 21:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/02 21:02:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/02 21:01:54 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/08/13 12:16:11 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/30 12:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/01/22 13:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/21 07:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2015/02/04 20:16:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/27 02:08:54 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 07:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/07/24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/21 22:05:17 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/02 21:02:32 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/02 21:02:12 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/12/02 21:02:12 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/02 21:02:12 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/12/02 21:02:12 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/02 21:02:12 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/02 21:02:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/02 21:02:12 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/02 21:01:54 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/01/14 18:32:04 | 000,022,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2013/06/17 17:28:42 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/06/17 17:28:42 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/05/30 12:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/22 20:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/22 13:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 12:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/21 07:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/20 17:25:42 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/30 12:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 22:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 11:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 21:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/09 19:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/01/25 15:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.variety.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing,DuckDuckGo,Twitter"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "thr.com"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.1.0.170
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\K-OK\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\K-OK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\K-OK\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\K-OK\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\K-OK\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/27 11:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/17 14:52:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/17 14:52:30 | 000,000,000 | ---D | M]
 
[2013/06/19 04:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K-OK\AppData\Roaming\Mozilla\Extensions
[2015/01/23 01:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\s9u7jk28.default-1396771154971\extensions
[2014/04/06 22:11:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\s9u7jk28.default-1396771154971\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2015/01/14 01:36:14 | 000,127,486 | ---- | M] () (No name found) -- C:\Users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\s9u7jk28.default-1396771154971\extensions\[email protected]
[2015/01/15 01:36:09 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\s9u7jk28.default-1396771154971\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/17 14:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/01/17 14:52:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015/01/17 14:52:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2015/01/17 14:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/17 14:52:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015/01/27 02:08:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/01/27 11:56:40 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/30 12:11:28 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0\
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.10_0\
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2015.120.1719.1_0\
CHR - Extension: No name found = C:\Users\K-OK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/07/18 15:18:49 | 000,000,197 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O1 - Hosts: ㈱⸷⸰⸰ऱउ愉瑣癩瑡⹥摡扯⹥潣൭ㄊ㜲〮〮ㄮउउ捡楴慶整愮潤敢挮浯਍㈱⸷⸰⸰ऱउ愉瑣癩瑡⹥摡扯⹥潣൭
O1 - Hosts: wk+mxphzeakv3za+maihrcxuczn
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1371693082\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\K-OK\AppData\Local\Apps\2.0\XD60LKC3.QR7\EYRTA4CB.ROA\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B08A6B-4030-4964-8CDA-F392DE2CD0D3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E60A44D9-99B2-4861-9F5B-3FD08909B487}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/14 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\K-OK\AppData\Local\ElevatedDiagnostics
[2015/02/12 03:02:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/02/08 16:48:58 | 000,000,000 | ---D | C] -- C:\Users\K-OK\AppData\Roaming\CocoonSoftware
[2015/02/08 16:48:42 | 000,000,000 | ---D | C] -- C:\Users\K-OK\AppData\Local\WDSetup
[2013/08/03 16:06:09 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\K-OK\AppData\Roaming\dotNetFx40_Full_setup.exe
[1 C:\Users\K-OK\Documents\*.tmp files -> C:\Users\K-OK\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/17 13:33:33 | 000,000,228 | -H-- | M] () -- C:\Users\K-OK\Desktop\fssort.ini
[2015/02/17 13:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-325864831-4140286064-2431685227-1000UA.job
[2015/02/17 13:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/17 13:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/17 13:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/17 01:21:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-325864831-4140286064-2431685227-1000Core.job
[2015/02/17 01:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/16 22:27:33 | 000,299,751 | ---- | M] () -- C:\Users\K-OK\Desktop\DIGheader.jpg
[2015/02/16 18:30:26 | 001,559,829 | ---- | M] () -- C:\Users\K-OK\Desktop\fashiontimesstyleguiderevisedpleaseread.zip
[2015/02/16 16:52:50 | 000,092,399 | ---- | M] () -- C:\Users\K-OK\Desktop\jess1.jpeg
[2015/02/16 16:52:15 | 000,074,691 | ---- | M] () -- C:\Users\K-OK\Desktop\jess0.jpeg
[2015/02/13 14:47:08 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/13 14:47:08 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/13 14:36:21 | 527,826,943 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/13 03:27:46 | 000,048,640 | ---- | M] () -- C:\Users\K-OK\Desktop\Backup of LIL_ZTV.wbk
[2015/02/12 14:34:41 | 000,281,164 | ---- | M] () -- C:\Users\K-OK\Desktop\20150206_074657.jpg
[2015/02/12 14:33:56 | 000,086,973 | ---- | M] () -- C:\Users\K-OK\Desktop\20150206_074657_a.jpg
[2015/02/12 06:14:12 | 006,323,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/11 23:30:00 | 000,172,963 | ---- | M] () -- C:\Users\K-OK\Desktop\AmazonInvoice.jpg
[2015/02/11 09:07:29 | 006,319,726 | ---- | M] () -- C:\Users\K-OK\Desktop\PRODCOs.pdf
[2015/02/09 03:13:29 | 000,127,097 | ---- | M] () -- C:\Users\K-OK\Desktop\princedirections.jpg
[2015/02/06 08:23:35 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/06 08:23:35 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/06 08:23:35 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/25 16:15:34 | 000,265,321 | ---- | M] () -- C:\Users\K-OK\Desktop\Today's_Map.jpg
[2015/01/21 22:05:17 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[1 C:\Users\K-OK\Documents\*.tmp files -> C:\Users\K-OK\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/16 22:27:32 | 000,299,751 | ---- | C] () -- C:\Users\K-OK\Desktop\DIG.jpg
[2015/02/16 18:30:22 | 001,559,829 | ---- | C] () -- C:\Users\K-OK\Desktop\styleguiderevisedpleaseread.zip
[2015/02/16 16:52:50 | 000,092,399 | ---- | C] () -- C:\Users\K-OK\Desktop\jess1.jpeg
[2015/02/16 16:52:14 | 000,074,691 | ---- | C] () -- C:\Users\K-OK\Desktop\jess0.jpeg
[2015/02/12 14:33:56 | 000,086,973 | ---- | C] () -- C:\Users\K-OK\Desktop\20150206_074657_a.jpg
[2015/02/12 14:27:58 | 000,281,164 | ---- | C] () -- C:\Users\K-OK\Desktop\20150206_074657.jpg
[2015/02/11 23:30:00 | 000,172,963 | ---- | C] () -- C:\Users\K-OK\Desktop\Invoice.jpg
[2015/02/09 03:13:28 | 000,127,097 | ---- | C] () -- C:\Users\K-OK\Desktop\princedirections.jpg
[2015/01/25 16:15:33 | 000,265,321 | ---- | C] () -- C:\Users\K-OK\Desktop\Today's_Map.jpg
[2014/09/20 16:21:49 | 000,001,207 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\CamStudio.Producer.ini
[2014/09/20 16:21:49 | 000,000,000 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\CamStudio.Producer.Data.ini
[2014/09/17 21:11:29 | 000,004,571 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\CamStudio.cfg
[2014/09/17 21:11:29 | 000,000,408 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\CamShapes.ini
[2014/09/17 21:11:29 | 000,000,408 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\CamLayout.ini
[2014/09/17 21:11:29 | 000,000,123 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\Camdata.ini
[2014/09/17 21:08:31 | 000,000,096 | ---- | C] () -- C:\Users\K-OK\AppData\Roaming\version2.xml
[2014/08/13 12:13:52 | 000,045,384 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
[2014/08/11 21:30:50 | 003,916,288 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2014/08/11 21:30:10 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/08/11 21:29:36 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2014/08/11 21:29:16 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2014/08/11 21:29:16 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2014/08/11 21:29:14 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2014/08/11 21:29:14 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2014/08/11 21:29:14 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2014/08/11 21:29:14 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2014/08/11 21:29:12 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2014/06/12 05:49:24 | 000,240,784 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2014/04/08 15:50:26 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/04/08 15:50:16 | 000,632,320 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/03/31 02:49:19 | 000,000,218 | ---- | C] () -- C:\Users\K-OK\AppData\Local\recently-used.xbel
[2014/02/17 15:41:03 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2013/12/16 21:19:30 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/12/16 21:15:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2013/12/16 21:15:32 | 000,000,236 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2013/12/16 21:15:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\bass_tak.dll
[2013/10/02 15:00:42 | 000,003,526 | ---- | C] () -- C:\Users\K-OK\index.shtml
[2013/09/25 14:22:45 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2013/09/25 14:00:12 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2013/08/03 16:07:13 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/31 17:34:07 | 000,011,776 | ---- | C] () -- C:\Users\K-OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/01 02:04:18 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/06/19 20:48:44 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/06/18 23:16:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/06/18 21:52:15 | 004,272,439 | ---- | C] () -- C:\Users\K-OK\AppData\Local\When The Time Has Come.mp3
[2013/06/17 17:24:55 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/20 10:43:30 | 000,202,344 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/22 09:49:33 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Audacity
[2013/12/03 10:27:14 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\AVAST Software
[2014/02/10 00:06:12 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\avidemux
[2014/02/25 17:57:41 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\BitLord
[2015/02/08 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\CocoonSoftware
[2014/02/25 02:14:16 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\FileAdvisor
[2015/02/12 04:00:20 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\FileZilla
[2014/02/17 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Final Draft
[2013/11/30 02:17:41 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\foobar2000
[2014/05/28 03:54:40 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Free Sound Recorder
[2013/07/14 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\ImgBurn
[2013/06/20 12:09:23 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Opera
[2014/03/23 13:34:04 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Opera Software
[2013/08/03 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\PCDr
[2013/11/18 02:35:38 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\Python-Eggs
[2013/08/06 01:07:59 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\TheSage
[2015/02/17 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\K-OK\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Sorry for the delay. I ran the tests and just haven't had a chance to get back here.

     

    I should admit, I do have a torrent program on my PC, and I had left the torrent data IN the program from past torrents (just so I could easily see what I had DL'd), even while deleting the actual torrents files...doing that actually helped clear a lot of space (b/c of the saved data), and I thought it even resolved the issue, but then the next time I rebooted, another 3-4 gigs of space were suddenly gone again. Weird.

     

     

    Attached Files


    Edited by Phlegmbot, 25 February 2015 - 02:40 AM.

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    System Restore may be using the memory.  Copy the following:

     
     
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
     
    
    Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
     

    That will get rid of all but the latest System Restore file.  You can also tell it how much space to use on the drive.  Control Panel, System, System Protection, Configure.

     

    IE is also a memory hog.  Control panel, Internet Options, Settings, Disk Space to Use.  Set it down to 50 meg.  OK.

     

     

     

    Torrent is also a memory hog especially if it is using your computer to store stuff.

     

    You may find WinDirStat to be useful:

     

    http://sourceforge.n...cts/windirstat/

     

    It will search through your hard drive and tell you what percentage of your drive is being used by what files.  Probably best to right click on it and Run As Admin.

     

    After you tell it what drive to look at and then hit OK it will begin to analyze your drive.  Wait until it gets to 100% then you can see where the big users are.  You can click on the + in front of each to category to see more detail.

     

    I don't have much use for the colored display on the bottom so I just turn it off or ignore it. (Tree Map then uncheck Show Tree Map)


    • 0

    #5
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Thank you for all of that.

     

    It seems to show that the area where I keep my movie and image files is the big hog, which makes sense. But here's the weird part, I can't find any other area that's using a lot of space...yet, since noticing this issue, anything I DL is temporary. I delete when watched or viewed or shared or what-have-you.

     

    And somehow space keeps getting smaller and smaller. I recently defragged btw. I'll keep examining it.

     

    Unless you've any other thoughts...I think that's it.


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    Are you emptying your recycle bin?

     

    Windows also has a tendency to hang on to a copy of everything.


    • 0

    #7
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Yes, of course I've emptied the recycle bin. I also deleted any .torrent files in that program's folder & other temp files.

     

    I was up to about 10 gigs of space after clearing out a lot of things; I've only DL'd a couple of images and pdfs for work (and, OK about 4 tv shows I couldn't watch online b/c Comedy Central's site freakin' sucks, but those were immediately deleted after watching)...Hmmm...Maybe I need to do the actual math from WinDirStat and see if everything adds up.


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    Looking at your original OTL log it showed:

     

    O1 - Hosts: ㈱⸷⸰⸰ऱउ愉瑣癩瑡⹥摡扯⹥潣൭ㄊ㜲〮〮ㄮउउ捡楴慶整愮潤敢挮浯਍㈱⸷⸰⸰ऱउ愉瑣癩瑡⹥摡扯⹥潣൭
    O1 - Hosts: wk+mxphzeakv3za+maihrcxuczn

     

    This should not be there.  Might just be a sign of disk corruption or it could be a poorly written program.  Probably not malware since it doesn't do anything useful.

     

    Download HostsXpert from http://www.majorgeek...hostsxpert.html Save the file then right click and Extract All.  It will create a new folder in the same place.  In the folder find HostsXpert.exe and right click on it and Run As Administrator.

     
    It will take a few seconds to appear.  If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only?  If it already says Make Read Only? that's OK just go on to the next step.
    Now click on the left column entry that says: Restore MSHosts file.  Click on the Make Read Only? entry then close HostXpert.  Run OTL again and let's see if the hosts file is happy now.
     
     
    Let's also do:
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
     
    Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
     
    Just to be sure have you let Avast do a boot-time scan while you sleep?:
     
    How to do a boot-time scan while you sleep:
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

    • 0

    #9
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    OK, Thanks! So far, just ran HostXpert, ran OTL...so that removed the junk from earlier...

     

    O1 HOSTS File: ([2015/03/01 00:54:37 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

     

    Will do the rest tomorrow. Can't close browsers just now (in the middle of a couple of projects -- was taking a break to do this).


    • 0

    #10
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Hey again!

     

    OK, Speccy AND process explorer files attached. Note the name of the process explorer file -- Acrotray is the name the program gave the file. If that signaled something, I didn't want to change it. (Your instructions indicated the file name would be more or less the name of the program.)

     

    I know Acrotray is Adobe-related, but let me know if I should shut it off.

     

    Oh, and before I continue to the last step, will anything in that last step erase anything (like my Internet saved tabs/history) or recent MS Word files used or anything like that? Are there any changes happening I need to be aware of?

     

    THANK YOU AGAIN!

     

    p.s. In the Speccy file, I also X'd my IP address and Mac address too.

    Attached Files


    Edited by Phlegmbot, 01 March 2015 - 03:30 PM.

    • 0

    Advertisements


    #11
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Hi, I found this thread via Google:

    http://www.sevenforu...ow-get-rid.html

     

    So, 1. could Acrotray be my issue?

    2. The person on this thread mentions a worm...sounds like that's what I could have. Thoughts?


    Edited by Phlegmbot, 01 March 2015 - 09:51 PM.

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP
    Speccy says your PC is too hot
     
    Intel Core i7 720QM @ 1.60GHz 63 °C

     

     

     
     
    Try speedfan
     
    Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)
     
    It will tell you your temps.  If they seem hot (over 50) then check Automatic Fan Speed.
    Leave it running and see if the temps drop. 
    Also prop up the back of the laptop with a book   I actually fixed one once by using a vacuum cleaner hose on the air intake. (With the PC off).  That seemed to pull enough air backwards through the heatsink to clear it.  (What happens is that dust get trapped between the heatsink and the fan and blocks the air flow.  This looks like a Dell and most of them are fairly easy to get to for cleaning.  Its about 8 screws and a bottom panel lifts off which lets you get to the heatsink and fan.  Do not remove the heatsink/heat pipe assembly unless you have new thermal paste and know how to clean the old and replace with Arctic Silver 5. )
     
     
    and the hard drive is failing:
     
     

    Attribute name UltraDMA CRC Error Count
    Real value 88,951,925
    Current 100
    Worst 100
    Threshold 0
    Raw Value 00054D4C75
    Status Good
    C8
    Attribute name Write Error Rate / Multi-Zone Error Rate
    Real value 252,120,877
    Current 100
    Worst 100
    Threshold 0
    Raw Value 000F070F2D
    Status Good

     

     

     

    This would be a good time to replace the Hard drive before it fails.  It's fairly easy to clone a drive with a USB adapter - something like:

     

    http://www.amazon.co...sb sata adapter

     

    Something like this would work and would give you 500 GB instead of only 300GB

     

    Not sure why your file was named acrotray but it is the lowest user of the CPU on the whole PC so probably not a problem.


    • 0

    #13
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Ah. Yes, I know I need to clean out my fan...didn't realize that could be causing the "eating space" problem. OK, will do that -- I'm not going to DL the program, b/c I know it's something I need to get to. (And, on this Dell, it's a pain in the butt to do...it's 8 screws, but other pieces don't come off as easily, and there's a wire that always needs to be taped back into place -- as shown to me by a Dell tech).

     

    re: the HD: OK. I have a couple of external drives. I'll back stuff up and then look into replacing. Thank you.

     

    I'll report back in a couple of days to see if there's a change in the space issue.


    • 0

    #14
    Phlegmbot

    Phlegmbot

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 403 posts

    Cleaned out the fan. It's running better...mostly 59/60 degrees. Occasionally shooting up to 62. But I no longer hear the fan struggling as it had been.

     

    Motherboard is 27 degrees.

     

    Should I still DL speedfan?

     

    Also, still having the issue w/HD space getting eaten. I removed a ton of images, MP3s, and an old video, got 'er back up to just over 6gb, and I'm back down to 3.77


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    If you can keep the temps down then you don't need speedfan.  

     

    Try cleaning out your old System Restore files.  You might also want to read http://www.tomshardw...free-space.html

     

    I think your hard drive is about to fail so running out of space is going to be a minor problem.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP