Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Disguised as Mozilla Firefox Add-on Extension [Solved]

Started by teatime , Jan 13 2014 06:22 PM

  • This topic is locked This topic is locked

#1
teatime
Posted 13 January 2014 - 06:22 PM

teatime

    Member

  • Member
  • PipPip
  • 61 posts
Problem:

Two days ago in my Mozilla Firefox browser, there was a fishy extension under Add-ons called something like "Greeatsaveer!" and no other description. I uninstalled this add-on immediately. I was unable to locate any infection name. However, my Firefox browser appears to be laggier even loading just 2 or 3 tabs and more frequently freezes while loading. I'm not sure if there are traces of malware in my system or not.

Scans:

Ran Spybot Search and destroy, found nothing. Ran Avast quick scan and Malwarebytes quick scan. I had incomplete full scans in both running four 3-4 hours, but accidentally restarted my computer by uninstalling a program. Those 3-4 hours in both found nothing before restart.

Below is the OTL log. If it's not too much trouble, can someone take a look at my log to verify it is clean?

Thank you!

----------------------------

OTL logfile created on: 1/13/2014 3:55:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alice Yang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 58.05% Memory free
5.85 Gb Paging File | 3.79 Gb Available in Paging File | 64.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 112.73 Gb Free Space | 25.00% Space Free | Partition Type: NTFS

Computer Name: KRYPTO | User Name: Alice Yang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 15:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice Yang\Desktop\OTL.exe
PRC - [2014/01/12 13:09:01 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/12 13:09:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/07 22:59:36 | 000,921,040 | ---- | M] () -- C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2014/01/07 22:59:34 | 001,616,336 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2013/12/21 22:56:20 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/12/21 22:56:18 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/19 20:11:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/11 21:17:45 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/10/26 02:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013/10/23 14:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Alice Yang\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 13:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/12 13:09:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/07 22:59:36 | 000,921,040 | ---- | M] () -- C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
MOD - [2014/01/01 18:45:25 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2014/01/01 17:48:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2014/01/01 17:48:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/12/19 20:11:25 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 21:17:42 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/10/23 20:25:19 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/12 13:09:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/06 01:02:26 | 008,664,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/06/06 01:02:26 | 000,567,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV:64bit: - [2010/01/22 09:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 09:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/17 08:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/01/09 13:15:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/21 22:56:20 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/19 20:11:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/27 15:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/04/17 21:32:13 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/02/06 20:15:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/12 13:10:07 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/12 13:09:13 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/12 13:09:13 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/12 13:09:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/12 13:09:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/12 13:09:13 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/12 13:09:12 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/24 23:36:19 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/12/21 22:56:32 | 000,316,248 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/10/10 16:57:22 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/29 18:30:06 | 000,066,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/05/29 18:30:06 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/05/06 22:42:30 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/24 09:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 09:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 09:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/06 01:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/22 15:38:52 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 08:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/11/02 09:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 11:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/17 08:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 08:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 19:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 08:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/12/21 22:56:34 | 000,282,648 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/12/21 22:56:32 | 000,397,784 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/23 20:25:14 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {389093F4-5F07-4A88-A92C-F6665185A604}
IE:64bit: - HKLM\..\SearchScopes\{389093F4-5F07-4A88-A92C-F6665185A604}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{49ABE49F-FD04-4925-89ED-9794BF8FDD5B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3001739

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
IE - HKCU\..\SearchScopes,DefaultScope = {49ABE49F-FD04-4925-89ED-9794BF8FDD5B}
IE - HKCU\..\SearchScopes\{5FD6C6E8-ADC6-4EC3-B3EA-E3C34DDBB11A}: "URL" = http://websearch.ask...BA-2C2C2CD5E8EB
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3001739
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alice Yang\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alice Yang\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/12 13:09:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/10 19:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/19 17:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/25 03:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/25 03:30:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/19 17:12:45 | 000,000,000 | ---D | M]

[2010/07/13 13:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Extensions
[2014/01/12 12:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions
[2013/11/25 18:44:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/09/08 13:05:19 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2013/10/10 11:51:17 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/19 20:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/19 20:10:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/19 20:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/19 20:11:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/19 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Old Firefox Data\extensions
[2013/12/19 20:11:00 | 000,000,000 | ---D | M] (WOT) -- C:\Program Files (x86)\Mozilla Firefox\Old Firefox Data\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/01/12 13:09:17 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/01/12 00:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: avast! Online Security = C:\Users\Alice Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Alice Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\

O1 HOSTS File: ([2013/12/29 00:54:23 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [f.lux] C:\Users\Alice Yang\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - Startup: C:\Users\Alice Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{864DF591-9AF8-490F-9BB9-9456952361E6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{64f876e7-526e-11e0-b1e5-da989366bcc5}\Shell - "" = AutoRun
O33 - MountPoints2\{64f876e7-526e-11e0-b1e5-da989366bcc5}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{85924f78-7912-11e1-9060-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{85924f78-7912-11e1-9060-b8ac6f76ff44}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 15:54:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice Yang\Desktop\OTL.exe
[2014/01/12 15:46:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/12 13:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2014/01/12 13:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2014/01/12 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2014/01/12 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\AVAST Software
[2014/01/12 13:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/12 13:09:31 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/12 13:09:30 | 001,034,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/12 13:09:29 | 000,422,216 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/12 13:09:29 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/12 13:09:28 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/12 13:09:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/12 13:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/12 13:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Adobe
[2014/01/10 15:02:47 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Apple Computer
[2014/01/10 13:54:35 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Apple
[2014/01/09 21:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftWarehouse
[2014/01/09 21:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\2e034dc3f04803a9
[2014/01/09 21:13:18 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Torch
[2014/01/09 21:13:18 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Comodo
[2014/01/09 21:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/07 22:59:30 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\Google
[2014/01/07 22:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/01/07 22:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/30 15:06:24 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Documents\Winter Voices
[2013/12/30 12:54:42 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\WinterVoices
[2013/12/30 12:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/12/30 12:52:20 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\CrashRpt
[2013/12/30 01:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/12/30 01:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/30 01:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/29 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\Might and Delight
[2013/12/28 00:48:23 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\12-27-13 Pizza Party
[2013/12/25 00:52:09 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\OBS
[2013/12/25 00:52:05 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2013/12/25 00:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\OBS
[2013/12/25 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2013/12/24 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Documents\Penumbra
[2013/12/24 23:56:07 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/12/24 23:56:07 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/12/24 23:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013/12/24 23:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/12/24 23:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/12/20 20:25:08 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\Focus Vision Records
[2013/12/20 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\Writing
[2013/12/19 20:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/14 22:32:16 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\New folder
[55 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Users\Alice Yang\Desktop\*.tmp files -> C:\Users\Alice Yang\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Alice Yang\Documents\*.tmp files -> C:\Users\Alice Yang\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 15:58:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434712885-510186590-1615281227-1000UA.job
[2014/01/13 15:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice Yang\Desktop\OTL.exe
[2014/01/13 14:34:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/13 14:34:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/13 14:24:45 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\GS.Enabler-S-926685765.job
[2014/01/13 14:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/13 14:24:08 | 2356,559,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/12 18:17:08 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/12 18:17:08 | 000,660,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/12 18:17:08 | 000,121,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/12 17:58:04 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434712885-510186590-1615281227-1000Core.job
[2014/01/12 13:31:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/12 13:10:07 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/12 13:09:13 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/12 13:09:13 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/12 13:09:13 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/12 13:09:13 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/12 13:09:13 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/12 13:09:12 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/12 13:09:12 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/12 13:09:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/06 21:52:30 | 000,208,434 | ---- | M] () -- C:\Windows\hpoins43.dat
[2014/01/02 13:22:29 | 000,774,412 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/01 17:04:30 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014/01/01 17:04:30 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/12/29 00:54:23 | 000,450,660 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/21 22:56:32 | 000,316,248 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2013/12/19 21:26:12 | 000,002,046 | ---- | M] () -- C:\Users\Alice Yang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[55 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Users\Alice Yang\Desktop\*.tmp files -> C:\Users\Alice Yang\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Alice Yang\Documents\*.tmp files -> C:\Users\Alice Yang\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 13:09:31 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/12 13:09:30 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/09 21:13:50 | 000,000,470 | -H-- | C] () -- C:\Windows\tasks\GS.Enabler-S-926685765.job
[2013/12/28 01:02:58 | 2603,153,208 | ---- | C] () -- C:\Users\Alice Yang\Desktop\MVI_0655.MOV
[2013/10/19 17:03:25 | 000,208,434 | ---- | C] () -- C:\Windows\hpoins43.dat
[2013/09/30 21:55:02 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2013/09/08 02:45:07 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/04/01 16:48:53 | 000,004,509 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\CamStudio.cfg
[2013/04/01 16:48:53 | 000,000,408 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\CamShapes.ini
[2013/04/01 16:48:53 | 000,000,408 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\CamLayout.ini
[2013/04/01 16:48:53 | 000,000,096 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\Camdata.ini
[2012/11/07 18:23:54 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/07 18:23:54 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2012/06/19 14:56:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/31 23:07:58 | 000,210,760 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012/03/31 23:07:58 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/07/14 22:50:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/07/13 13:36:18 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\acccore
[2014/01/12 13:10:59 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\AVAST Software
[2013/09/08 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\BitComet
[2011/08/13 20:43:36 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\DAEMON Tools Lite
[2012/04/28 17:10:01 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\GetRightToGo
[2013/07/28 21:17:13 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\ImgBurn
[2011/04/12 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Leadertech
[2012/04/10 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\LolClient
[2014/01/09 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Might and Delight
[2013/10/10 20:51:39 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\MotioninJoy
[2013/12/25 00:52:09 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\OBS
[2011/05/17 00:46:16 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\OnLive App
[2011/09/24 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\ooVoo Details
[2012/11/13 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\OpenOffice.org
[2013/04/21 16:14:02 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Oracle
[2013/07/26 12:20:10 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Origin
[2013/12/15 17:48:35 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\SoftGrid Client
[2013/05/28 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\SplitMediaLabs
[2012/11/11 15:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\TP
[2011/04/01 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Trusteer
[2010/07/13 15:20:34 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Windows Live Writer
[2013/12/30 21:11:40 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\WinterVoices

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613

< End of report >
  • 0

Advertisements

#2
godawgs
Posted 15 January 2014 - 09:35 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
HelloAlice, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

While I am waiting for the Extras.txt log I will review the OTL log and get back to you once the Extras.txt log is received.
  • 0

#3
teatime
Posted 15 January 2014 - 03:22 PM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thank you, godawgs. I appreciate your help.

Here is the content of the Extras log:

---------------------

OTL Extras logfile created on: 1/13/2014 3:55:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alice Yang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 58.05% Memory free
5.85 Gb Paging File | 3.79 Gb Available in Paging File | 64.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 112.73 Gb Free Space | 25.00% Space Free | Partition Type: NTFS

Computer Name: KRYPTO | User Name: Alice Yang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01190885-0CBA-410E-BE44-C9D1A1DACD8F}" = lport=6112 | protocol=17 | dir=in | name=s3league3 |
"{19C0ADED-3563-4FFC-9D97-C9D5151D0C6A}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{24197AB4-C94C-4176-8660-4CE88436A83C}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{267B06F7-41A0-4887-84E1-F1CEDF0483EA}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{297D0605-8EDD-458B-B97E-90C241ABF96A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{29A13D7B-53B4-4A83-8863-ADC734D47122}" = lport=28002 | protocol=6 | dir=in | name=s4_28002 |
"{35228B69-B851-4826-B1BD-446DDEA0083B}" = lport=28008 | protocol=6 | dir=in | name=s4_28008 |
"{3DFD042A-74EE-49BF-A922-1E6308EA7557}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CFFBBA2-36B6-4500-A076-C6C24E712513}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{6336F7A9-1EFA-44B5-A51D-B56179EA6CBD}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{7D682B58-7389-499D-B580-940F89EBC337}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{7E5D1253-D131-43C4-BBD5-8D1455FD1E27}" = lport=38917 | protocol=17 | dir=in | name=s3league2 |
"{83167F90-0E43-4CBC-80B9-16D5982B31A5}" = lport=38915 | protocol=17 | dir=in | name=s3league |
"{89D47EEB-BA4B-461A-A460-13C13797FA98}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{8A3FC554-438B-4CEE-8D11-605780948F66}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{8E57E002-F81F-4D7D-AD35-0CF5218185B6}" = lport=28012 | protocol=6 | dir=in | name=s4_28012 |
"{C61B582B-C070-404B-A968-C4F971D39660}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CF3CFB83-FD65-4BC1-9017-B2A105C49C62}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F072F230-4AC0-447E-93F0-603D2A2A1EF0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{F107788B-3D27-46F3-8280-809D0C27528A}" = lport=28013 | protocol=6 | dir=in | name=s4_28013 |
"{F5665D16-6521-4691-AB31-7D492A7B56C2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00475FB9-79A6-4185-B1B2-1313ACEF63C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{03319D90-BCF9-41FF-9C3F-0FACAD40921C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{0429F573-503C-4DAF-A6A5-308A5651DBC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{04E4A506-C632-4948-908A-15250641FE7B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{079C4FAB-9900-476F-ABC3-43F151CCBE7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{08968B63-1152-4A83-8E6F-F6D5E14DFC68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{08AC6FF5-B361-43BD-8C3A-4816D3848FF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{0AC26AAA-08ED-41E7-BE73-AB0B32FE17EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0B6A51CE-8CC0-48F6-AD95-8DA40B300B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{0E722F6F-784A-43A3-92EB-2E58FC36C679}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0EC1E53C-4C9F-46D0-934F-E306DC40124B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{0F8C3D93-1062-433E-9E04-CF1837E027F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagionds.exe |
"{10B1EB51-BC3E-4E79-9C2A-820AD102A6BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shelter\shelter.exe |
"{11176F23-4864-467B-A4FF-A445F754E2D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\editor\hammereditor.exe |
"{16A694E6-3C9E-4B88-A616-D26BC5873F6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{16D4DFCC-B822-47EE-A871-36ABC0CFCFA4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{18EB602E-9F9B-45A8-942D-3784E6319343}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{19684B38-2603-428F-8200-7DCE4BA20E82}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe |
"{1BF31875-F785-4453-9EC5-E060F22800B3}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1DDEBBA6-6542-40DC-AD1A-A310FC6B3837}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{1E757888-9694-4323-9B61-8654B19DEADD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brotherslauncher.exe |
"{1F3A7CD6-DF34-4CC5-A6EB-913556551BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe |
"{1F7106A0-D3D5-4ABA-808C-BDD12C72D994}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{225BE923-D98D-4897-90D5-9AF20A530977}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{2350F88E-C04F-4402-83BD-1CD30D3319AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{2584D0D4-C71E-4350-9F6B-B7BFBC8F7720}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{2852F4C0-5265-4465-97D7-7FC6743B292C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\hammerwatch.exe |
"{28C9C0EF-EFBB-40FC-8B18-89043E2BCE04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{29652884-BE4F-4E48-B35E-6B21FF81B577}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{29705BD6-1C92-4333-84A8-62FFB711FD77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2B09B98C-7103-4C08-8341-2CB2F894B53F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2BC1149E-076E-42C6-AB9F-9F691D716760}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{2FB4E322-9F7B-412E-BEE6-305E026C0F27}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{2FE0C1CF-DBB2-497F-94EA-372C158A8194}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3139CD76-A9BB-4C10-AC53-4F4573612402}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe |
"{31618C49-C16E-4487-A96D-4DC5C24CF058}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{331DB90B-730E-4ACF-AD6B-CC9E2653E302}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{34A5BA97-E166-4B9C-9DC4-D047B47D1A16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe |
"{35060869-0AA9-4680-A1A4-7AFE12B26E21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{357B858E-9A16-4ABD-A7BE-DB831323B620}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{36803A38-C013-4E80-87D2-D183DE548020}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagion.exe |
"{3A3EA3C9-9A87-4A46-9E3E-4CEA38F5D6CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{3B877C68-6742-43B6-AF6C-84F4E39C4954}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{3CFF6703-CCFE-438C-9F1B-FE936DA4C75E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\winter voices ep 1\wintervoices.exe |
"{3E14CF08-B5DD-4FCA-B624-082F606BC9E3}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{4762BEED-ACAE-4D18-85C4-C054D3144927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{557D063C-7586-4CD5-ACD3-C6A89021E47B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jet set radio\jsrsetup.exe |
"{56EF2EE2-3955-402A-BD2D-9ADC82EA688A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\mirror's edge™\binaries\mirrorsedge.exe |
"{57639255-549E-4D21-98FA-197E66647E86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{584F1886-B185-49F0-9034-D6B99FD03FA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{58C61608-96A3-40CF-9179-1BC7252016AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{591C8EF8-98A2-4294-91B6-0ECF5FE70E9F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5B0F86F1-B107-4797-BAF6-24E4615317A2}" = dir=in | app=%programfiles% (x86)\alaplaya\s4league\patcher_s4.exe |
"{5D15CD20-2831-44A3-9B3B-06FE5F852CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5E25F5E5-C560-4FEC-B1A6-0112A6E7D503}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{5F7946F7-E55C-4331-8C9B-FA08815CF132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{5FBBFBF8-A44A-41DE-BEC5-143EDE7B38B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{60DC9889-6FF4-4966-B3ED-7F9254216002}" = dir=out | app=%userprofile%\videos\vlc-2.0.1\vlc.exe |
"{6168CCBF-614A-43A0-81A5-B07F96689D73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{636CAB79-5209-4A45-A059-76B1A465869B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{66F8C5B7-97AD-41C5-A33E-99FC6937BBBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagion.exe |
"{6C953982-2163-4A1D-9A72-293B88F39EE4}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{6E3B6468-E020-4DAA-9E3C-4ADAEDE4F1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ship\ship.exe |
"{6E95F940-C37A-443A-85CC-6D6619659AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagion.exe |
"{6EF03C89-1E10-4208-A443-7FE4CAABE1C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{71AA1366-1548-4591-A6B0-1609E8AEA1C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{74716683-B076-4C08-870A-F90B3130EEEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{76E85B31-4F31-4C6C-8B19-398CA9E87F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ship tutorial\ship.exe |
"{780F2E34-D32F-4625-A8A6-294FFD0A2AB5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7914F040-797A-4130-B443-EAE3BB2714D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{799C53A8-33A8-4BA5-B061-FFB252A1E835}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hauntedmemories\hm.exe |
"{7B5C1A24-6ED7-4D57-A77A-94B7A94E5B66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7CC340F3-94BB-40B2-9773-49786504F96E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jet set radio\jsrsetup.exe |
"{7D27E4F6-7866-4BDE-82EA-5776E481853A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\hammerwatch.exe |
"{8014F822-BED1-4531-8614-39E4C0DE8486}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{801A1C81-9885-4984-94E3-D928C45949FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{80BF8CA9-4372-4C51-B402-E682449308C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8115330C-608C-445E-A7EF-E726DA2FF11B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\mirror's edge™\binaries\mirrorsedge.exe |
"{84D50D44-77AC-47D5-95E9-11B391A7EEB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ship tutorial\ship.exe |
"{84FA60F7-4CBE-4C45-8704-0EC26FD4B6C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{88DF0548-8DAD-4A1F-80D9-AD98D6933BE1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8ABC3862-4CAA-47FE-84D1-C0A122E302C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{8B0070B1-D038-4957-876B-EB7F7F1AD1BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8B445B34-75D2-44E1-A5B9-B7308EDB4C7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shelter\shelter.exe |
"{8F15AB15-CDEA-4592-A5E9-7065E72AAF2E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8F449DFF-F262-4EF8-A824-4D85F04819F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{90946DF3-5F50-431C-B13A-B93CBB0D3AF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{90973B85-B6EC-40BD-886B-E80087E62882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{932C6110-C4B1-45A9-A516-17DC366AF02F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{979C81C9-BC5D-4CA7-B58F-DDA3E15DF2D7}" = dir=in | app=%programfiles% (x86)\alaplaya\s4league\s4client.exe |
"{98721D88-B837-49DD-8DE7-C5C1C33434AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{9FA50C9F-F70A-4CA7-80D5-62B7BE72F8FF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A28B981D-7602-4AE6-B6E5-57A64CCD500C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A290134A-D9F6-4CCA-88BA-F88EBBE73C9D}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe |
"{A5644983-5BF7-4EE2-9402-0EAD67F65FE1}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A605891E-6A94-4B9C-833F-3F086A16E437}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{A8EDCEF0-1422-49DA-9FBD-596DEB20654E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagion.exe |
"{ACABE9E7-C3A5-4FF1-A8E6-ECCEFB610ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{ACCD186F-A81D-4FD0-AD0B-A34C9A63AFD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ship\ship.exe |
"{ACE96E16-DCD6-467F-A2C1-B9D9ECB8C206}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AD818192-DA49-4D99-94CF-3B6277AC4570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{ADFB8A45-580E-440F-A992-82CB62411A90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{AE568C5E-8C02-4869-B40E-4359EF1D8A08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagion.exe |
"{AE7612C6-AB92-4B26-9E6B-10A6CD654534}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{B1B0AB02-2004-4B35-B35F-53F3B92829D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{B2843AD2-B19B-4C28-8AE3-4E2D4DB998BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagion.exe |
"{B3B9A49F-F7C1-4B89-9F2B-9A2D3D059661}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{B43BFF25-D4F4-437E-8637-878A5A6CC934}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{B5EE4537-6314-4406-9444-FF17773C8A6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{B7AC7EBD-CFC9-4164-9B85-4E105922E57C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{BB2AA1D3-819F-433B-8EE4-42FD9A1CF5B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BC18468D-DBC5-4610-884E-781429ACF112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jet set radio\jsrsetup.exe |
"{BED15CFF-50ED-4B28-9C47-ABFE773AB6F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BFFDE8DE-DA43-4E7B-87AB-64FA09D3A252}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{C111A6FB-1C2F-45CD-9A01-0B585C571D30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{C18C4E83-DE7F-4016-9DB4-164EAF33C18C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{C2F300B9-8AA7-40BC-88B7-99F4FC4003E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\winter voices ep 1\wintervoices.exe |
"{C394456A-0B73-47C5-9985-934C464199DF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C4097218-F535-4E89-B43D-0510D3E1BA3C}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C69826A6-C8B0-4A7C-8967-D60BA49C5D10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C9B661F8-D780-4FC0-A5A6-F63A705CBD9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{CB1E939F-766F-4703-9FB0-0E99996DFBAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\editor\hammereditor.exe |
"{CC1E6AF4-7DA7-4BD5-9D49-C3193260ADEA}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{CD324894-80C7-44BD-8AF2-0B4CD8111949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{CDD5904A-70B1-496F-9C03-BE0D2F38D3B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\contagionbeta\contagionds.exe |
"{CDFF5CDA-B16B-4F9C-8625-701FBBEDA505}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe |
"{CE579A1F-E16D-4142-A880-D2128F847F04}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CFD35909-7404-446B-815F-72CC5091EEC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe |
"{D16CA56C-E3CD-4804-89C8-DB89D2229840}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D1BBE27C-DE6E-44EB-A3EA-D7F0F4FEC054}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D3BEF0D2-DF16-4454-B7EF-28A5FB2E3F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{D578B490-D028-476F-9F2D-4F34E00507F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hauntedmemories\hm.exe |
"{D5EB1D42-20B6-4D80-92DB-D1500796EAB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{D63E5F7C-B63A-4384-AEEF-12B345A335FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{D700E913-AB7F-48CB-8948-0E9183552496}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D8DC8AE9-BF44-4289-9A4D-A847E3AFA6C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9C8A1AF-9946-47AA-9E95-C26F302BE420}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DB7BB3FB-0874-4C6D-9575-9D4F83C6AA1D}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{DDF49F3E-E110-4D57-BA3E-EB9681DACCCB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{DF6A8352-E9AA-4560-99A7-543212B6D183}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jet set radio\jsrsetup.exe |
"{E0015404-A536-4978-B9BD-0A285890F361}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{E037487A-0B30-4988-A63A-4677F0FABCAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{E08BBA67-88F8-4C8F-8733-8BD5A7C585ED}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1353125-A1CD-4C9F-9446-26971DFCD03A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E2C2DF6E-6628-4733-BDD4-30867331CDE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brotherslauncher.exe |
"{E342503D-C70A-4186-9BB6-1619F48A8833}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E51AD43B-003B-4973-8773-D5E319A455E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E56CB2CD-CCF9-47A7-A738-B3268411E793}" = dir=in | app=%userprofile%\videos\vlc-2.0.1\vlc.exe |
"{E64F3B06-2A6A-46E1-B5BF-61A73FC44543}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe |
"{EA40C250-64DD-468D-BF13-7879CCE52A70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{ECE3E841-2B69-43E7-8BBE-BF56FA962E1A}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{ED30CB64-E954-4FAB-810E-4DF7E3034994}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EECFF420-C7D8-44C5-941D-914D906E69B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{F80DF9D6-55CA-4753-A73E-6A800974B546}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F8D214AE-1712-4939-941F-1ED4DB25F539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F9BD66D9-8B1E-4F6A-8129-EEA7EB646879}" = dir=in | app=d:\setup\hpznui40.exe |
"{FA9B9F6D-62B5-4C65-B006-6168F92EB28D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"TCP Query User{1397C33B-50D2-4C17-A2C5-0CB77F4822D0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{560118A6-D95D-45CE-A450-F40412E23E74}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe |
"TCP Query User{B5D1C799-76C9-48FC-9EAB-602CB99AD908}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{C02D9205-FD29-41A5-AA80-AE441C05DDCE}C:\users\alice yang\videos\vlc-2.0.1\vlc.exe" = protocol=6 | dir=in | app=c:\users\alice yang\videos\vlc-2.0.1\vlc.exe |
"TCP Query User{D0314650-39A5-4435-9550-43E8D3C6DD23}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{E820623A-29A3-4C83-960A-A4D0691AB7BD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe |
"TCP Query User{EC1345D1-9D67-4762-A14B-5A9A78CA08BA}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{0E9A8BC0-2B99-4E3F-9AE4-D6FC34A72DA5}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{3982809F-50AD-4C8E-B515-BF0261EFBD40}C:\users\alice yang\videos\vlc-2.0.1\vlc.exe" = protocol=17 | dir=in | app=c:\users\alice yang\videos\vlc-2.0.1\vlc.exe |
"UDP Query User{9016583A-0556-4FCC-A6D4-463AEC2D660D}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{A1A745C0-228B-4CC7-80B0-BE4A35829558}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe |
"UDP Query User{C45F9AEB-7E83-4E23-BD8B-91A2562AC594}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{DEF92F21-6E73-4EED-9352-5BC55DE4DC3D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{DF10D43E-7FC4-4594-A1A6-D6F9EA88F9B0}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1A1C6401-3A28-6CA4-BD97-2E4EBA01AA1E}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"GooglePinyin2" = 谷歌拼音输入法 2.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{093BFAF2-D27B-5F40-6A62-E0324B826A85}" = CCC Help Russian
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0FD68294-58C6-4C78-8CDA-3C39A076429E}" = S4 League_EU
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E2700C6-AF1E-8A37-FB99-D7DCCFA9B9FF}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{229956A4-01A8-CC10-34C3-0B6C3E71E25A}" = CCC Help Danish
"{249B3F6E-5D8A-FE2D-6456-50610605953F}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 45
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F44D259-19C0-C014-1C06-EBE578A81D9F}" = CCC Help Spanish
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C55AEE9-EB21-D8B8-5FDF-1785316F8765}" = Catalyst Control Center Graphics Previews Vista
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{471C266A-8063-0566-1DCA-2F11E06AE733}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{68914419-24B4-E8A8-2418-54FC00C2A9A3}" = Catalyst Control Center Localization All
"{689C7B4D-76FF-94C2-CA15-9022E6991A73}" = CCC Help Dutch
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{799B33C1-36C5-E5C2-4F94-089F22684B8F}" = Catalyst Control Center Core Implementation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8550E6E0-D100-B5B3-C752-530D4D44F553}" = Catalyst Control Center Graphics Previews Common
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADF8601-2EA0-CE1D-2334-9240A65430AC}" = Skins
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94DC0311-EA8F-A686-B231-287A5FEE5EC5}" = CCC Help Finnish
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{982A14D3-93AA-44BD-1467-163664C8FF0A}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A43112A-E48B-9E8A-9835-B5002D664FDA}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A03D6040-635E-1372-8F28-76D8C44C5854}" = CCC Help French
"{A06E3D81-A9D2-7171-8345-EC293BE6F93F}" = ccc-core-static
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4E470AD-43C3-4BDC-EB79-A5F0A783431C}" = Catalyst Control Center Graphics Light
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AB354E6C-F4FF-A426-A2FF-CADA3FAC5F91}" = Catalyst Control Center Graphics Full Existing
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46B755F-F3D3-ED34-D706-0FE34ECC24B2}" = CCC Help Norwegian
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B5A33AA1-5CB4-2063-FDEE-61ADC731A225}" = Catalyst Control Center InstallProxy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB941D37-6FCE-801E-5FD8-B5541FF0DE44}" = Catalyst Control Center Graphics Full New
"{CC33DBB0-DF5F-4186-81BD-62FE69E65A71}" = CCC Help Korean
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF9833C2-DD1A-9967-6A5C-BFF7F254A8BD}" = CCC Help English
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAE7E23E-144C-7A14-047D-3709EAA2373F}" = CCC Help Swedish
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F74CF10A-96FF-AE4C-D4CA-21B9A0E58E9E}" = CCC Help Chinese Standard
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"Avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitComet" = BitComet 1.35
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCShield" = MCShield ::Anti-Malware Tool::
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnLive" = OnLive
"Open Broadcaster Software" = Open Broadcaster Software
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Perspective" = Perspective 1.0
"PFPortChecker" = PFPortChecker 1.0.39
"Rapport_msi" = Trusteer Endpoint Protection
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 200710" = Torchlight II
"Steam App 205950" = Jet Set Radio
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212160" = Vindictus
"Steam App 22120" = Penumbra: Black Plague
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra: Overture
"Steam App 223710" = Cry of Fear
"Steam App 225080" = Brothers - A Tale of Two Sons
"Steam App 230410" = Warframe
"Steam App 238210" = System Shock 2
"Steam App 238430" = Contagion
"Steam App 239070" = Hammerwatch
"Steam App 2400" = The Ship
"Steam App 241640" = Haunted Memories
"Steam App 2430" = The Ship Tutorial
"Steam App 244710" = Shelter
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 43110" = Metro 2033
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 72900" = Winter Voices
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2014 5:59:38 AM | Computer Name = KRYPTO | Source = Windows Search Service | ID = 3029
Description =

Error - 1/10/2014 5:59:38 AM | Computer Name = KRYPTO | Source = Windows Search Service | ID = 3028
Description =

Error - 1/10/2014 5:59:38 AM | Computer Name = KRYPTO | Source = Windows Search Service | ID = 3058
Description =

Error - 1/10/2014 5:59:38 AM | Computer Name = KRYPTO | Source = Windows Search Service | ID = 7010
Description =

Error - 1/11/2014 3:12:19 AM | Computer Name = KRYPTO | Source = Application Error | ID = 1000
Description = Faulting application name: jetsetradio.exe, version: 0.0.0.0, time
stamp: 0x513f01d7 Faulting module name: jetsetradio.exe, version: 0.0.0.0, time
stamp: 0x513f01d7 Exception code: 0xc0000005 Fault offset: 0x001cbe9b Faulting process
id: 0x1414 Faulting application start time: 0x01cf0e9c768accf8 Faulting application
path: C:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jetsetradio.exe
Faulting
module path: C:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jetsetradio.exe
Report
Id: b5065349-7a8f-11e3-9478-b8ac6f76ff44

Error - 1/12/2014 5:07:08 PM | Computer Name = KRYPTO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary fuknagdv. System Error: The system cannot find the file specified. .

Error - 1/12/2014 7:19:06 PM | Computer Name = KRYPTO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary fuknagdv. System Error: The system cannot find the file specified. .

Error - 1/12/2014 7:22:02 PM | Computer Name = KRYPTO | Source = MsiInstaller | ID = 10005
Description =

Error - 1/12/2014 8:47:47 PM | Computer Name = KRYPTO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary fuknagdv. System Error: The system cannot find the file specified. .

Error - 1/13/2014 7:10:07 PM | Computer Name = KRYPTO | Source = Application Error | ID = 1000
Description = Faulting application name: S4Client.exe, version: 0.8.32.9344, time
stamp: 0x52aad6da Faulting module name: S4Client.exe, version: 0.8.32.9344, time
stamp: 0x52aad6da Exception code: 0x40000015 Fault offset: 0x003435be Faulting process
id: 0x1a60 Faulting application start time: 0x01cf10b13ce4b8f8 Faulting application
path: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Faulting module path:
C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Report Id: d797a1d2-7ca7-11e3-8933-b8ac6f76ff44

[ Broadcom Wireless LAN Events ]
Error - 11/3/2013 3:17:11 PM | Computer Name = KRYPTO | Source = WLAN-Tray | ID = 0
Description = 11:17:11, Sun, Nov 03, 13 Error - Unable to decode string, error 87


Error - 12/3/2013 7:19:49 AM | Computer Name = KRYPTO | Source = WLAN-Tray | ID = 0
Description = 03:19:47, Tue, Dec 03, 13 Error - Unable to gain access to user store


Error - 12/9/2013 9:21:49 PM | Computer Name = KRYPTO | Source = WLAN-Tray | ID = 0
Description = 17:21:49, Mon, Dec 09, 13 Error - Unable to gain access to user store


[ System Events ]
Error - 1/11/2014 8:08:05 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/12/2014 12:38:05 AM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/12/2014 3:44:44 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/12/2014 8:55:17 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/12/2014 9:06:08 PM | Computer Name = KRYPTO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:03:05 PM on ?1/?12/?2014 was unexpected.

Error - 1/12/2014 9:08:01 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/12/2014 9:20:20 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/12/2014 10:20:45 PM | Computer Name = KRYPTO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:18:04 PM on ?1/?12/?2014 was unexpected.

Error - 1/12/2014 10:22:01 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =

Error - 1/13/2014 6:25:50 PM | Computer Name = KRYPTO | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#4
godawgs
Posted 16 January 2014 - 10:21 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Let's see if we can help the lag.


You have the following Peer-to-Peer program(s) installed:

BitComet

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.


Step-1.

Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

BitComet 1.35

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

c:\program files (x86)\bitcomet
C:\Users\Alice Yang\AppData\Roaming\BitComet

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3001739
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3001739
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - Startup: C:\Users\Alice Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O33 - MountPoints2\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{64f876e7-526e-11e0-b1e5-da989366bcc5}\Shell - "" = AutoRun
O33 - MountPoints2\{64f876e7-526e-11e0-b1e5-da989366bcc5}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{85924f78-7912-11e1-9060-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{85924f78-7912-11e1-9060-b8ac6f76ff44}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\Shell - "" = AutoRun
O33 - MountPoints2\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
[2014/01/09 21:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftWarehouse
[2014/01/09 21:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\2e034dc3f04803a9
[2014/01/13 14:24:45 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\GS.Enabler-S-926685765.job

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again. Click the Scan All Users box at the top of the console and then click the Posted Image button. Post the log it produces in your next reply.


Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[R0].txt log
3. The new OTL.txt log
  • 0

#5
teatime
Posted 17 January 2014 - 03:29 AM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hello godawgs,

I apologize but I accidentally left my laptop behind and will be unable to access it until Monday at least. Is it possible to prevent the thread from autolocking? Or should I just post to prevent the lock after four days?

Sorry for the inconvenience!
  • 0

#6
godawgs
Posted 17 January 2014 - 10:53 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
No worries. I will try to remember to keep the thread open. :thumbsup:
  • 0

#7
teatime
Posted 20 January 2014 - 01:17 AM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thank you, I will get back to you as soon as possible tonorrow.
  • 0

#8
teatime
Posted 20 January 2014 - 09:31 PM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Updated with the logs!

1) OTL fixes log:
--------------------------------

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
C:\Users\Alice Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4057f6-152a-11e3-bc15-b8ac6f76ff44}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f876e7-526e-11e0-b1e5-da989366bcc5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f876e7-526e-11e0-b1e5-da989366bcc5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f876e7-526e-11e0-b1e5-da989366bcc5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f876e7-526e-11e0-b1e5-da989366bcc5}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cd2710b-8ec0-11df-9926-b8ac6f76ff44}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85924f78-7912-11e1-9060-b8ac6f76ff44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85924f78-7912-11e1-9060-b8ac6f76ff44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85924f78-7912-11e1-9060-b8ac6f76ff44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85924f78-7912-11e1-9060-b8ac6f76ff44}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b11b0365-9733-11e2-9307-b8ac6f76ff44}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
C:\ProgramData\SoftWarehouse\GS.Enabler\926685765 folder moved successfully.
C:\ProgramData\SoftWarehouse\GS.Enabler folder moved successfully.
C:\ProgramData\SoftWarehouse folder moved successfully.
C:\ProgramData\2e034dc3f04803a9 folder moved successfully.
C:\Windows\Tasks\GS.Enabler-S-926685765.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alice Yang\Desktop\cmd.bat deleted successfully.
C:\Users\Alice Yang\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Alice Yang\Desktop\cmd.bat deleted successfully.
C:\Users\Alice Yang\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Alice Yang\Desktop\cmd.bat deleted successfully.
C:\Users\Alice Yang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Alice Yang
->Temp folder emptied: 2141832 bytes
->Temporary Internet Files folder emptied: 6106320 bytes
->Java cache emptied: 11576096 bytes
->FireFox cache emptied: 382551123 bytes
->Google Chrome cache emptied: 26394755 bytes
->Flash cache emptied: 59450 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 761416 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42320330 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1069512 bytes

Total Files Cleaned = 451.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01162014_153441

Files\Folders moved on Reboot...
C:\Users\Alice Yang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2) AdwCleaner[R0].txt log
--------------------------------

# AdwCleaner v3.017 - Report created 20/01/2014 at 19:14:35
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alice Yang - KRYPTO
# Running from : C:\Users\Alice Yang\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\user.js
Folder Found C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found C:\Users\Alice Yang\AppData\Local\torch
Folder Found C:\Users\Alice Yang\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\Alice Yang\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ask.com/?l=dis&o=2159&gct=hp

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\prefs.js ]

Line Found : user_pref("extensions.mYV0RIe75S0Q.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.[...]

-\\ Google Chrome v

[ File : C:\Users\Alice Yang\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4216 octets] - [20/01/2014 19:14:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4276 octets] ##########

3) New OTL.txt log
--------------------------------

OTL logfile created on: 1/16/2014 3:43:31 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alice Yang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 53.63% Memory free
5.85 Gb Paging File | 4.27 Gb Available in Paging File | 73.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 110.29 Gb Free Space | 24.45% Space Free | Partition Type: NTFS

Computer Name: KRYPTO | User Name: Alice Yang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 15:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice Yang\Desktop\OTL.exe
PRC - [2014/01/12 13:09:01 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/12 13:09:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 22:56:20 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/12/21 22:56:18 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/26 02:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013/10/23 14:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Alice Yang\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 13:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 05:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/12 13:09:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/01 18:45:25 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2014/01/01 17:48:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2014/01/01 17:48:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/23 20:25:19 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/12 13:09:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/06 01:02:26 | 008,664,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/06/06 01:02:26 | 000,567,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV:64bit: - [2010/01/22 09:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 09:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/17 08:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/01/13 18:25:00 | 000,570,280 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/21 22:56:20 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/19 20:11:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/27 15:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/04/17 21:32:13 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/02/06 20:15:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/12 13:10:07 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/12 13:09:13 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/12 13:09:13 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/12 13:09:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/12 13:09:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/12 13:09:13 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/12 13:09:12 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/24 23:36:19 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/12/21 22:56:32 | 000,316,248 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/10/10 16:57:22 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/29 18:30:06 | 000,066,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/05/29 18:30:06 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/05/06 22:42:30 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/24 09:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 09:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 09:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/06 01:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/22 15:38:52 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 08:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/11/02 09:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 11:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/17 08:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 08:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 19:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 08:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/12/21 22:56:34 | 000,282,648 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/12/21 22:56:32 | 000,397,784 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/23 20:25:14 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {389093F4-5F07-4A88-A92C-F6665185A604}
IE:64bit: - HKLM\..\SearchScopes\{389093F4-5F07-4A88-A92C-F6665185A604}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{49ABE49F-FD04-4925-89ED-9794BF8FDD5B}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2434712885-510186590-1615281227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2434712885-510186590-1615281227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp
IE - HKU\S-1-5-21-2434712885-510186590-1615281227-1000\..\SearchScopes,DefaultScope = {49ABE49F-FD04-4925-89ED-9794BF8FDD5B}
IE - HKU\S-1-5-21-2434712885-510186590-1615281227-1000\..\SearchScopes\{5FD6C6E8-ADC6-4EC3-B3EA-E3C34DDBB11A}: "URL" = http://websearch.ask...BA-2C2C2CD5E8EB
IE - HKU\S-1-5-21-2434712885-510186590-1615281227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2434712885-510186590-1615281227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alice Yang\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alice Yang\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/12 13:09:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/10 19:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/19 17:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/16 15:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/25 03:30:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/19 17:12:45 | 000,000,000 | ---D | M]

[2010/07/13 13:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Extensions
[2014/01/16 15:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions
[2013/11/25 18:44:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/10/10 11:51:17 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/19 20:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/19 20:10:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/19 20:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/19 20:11:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/19 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Old Firefox Data\extensions
[2013/12/19 20:11:00 | 000,000,000 | ---D | M] (WOT) -- C:\Program Files (x86)\Mozilla Firefox\Old Firefox Data\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/01/12 13:09:17 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/01/12 00:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: avast! Online Security = C:\Users\Alice Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Alice Yang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\

O1 HOSTS File: ([2013/12/29 00:54:23 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2434712885-510186590-1615281227-1000..\Run: [f.lux] C:\Users\Alice Yang\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKU\S-1-5-21-2434712885-510186590-1615281227-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{864DF591-9AF8-490F-9BB9-9456952361E6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/16 15:34:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/13 15:54:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice Yang\Desktop\OTL.exe
[2014/01/12 15:46:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/12 13:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2014/01/12 13:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2014/01/12 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2014/01/12 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\AVAST Software
[2014/01/12 13:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/12 13:09:31 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/12 13:09:30 | 001,034,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/12 13:09:29 | 000,422,216 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/12 13:09:29 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/12 13:09:28 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/12 13:09:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/12 13:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/12 13:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Adobe
[2014/01/10 15:02:47 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Apple Computer
[2014/01/10 13:54:35 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Apple
[2014/01/09 21:13:18 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Torch
[2014/01/09 21:13:18 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\Comodo
[2014/01/09 21:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/07 22:59:30 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\Google
[2014/01/07 22:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/01/07 22:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/30 15:06:24 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Documents\Winter Voices
[2013/12/30 12:54:42 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\WinterVoices
[2013/12/30 12:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/12/30 12:52:20 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Local\CrashRpt
[2013/12/30 01:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/12/30 01:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/30 01:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/29 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\Might and Delight
[2013/12/28 00:48:23 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\12-27-13 Pizza Party
[2013/12/25 00:52:09 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\OBS
[2013/12/25 00:52:05 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2013/12/25 00:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\OBS
[2013/12/25 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2013/12/24 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Documents\Penumbra
[2013/12/24 23:56:07 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/12/24 23:56:07 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/12/24 23:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013/12/24 23:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/12/24 23:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/12/20 20:25:08 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\Focus Vision Records
[2013/12/20 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Alice Yang\Desktop\Writing
[2013/12/19 20:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[3 C:\Users\Alice Yang\Desktop\*.tmp files -> C:\Users\Alice Yang\Desktop\*.tmp -> ]
[1 C:\Users\Alice Yang\Documents\*.tmp files -> C:\Users\Alice Yang\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/16 15:48:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 15:48:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 15:40:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/16 15:39:52 | 2356,559,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 01:03:54 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434712885-510186590-1615281227-1000UA.job
[2014/01/15 17:00:33 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/15 17:00:33 | 000,660,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/15 17:00:33 | 000,121,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/15 13:15:04 | 001,972,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 17:58:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2434712885-510186590-1615281227-1000Core.job
[2014/01/13 15:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice Yang\Desktop\OTL.exe
[2014/01/12 13:31:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/12 13:10:07 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/12 13:09:13 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/12 13:09:13 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/12 13:09:13 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/12 13:09:13 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/12 13:09:13 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/12 13:09:12 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/12 13:09:12 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/12 13:09:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/06 21:52:30 | 000,208,434 | ---- | M] () -- C:\Windows\hpoins43.dat
[2014/01/02 13:22:29 | 000,774,412 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/01 17:04:30 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014/01/01 17:04:30 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/12/29 00:54:23 | 000,450,660 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/21 22:56:32 | 000,316,248 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2013/12/19 21:26:12 | 000,002,046 | ---- | M] () -- C:\Users\Alice Yang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[3 C:\Users\Alice Yang\Desktop\*.tmp files -> C:\Users\Alice Yang\Desktop\*.tmp -> ]
[1 C:\Users\Alice Yang\Documents\*.tmp files -> C:\Users\Alice Yang\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/14 22:01:50 | 016,777,216 | ---- | C] () -- C:\Users\Alice Yang\Desktop\PuzzleQuest Challenge of the Warlords.nds
[2014/01/12 13:09:31 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/12 13:09:30 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/12/28 01:02:58 | 2603,153,208 | ---- | C] () -- C:\Users\Alice Yang\Desktop\MVI_0655.MOV
[2013/10/19 17:03:25 | 000,208,434 | ---- | C] () -- C:\Windows\hpoins43.dat
[2013/09/30 21:55:02 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2013/09/08 02:45:07 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/04/01 16:48:53 | 000,004,509 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\CamStudio.cfg
[2013/04/01 16:48:53 | 000,000,408 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\CamShapes.ini
[2013/04/01 16:48:53 | 000,000,408 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\CamLayout.ini
[2013/04/01 16:48:53 | 000,000,096 | ---- | C] () -- C:\Users\Alice Yang\AppData\Roaming\Camdata.ini
[2012/11/07 18:23:54 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/07 18:23:54 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2012/06/19 14:56:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/31 23:07:58 | 000,210,760 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012/03/31 23:07:58 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/07/14 22:50:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/07/13 13:36:18 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\acccore
[2014/01/12 13:10:59 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\AVAST Software
[2013/09/08 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\BitComet
[2011/08/13 20:43:36 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\DAEMON Tools Lite
[2012/04/28 17:10:01 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\GetRightToGo
[2013/07/28 21:17:13 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\ImgBurn
[2011/04/12 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Leadertech
[2012/04/10 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\LolClient
[2014/01/09 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Might and Delight
[2013/10/10 20:51:39 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\MotioninJoy
[2013/12/25 00:52:09 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\OBS
[2011/05/17 00:46:16 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\OnLive App
[2011/09/24 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\ooVoo Details
[2012/11/13 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\OpenOffice.org
[2013/04/21 16:14:02 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Oracle
[2013/07/26 12:20:10 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Origin
[2013/12/15 17:48:35 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\SoftGrid Client
[2013/05/28 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\SplitMediaLabs
[2012/11/11 15:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\TP
[2011/04/01 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Trusteer
[2010/07/13 15:20:34 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\Windows Live Writer
[2013/12/30 21:11:40 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\WinterVoices
[2011/04/20 21:14:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/04/20 21:14:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613

< End of report >

I would like to note that I see the name GS.Enabler in the OTL fixes log. This may be some form of adware because I found an unknown program called GS Enabler in My Programs but had it uninstalled prior to creating this thread.
  • 0

#9
godawgs
Posted 21 January 2014 - 12:15 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Alice,

I would like to note that I see the name GS.Enabler in the OTL fixes log. This may be some form of adware because I found an unknown program called GS Enabler in My Programs but had it uninstalled prior to creating this thread.

Acknowledged. GS.Enabler was the program GreatSaver. It was most likely installed as part of another software program that you installed. These adware, spyware, foistware programs are more and more being bundled with other software and installed when the other software is installed unless you specifically opt. not to install it.
When you uninstalled the program it left some remnants on the system and that's what you saw in the OTL fixes log. It was removed.

Let's kill some more nasties. After this run please tell me how the computer is running and if the Firefox browser is better.


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
[2012/01/12 00:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
[2013/09/08 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Alice Yang\AppData\Roaming\BitComet

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. Let me know how the computer is running now.
  • 0

#10
teatime
Posted 21 January 2014 - 09:34 PM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I disabled Windows Sidebar Device.

Here are the logs:

1) OTL fixes log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Alice Yang\AppData\Roaming\BitComet\torrents folder moved successfully.
C:\Users\Alice Yang\AppData\Roaming\BitComet\share folder moved successfully.
C:\Users\Alice Yang\AppData\Roaming\BitComet\rules folder moved successfully.
C:\Users\Alice Yang\AppData\Roaming\BitComet\fav folder moved successfully.
C:\Users\Alice Yang\AppData\Roaming\BitComet\cache folder moved successfully.
C:\Users\Alice Yang\AppData\Roaming\BitComet\archive folder moved successfully.
C:\Users\Alice Yang\AppData\Roaming\BitComet folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Alice Yang
->Temp folder emptied: 1005180 bytes
->Temporary Internet Files folder emptied: 635609 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105939444 bytes
->Google Chrome cache emptied: 260378430 bytes
->Flash cache emptied: 1025 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79209 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 17761792 bytes

Total Files Cleaned = 368.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01212014_183251

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Alice Yang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Alice Yang\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2) AdwCleaner[S0].txt log

# AdwCleaner v3.017 - Report created 21/01/2014 at 18:49:53
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alice Yang - KRYPTO
# Running from : C:\Users\Alice Yang\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Alice Yang\AppData\Local\torch
Folder Deleted : C:\Users\Alice Yang\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Alice Yang\AppData\LocalLow\Conduit
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Alice Yang\AppData\Roaming\Mozilla\Firefox\Profiles\gjdcrxxg.default-1363386292631\prefs.js ]

Line Deleted : user_pref("extensions.mYV0RIe75S0Q.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.[...]

-\\ Google Chrome v

[ File : C:\Users\Alice Yang\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4368 octets] - [20/01/2014 19:14:35]
AdwCleaner[R1].txt - [4428 octets] - [21/01/2014 18:46:12]
AdwCleaner[S0].txt - [4343 octets] - [21/01/2014 18:49:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4403 octets] ##########

3) JRT.txt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alice Yang on Tue 01/21/2014 at 18:58:24.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5FD6C6E8-ADC6-4EC3-B3EA-E3C34DDBB11A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Alice Yang\AppData\Roaming\getrighttogo"



~~~ FireFox

Emptied folder: C:\Users\Alice Yang\AppData\Roaming\mozilla\firefox\profiles\gjdcrxxg.default-1363386292631\minidumps [594 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/21/2014 at 19:13:50.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4) How the computer runs
I noticed some improvements since the first OTL fix: Mozilla Firefox is less laggy. At least the entire browser window does not freeze with "(Not responding)" message when I open new tabs. Taskbar no longer freezes for 3 or more seconds when hiding, though I have caught it frozen for 1 sec a couple of times. (The way it freezes is how when Microsoft windows lag and you can drag them, leaving copies of the window behind.) Thanks for the heads up on unsecure programs, I took your advice and uninstalled/disabled them! :thumbsup:

Edited by teatime, 22 January 2014 - 04:00 AM.

  • 0

Advertisements

#11
teatime
Posted 22 January 2014 - 04:01 AM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Not sure if you accessed the page beforehand, but I updated #4 as of 2:01 AM PST. The lag in my browser seems okay, the taskbar mostly better. Perhaps they are all good to go and I only noticed them after being hit by the malware because it created a noticeable difference then.

Edited by teatime, 22 January 2014 - 04:02 AM.

  • 0

#12
godawgs
Posted 22 January 2014 - 10:00 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
It's good to hear that the browser is ok now. I don't hide my task bar so I don't know what the lag time should be, if any.
Let's look for any residual malware and check for programs that need to be updated.

Before running steps 1 and 2 please disable any screen saver you have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the Malwarebytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just let me know.
3. The checkup.txt log
  • 0

#13
teatime
Posted 23 January 2014 - 04:48 AM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Here are the new logs!

1. The MalwareBytes log (no threats found)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.22.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Alice Yang :: KRYPTO [administrator]

1/22/2014 2:19:16 PM
mbam-log-2014-01-22 (14-19-16).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 608036
Time elapsed: 4 hour(s), 1 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

2. The ESET scan log (found 2 files in Spybot Search & Destroy, I have version 1.6.2.46)

C:\ProgramData\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm

3. The checkup.txt log

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.4
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 32.0.1700.72
Google Chrome 32.0.1700.76
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#14
godawgs
Posted 23 January 2014 - 09:05 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The ESET scan log (found 2 files in Spybot Search & Destroy, I have version 1.6.2.46

The files found are already in the SpyBot Recovery folder so they have been quarantined in a .zip file and are not any harm. If you want to remove the files in the SpyBot Recovery folder I think you can open that folder and delete the .zip files within it but they aren't hurting anything if you leave them there.

Let's update your Java. Then if you don't have any more issues we will be ready to clean up. :)

Posted Image JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u51
  • Click the "Download button under the JRE" column.
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u51 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 29.37MB, click the jre-7u51-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update 45
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
C.
Install the latest JAVA

Back on your desktop:
  • Right click the jre-7u51-windows-x64.exefile and click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the update went.
2. Let me know if there are any further issues.
  • 0

#15
teatime
Posted 23 January 2014 - 05:29 PM

teatime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
1. Update
I deleted the .zip files that Spybot sealed away. I also uninstalled Java from My Programs plus web browsers then rebooted.

2. No further issues.
I feel like my computer's been cleaned nicely. Thank you for volunteering to check it out and spending the time to guide me through the process. You were very helpful and informative!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP