Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Pro Issue Background audio, Windows will not start restart


  • This topic is locked This topic is locked

#1
asmartblondie

asmartblondie

    New Member

  • Member
  • Pip
  • 5 posts

2 weeks ago I somehow managed to get OutFox TV on my pc. Once I realized this, I went about removing the program through the control panel. I then researched and discovered where it would hide in my registry and removed from there. All was well for a few days.

 

However I am still receiving random background noises. I can mute these under Open Volume Meter (no name available) for the file. I do this several times an hour as it always unmutes and  plays extremely loud to the point that I finally turned off my speakers.

 

Avast found Blackbeard Trojan is my System 32 files. I was prompted to restart my pc in order to fully take care of the issue. So I did....

 

The trouble only got worse - Windows would not restart unless I did F8 and used last known good boot (or something along that line). I reran my Avast scan and sure enough, the Trojan is still in my system. I tried to shut down and restart in safe mode. Windows would not load so I had to shut down and use the F8 prompt to open.  I ran another scan and did a registry clean up with CCC. I was prompted to restart. This time, Windows would not close at all, I was forced to shut down using the power button. Again, I restarted with F8 key. 

 

I have been researching solutions to these issues without doing anything to change the system and came to the conclusion that,rather than attempting to work this out on my own, my best solution was to post here and ask for help from those who have more knowledge with such things.

 

Please find OTL logs below. Thank you for your advice!

 

 

 

OTL logfile created on: 4/25/2014 4:12:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.57% Memory free
7.93 Gb Paging File | 5.91 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.51 Gb Total Space | 31.45 Gb Free Space | 44.60% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 9.44 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
 
Computer Name: ANGIE-PC | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 16:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2014/04/01 23:47:51 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/01 23:47:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/29 19:31:39 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\wrapper_inst\file_to_run.exe
PRC - [2013/02/10 18:48:00 | 000,965,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/01 23:47:54 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/01 23:47:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/11 10:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007/06/11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2013/09/29 19:31:39 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\wrapper_inst\file_to_run.exe -- (pcregservice)
SRV - [2013/02/10 18:48:00 | 000,965,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe -- (vToolbarUpdater14.1.7)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/01 23:47:56 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/01 23:47:56 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/01 23:47:56 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/01 23:47:56 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/01 23:47:56 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/04/01 23:47:56 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/01 23:47:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/08/08 22:36:56 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/23 09:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/05 19:42:52 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/09/05 19:42:42 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D2 6A D7 95 74 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00050e549ef5201
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.14 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A49DAD11-E052-40D1-868A-74D0C85DDCED}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/24 11:52:19 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/25 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\AVG
[2014/04/25 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\AVG
[2014/04/25 04:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/04/25 04:30:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/25 04:23:08 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/04/25 04:23:07 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\systweak
[2014/04/25 02:27:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\VirtualStore
[2014/04/25 01:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/25 01:00:27 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Programs
[2014/04/23 22:17:10 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2014/04/22 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/22 17:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/22 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/08 17:11:35 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\NetworkConfiguration
[2014/04/08 17:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2014/04/05 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/04/04 17:08:21 | 000,000,000 | ---D | C] -- C:\Users\Angie\jagexcache
[2014/04/04 16:22:24 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/04/04 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/04/01 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\AVAST Software
[2014/04/01 23:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/01 23:48:19 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 23:48:16 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 23:48:14 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 23:48:12 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 23:48:07 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 23:48:00 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 23:47:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/01 23:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/01 23:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/04/01 21:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2014/04/01 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\ExtractNow
[2013/11/23 22:48:58 | 013,079,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Angie\Silverlight_x64.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/25 15:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2023998099-4083813586-2403995270-1000UA.job
[2014/04/25 15:38:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2023998099-4083813586-2403995270-1000Core.job
[2014/04/25 15:37:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/25 06:53:36 | 000,000,082 | ---- | M] () -- C:\Windows\SysNative\vnkrl.lsa
[2014/04/25 04:22:43 | 000,007,658 | ---- | M] () -- C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
[2014/04/24 22:34:55 | 000,005,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/24 22:34:55 | 000,005,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/24 19:47:31 | 000,006,288 | ---- | M] () -- C:\Users\Angie\Documents\cc_20140424_194722.reg
[2014/04/24 19:44:09 | 000,087,586 | ---- | M] () -- C:\Users\Angie\Documents\cc_20140424_194328.reg
[2014/04/24 18:40:16 | 000,000,024 | ---- | M] () -- C:\Users\Angie\random.dat
[2014/04/24 17:02:36 | 000,000,024 | ---- | M] () -- C:\Users\Angie\jagexappletviewer.preferences
[2014/04/24 15:09:32 | 000,000,044 | ---- | M] () -- C:\Users\Angie\jagex_cl_runescape_LIVE.dat
[2014/04/22 17:47:36 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\vcrdwtd.jct
[2014/04/09 13:49:13 | 000,002,330 | ---- | M] () -- C:\Users\Angie\Desktop\Google Chrome.lnk
[2014/04/05 20:50:08 | 000,002,056 | ---- | M] () -- C:\Users\Angie\Desktop\RuneScape.lnk
[2014/04/04 16:22:25 | 000,001,268 | ---- | M] () -- C:\Users\Angie\Desktop\Revo Uninstaller.lnk
[2014/04/04 14:54:12 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/04 14:54:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/04 14:54:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/01 23:49:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 23:47:56 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 23:47:56 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 23:47:56 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 23:47:56 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 23:47:56 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 23:47:56 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 23:47:56 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 23:47:56 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/01 23:47:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files Created - No Company Name ==========
 
[2014/04/24 19:47:27 | 000,006,288 | ---- | C] () -- C:\Users\Angie\Documents\cc_20140424_194722.reg
[2014/04/24 19:43:31 | 000,087,586 | ---- | C] () -- C:\Users\Angie\Documents\cc_20140424_194328.reg
[2014/04/05 20:50:08 | 000,002,086 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/04/05 20:50:08 | 000,002,056 | ---- | C] () -- C:\Users\Angie\Desktop\RuneScape.lnk
[2014/04/04 16:22:25 | 000,001,268 | ---- | C] () -- C:\Users\Angie\Desktop\Revo Uninstaller.lnk
[2014/04/04 14:57:22 | 000,000,082 | ---- | C] () -- C:\Windows\SysNative\vnkrl.lsa
[2014/04/01 23:49:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 23:48:17 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 23:48:14 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/28 10:11:35 | 000,000,046 | ---- | C] () -- C:\Users\Angie\jagex_cl_speccollect_LIVE.dat
[2014/01/27 22:57:18 | 000,000,045 | ---- | C] () -- C:\Users\Angie\jagex_cl_runescape_LIVE1.dat
[2014/01/27 22:54:52 | 000,000,044 | ---- | C] () -- C:\Users\Angie\jagex_cl_runescape_LIVE.dat
[2013/12/30 13:54:13 | 004,120,649 | ---- | C] () -- C:\Users\Angie\Nightcrawler-AMhair02.sims3pack
[2013/06/22 05:14:46 | 000,007,658 | ---- | C] () -- C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
[2013/05/10 22:29:13 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/05/06 12:53:16 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2013/05/06 12:53:16 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2013/05/06 12:53:16 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2013/05/06 12:53:16 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2013/05/06 12:53:16 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2013/05/06 12:53:16 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2013/05/06 12:53:16 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2013/05/06 12:53:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2013/05/06 12:53:16 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2013/05/06 12:53:16 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2013/05/06 12:53:16 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2013/05/06 12:53:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2013/05/06 12:53:16 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2013/05/06 12:53:16 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2013/05/06 12:53:16 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2013/05/06 12:53:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2013/05/06 12:53:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012/10/24 12:53:24 | 000,000,024 | ---- | C] () -- C:\Users\Angie\random.dat
[2012/10/22 17:56:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/03 01:25:43 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/10/01 15:51:33 | 000,083,119 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2012/08/20 01:33:43 | 000,000,024 | ---- | C] () -- C:\Users\Angie\jagexappletviewer.preferences
[2012/08/12 19:51:32 | 000,000,633 | ---- | C] () -- C:\Windows\eReg.dat
[2012/08/07 08:11:45 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/08/07 08:05:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/08/07 07:59:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/01 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\AVAST Software
[2014/04/25 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\AVG
[2013/09/30 03:02:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\avidemux
[2012/10/01 15:01:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BitZipper
[2013/05/19 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EntwinedSoD
[2013/05/06 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Lexmark Productivity Studio
[2014/01/19 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oracle
[2013/07/29 19:59:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Origin
[2012/09/29 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PACE Anti-Piracy
[2014/04/25 04:28:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\systweak
[2012/09/30 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F1F936DF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:AD020DC3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:04A18F36
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2176484C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:217A2324
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BA24E689
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:96646EC1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 1059 bytes -> C:\Users\Angie\AppData\Local\Temp:vlL8ZKhSV6p1ZMAOTjPtwNoa
 
< End of report >
 
 
I also have an "extras" log so thought I should add that as well -
 

OTL Extras logfile created on: 4/25/2014 4:12:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.57% Memory free
7.93 Gb Paging File | 5.91 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.51 Gb Total Space | 31.45 Gb Free Space | 44.60% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 9.44 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
 
Computer Name: ANGIE-PC | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}" = AMD Catalyst Install Manager
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{E74DBCA2-F0BC-929D-0504-87E97079EB4A}" = AMD Drag and Drop Transcoding
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C6B0FBD0-067F-5ED3-B4C1-BC61284A1079}" = Catalyst Control Center InstallProxy
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Free Antivirus
"COLLAPSE!_is1" = COLLAPSE!
"Origin" = Origin
"Revo Uninstaller" = Revo Uninstaller 1.95
 
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/24/2014 10:57:52 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service OutfoxTvService since QueryServiceConfig API failed  System Error: The 
system cannot find the file specified.  .
 
Error - 4/24/2014 10:58:09 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service Online Games Manager since QueryServiceConfig API failed  System Error:
The
 system cannot find the file specified.  .
 
Error - 4/24/2014 10:58:09 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service OutfoxTvService since QueryServiceConfig API failed  System Error: The 
system cannot find the file specified.  .
 
Error - 4/24/2014 10:59:04 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service Online Games Manager since QueryServiceConfig API failed  System Error:
The
 system cannot find the file specified.  .
 
Error - 4/24/2014 10:59:04 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service OutfoxTvService since QueryServiceConfig API failed  System Error: The 
system cannot find the file specified.  .
 
Error - 4/24/2014 10:59:09 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service Online Games Manager since QueryServiceConfig API failed  System Error:
The
 system cannot find the file specified.  .
 
Error - 4/24/2014 10:59:09 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service OutfoxTvService since QueryServiceConfig API failed  System Error: The 
system cannot find the file specified.  .
 
Error - 4/24/2014 10:59:15 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service Online Games Manager since QueryServiceConfig API failed  System Error:
The
 system cannot find the file specified.  .
 
Error - 4/24/2014 10:59:15 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service OutfoxTvService since QueryServiceConfig API failed  System Error: The 
system cannot find the file specified.  .
 
Error - 4/24/2014 11:16:59 PM | Computer Name = Angie-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 4/24/2014 11:18:08 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service Online Games Manager since QueryServiceConfig API failed  System Error:
The
 system cannot find the file specified.  .
 
Error - 4/24/2014 11:18:08 PM | Computer Name = Angie-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service OutfoxTvService since QueryServiceConfig API failed  System Error: The 
system cannot find the file specified.  .
 
Error - 4/24/2014 11:42:00 PM | Computer Name = Angie-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 4/25/2014 12:42:00 AM | Computer Name = Angie-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 4/25/2014 1:16:58 AM | Computer Name = Angie-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 4/25/2014 2:12:28 AM | Computer Name = Angie-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/25/2014 2:13:49 AM | Computer Name = Angie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/25/2014 3:35:52 AM | Computer Name = Angie-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/25/2014 3:37:19 AM | Computer Name = Angie-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 9/18/2013 5:27:37 AM | Computer Name = Angie-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 9/18/2013 5:27:38 AM | Computer Name = Angie-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 9/18/2013 3:32:52 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 9/18/2013 3:32:52 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
Error - 9/18/2013 8:40:36 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 9/18/2013 8:40:36 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
Error - 9/18/2013 11:16:52 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 9/18/2013 11:16:52 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
Error - 9/18/2013 11:16:52 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
Error - 9/18/2013 11:16:52 PM | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
 
< End of report >
 

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see if this resolves it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
[2014/04/25 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\AVG
[2014/04/25 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\AVG
[2014/04/25 04:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/04/25 04:30:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/25 04:23:08 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/04/25 04:23:07 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\systweak
[2014/04/25 04:28:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\systweak

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#3
asmartblondie

asmartblondie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you! That seems to have worked as Windows restarted properly! I've included the OTL log but I was unable to get AdwCleaner to download, I kept getting a message that there was a download error.

 

OTL Log:

 

OTL logfile created on: 4/26/2014 12:57:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 70.39% Memory free
7.93 Gb Paging File | 6.70 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.51 Gb Total Space | 30.69 Gb Free Space | 43.52% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 9.44 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
 
Computer Name: ANGIE-PC | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 16:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/01 23:47:51 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/01 23:47:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/29 19:31:39 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\wrapper_inst\file_to_run.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/01 23:47:54 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - [2014/04/01 23:47:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/11 10:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007/06/11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/09/29 19:31:39 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\wrapper_inst\file_to_run.exe -- (pcregservice)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/26 12:54:17 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/01 23:47:56 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/01 23:47:56 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/01 23:47:56 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/01 23:47:56 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/01 23:47:56 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/04/01 23:47:56 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/01 23:47:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/08/08 22:36:56 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/23 09:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/05 19:42:52 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/09/05 19:42:42 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D2 6A D7 95 74 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.14 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/26 12:51:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A49DAD11-E052-40D1-868A-74D0C85DDCED}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/24 11:52:19 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/26 12:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 06:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/26 05:45:31 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 05:45:17 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/26 05:45:17 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/26 05:45:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 05:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/26 05:35:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 05:24:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 05:22:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/25 02:27:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\VirtualStore
[2014/04/25 01:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/25 01:00:27 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Programs
[2014/04/23 22:17:10 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2014/04/22 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/22 17:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/22 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/08 17:11:35 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\NetworkConfiguration
[2014/04/08 17:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2014/04/05 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/04/04 17:08:21 | 000,000,000 | ---D | C] -- C:\Users\Angie\jagexcache
[2014/04/04 16:22:24 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/04/04 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/04/01 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\AVAST Software
[2014/04/01 23:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/01 23:48:19 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 23:48:16 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 23:48:14 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 23:48:12 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 23:48:07 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 23:48:00 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 23:47:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/01 23:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/01 23:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/04/01 21:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2014/04/01 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\ExtractNow
[2013/11/23 22:48:58 | 013,079,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Angie\Silverlight_x64.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/26 12:54:17 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 12:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/26 12:51:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 12:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2023998099-4083813586-2403995270-1000UA.job
[2014/04/26 12:45:28 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2023998099-4083813586-2403995270-1000Core.job
[2014/04/26 06:27:53 | 000,000,756 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/04/26 06:06:32 | 000,000,084 | ---- | M] () -- C:\Windows\SysNative\vnkrl.lsa
[2014/04/26 04:51:28 | 000,000,024 | ---- | M] () -- C:\Users\Angie\random.dat
[2014/04/26 01:23:29 | 000,000,024 | ---- | M] () -- C:\Users\Angie\jagexappletviewer.preferences
[2014/04/25 20:53:27 | 000,000,044 | ---- | M] () -- C:\Users\Angie\jagex_cl_runescape_LIVE.dat
[2014/04/25 04:22:43 | 000,007,658 | ---- | M] () -- C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
[2014/04/24 22:34:55 | 000,005,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/24 22:34:55 | 000,005,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/24 19:47:31 | 000,006,288 | ---- | M] () -- C:\Users\Angie\Documents\cc_20140424_194722.reg
[2014/04/24 19:44:09 | 000,087,586 | ---- | M] () -- C:\Users\Angie\Documents\cc_20140424_194328.reg
[2014/04/22 17:47:36 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\vcrdwtd.jct
[2014/04/09 13:49:13 | 000,002,330 | ---- | M] () -- C:\Users\Angie\Desktop\Google Chrome.lnk
[2014/04/05 20:50:08 | 000,002,056 | ---- | M] () -- C:\Users\Angie\Desktop\RuneScape.lnk
[2014/04/04 16:22:25 | 000,001,268 | ---- | M] () -- C:\Users\Angie\Desktop\Revo Uninstaller.lnk
[2014/04/04 14:54:12 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/04 14:54:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/04 14:54:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/01 23:49:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 23:47:56 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 23:47:56 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 23:47:56 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 23:47:56 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 23:47:56 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 23:47:56 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 23:47:56 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 23:47:56 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/01 23:47:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files Created - No Company Name ==========
 
[2014/04/26 06:27:53 | 000,000,756 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/04/24 19:47:27 | 000,006,288 | ---- | C] () -- C:\Users\Angie\Documents\cc_20140424_194722.reg
[2014/04/24 19:43:31 | 000,087,586 | ---- | C] () -- C:\Users\Angie\Documents\cc_20140424_194328.reg
[2014/04/05 20:50:08 | 000,002,086 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/04/05 20:50:08 | 000,002,056 | ---- | C] () -- C:\Users\Angie\Desktop\RuneScape.lnk
[2014/04/04 16:22:25 | 000,001,268 | ---- | C] () -- C:\Users\Angie\Desktop\Revo Uninstaller.lnk
[2014/04/04 14:57:22 | 000,000,084 | ---- | C] () -- C:\Windows\SysNative\vnkrl.lsa
[2014/04/01 23:49:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 23:48:17 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 23:48:14 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/28 10:11:35 | 000,000,046 | ---- | C] () -- C:\Users\Angie\jagex_cl_speccollect_LIVE.dat
[2014/01/27 22:57:18 | 000,000,045 | ---- | C] () -- C:\Users\Angie\jagex_cl_runescape_LIVE1.dat
[2014/01/27 22:54:52 | 000,000,044 | ---- | C] () -- C:\Users\Angie\jagex_cl_runescape_LIVE.dat
[2013/12/30 13:54:13 | 004,120,649 | ---- | C] () -- C:\Users\Angie\Nightcrawler-AMhair02.sims3pack
[2013/06/22 05:14:46 | 000,007,658 | ---- | C] () -- C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
[2013/05/10 22:29:13 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/05/06 12:53:16 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2013/05/06 12:53:16 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2013/05/06 12:53:16 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2013/05/06 12:53:16 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2013/05/06 12:53:16 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2013/05/06 12:53:16 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2013/05/06 12:53:16 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2013/05/06 12:53:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2013/05/06 12:53:16 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2013/05/06 12:53:16 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2013/05/06 12:53:16 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2013/05/06 12:53:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2013/05/06 12:53:16 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2013/05/06 12:53:16 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2013/05/06 12:53:16 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2013/05/06 12:53:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2013/05/06 12:53:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012/10/24 12:53:24 | 000,000,024 | ---- | C] () -- C:\Users\Angie\random.dat
[2012/10/22 17:56:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/03 01:25:43 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/08/20 01:33:43 | 000,000,024 | ---- | C] () -- C:\Users\Angie\jagexappletviewer.preferences
[2012/08/12 19:51:32 | 000,000,633 | ---- | C] () -- C:\Windows\eReg.dat
[2012/08/07 08:11:45 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/08/07 08:05:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/08/07 07:59:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/01 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\AVAST Software
[2013/09/30 03:02:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\avidemux
[2012/10/01 15:01:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BitZipper
[2013/05/19 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EntwinedSoD
[2013/05/06 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Lexmark Productivity Studio
[2014/01/19 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oracle
[2013/07/29 19:59:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Origin
[2012/09/29 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PACE Anti-Piracy
[2012/09/30 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F1F936DF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:AD020DC3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:04A18F36
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2176484C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:217A2324
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BA24E689
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:96646EC1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 1059 bytes -> C:\Users\Angie\AppData\Local\Temp:vlL8ZKhSV6p1ZMAOTjPtwNoa
 
< End of report >

Edited by asmartblondie, 26 April 2014 - 11:19 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One more to kill and I will give you an alternate download for AdwCleaner :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
@Alternate Data Stream - 1059 bytes -> C:\Users\Angie\AppData\Local\Temp:vlL8ZKhSV6p1ZMAOTjPtwNoa

:Files
C:\Program Files (x86)\wrapper_inst

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
AdwCleaner

Use this download link, you may need to disable Avast shields whilst you download it. I have reported it as a false positive

https://dl.dropboxus.../AdwCleaner.exe
  • 0

#5
asmartblondie

asmartblondie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Reran OTL, Here's the log:

 

OTL logfile created on: 4/26/2014 1:40:43 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 71.18% Memory free
7.93 Gb Paging File | 6.74 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.51 Gb Total Space | 30.67 Gb Free Space | 43.49% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 9.44 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
 
Computer Name: ANGIE-PC | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 16:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/01 23:47:51 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/01 23:47:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/01 23:47:54 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2014/04/01 23:47:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/11 10:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007/06/11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/26 13:39:16 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/01 23:47:56 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/01 23:47:56 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/01 23:47:56 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/01 23:47:56 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/01 23:47:56 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/04/01 23:47:56 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/01 23:47:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/08/08 22:36:56 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/23 09:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/05 19:42:52 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/09/05 19:42:42 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D2 6A D7 95 74 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.14 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/26 13:37:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A49DAD11-E052-40D1-868A-74D0C85DDCED}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/24 11:52:19 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/26 12:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 06:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/26 05:45:31 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 05:45:17 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/26 05:45:17 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/26 05:45:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 05:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/26 05:35:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 05:24:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 05:22:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/25 02:27:31 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\VirtualStore
[2014/04/25 01:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/25 01:00:27 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Programs
[2014/04/23 22:17:10 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2014/04/22 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/22 17:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/22 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/08 17:11:35 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\NetworkConfiguration
[2014/04/08 17:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2014/04/05 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/04/04 17:08:21 | 000,000,000 | ---D | C] -- C:\Users\Angie\jagexcache
[2014/04/04 16:22:24 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/04/04 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/04/01 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\AVAST Software
[2014/04/01 23:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/01 23:48:19 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 23:48:16 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 23:48:14 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 23:48:12 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 23:48:07 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 23:48:00 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 23:47:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/01 23:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/01 23:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/04/01 21:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2014/04/01 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\ExtractNow
[2013/11/23 22:48:58 | 013,079,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Angie\Silverlight_x64.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/26 13:39:16 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 13:38:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/26 13:37:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 12:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2023998099-4083813586-2403995270-1000UA.job
[2014/04/26 12:45:28 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2023998099-4083813586-2403995270-1000Core.job
[2014/04/26 06:27:53 | 000,000,756 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/04/26 06:06:32 | 000,000,084 | ---- | M] () -- C:\Windows\SysNative\vnkrl.lsa
[2014/04/26 04:51:28 | 000,000,024 | ---- | M] () -- C:\Users\Angie\random.dat
[2014/04/26 01:23:29 | 000,000,024 | ---- | M] () -- C:\Users\Angie\jagexappletviewer.preferences
[2014/04/25 20:53:27 | 000,000,044 | ---- | M] () -- C:\Users\Angie\jagex_cl_runescape_LIVE.dat
[2014/04/25 04:22:43 | 000,007,658 | ---- | M] () -- C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
[2014/04/24 22:34:55 | 000,005,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/24 22:34:55 | 000,005,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/24 19:47:31 | 000,006,288 | ---- | M] () -- C:\Users\Angie\Documents\cc_20140424_194722.reg
[2014/04/24 19:44:09 | 000,087,586 | ---- | M] () -- C:\Users\Angie\Documents\cc_20140424_194328.reg
[2014/04/22 17:47:36 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\vcrdwtd.jct
[2014/04/09 13:49:13 | 000,002,330 | ---- | M] () -- C:\Users\Angie\Desktop\Google Chrome.lnk
[2014/04/05 20:50:08 | 000,002,056 | ---- | M] () -- C:\Users\Angie\Desktop\RuneScape.lnk
[2014/04/04 16:22:25 | 000,001,268 | ---- | M] () -- C:\Users\Angie\Desktop\Revo Uninstaller.lnk
[2014/04/04 14:54:12 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/04 14:54:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/04 14:54:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/01 23:49:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 23:47:56 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 23:47:56 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 23:47:56 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 23:47:56 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 23:47:56 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 23:47:56 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 23:47:56 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 23:47:56 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/01 23:47:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files Created - No Company Name ==========
 
[2014/04/26 06:27:53 | 000,000,756 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/04/24 19:47:27 | 000,006,288 | ---- | C] () -- C:\Users\Angie\Documents\cc_20140424_194722.reg
[2014/04/24 19:43:31 | 000,087,586 | ---- | C] () -- C:\Users\Angie\Documents\cc_20140424_194328.reg
[2014/04/05 20:50:08 | 000,002,086 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/04/05 20:50:08 | 000,002,056 | ---- | C] () -- C:\Users\Angie\Desktop\RuneScape.lnk
[2014/04/04 16:22:25 | 000,001,268 | ---- | C] () -- C:\Users\Angie\Desktop\Revo Uninstaller.lnk
[2014/04/04 14:57:22 | 000,000,084 | ---- | C] () -- C:\Windows\SysNative\vnkrl.lsa
[2014/04/01 23:49:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/01 23:48:17 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 23:48:14 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/28 10:11:35 | 000,000,046 | ---- | C] () -- C:\Users\Angie\jagex_cl_speccollect_LIVE.dat
[2014/01/27 22:57:18 | 000,000,045 | ---- | C] () -- C:\Users\Angie\jagex_cl_runescape_LIVE1.dat
[2014/01/27 22:54:52 | 000,000,044 | ---- | C] () -- C:\Users\Angie\jagex_cl_runescape_LIVE.dat
[2013/12/30 13:54:13 | 004,120,649 | ---- | C] () -- C:\Users\Angie\Nightcrawler-AMhair02.sims3pack
[2013/06/22 05:14:46 | 000,007,658 | ---- | C] () -- C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
[2013/05/10 22:29:13 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/05/06 12:53:16 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2013/05/06 12:53:16 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2013/05/06 12:53:16 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2013/05/06 12:53:16 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2013/05/06 12:53:16 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2013/05/06 12:53:16 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2013/05/06 12:53:16 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2013/05/06 12:53:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2013/05/06 12:53:16 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2013/05/06 12:53:16 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2013/05/06 12:53:16 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2013/05/06 12:53:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2013/05/06 12:53:16 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2013/05/06 12:53:16 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2013/05/06 12:53:16 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2013/05/06 12:53:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2013/05/06 12:53:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012/10/24 12:53:24 | 000,000,024 | ---- | C] () -- C:\Users\Angie\random.dat
[2012/10/22 17:56:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/03 01:25:43 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/08/20 01:33:43 | 000,000,024 | ---- | C] () -- C:\Users\Angie\jagexappletviewer.preferences
[2012/08/12 19:51:32 | 000,000,633 | ---- | C] () -- C:\Windows\eReg.dat
[2012/08/07 08:11:45 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/08/07 08:05:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/08/07 07:59:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/01 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\AVAST Software
[2013/09/30 03:02:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\avidemux
[2012/10/01 15:01:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BitZipper
[2013/05/19 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EntwinedSoD
[2013/05/06 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Lexmark Productivity Studio
[2014/01/19 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oracle
[2013/07/29 19:59:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Origin
[2012/09/29 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PACE Anti-Piracy
[2012/09/30 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F1F936DF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:AD020DC3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:04A18F36
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2176484C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:217A2324
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BA24E689
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:96646EC1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0860D6D6
 
< End of report >
 

 

And was able to download and run AdwCleaner this time... log follows:

 

# AdwCleaner v3.203 - Report created 26/04/2014 at 13:48:51
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Angie - ANGIE-PC
# Running from : C:\Users\Angie\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MC3A93F6E-0691-450D-829E-5E87D15C4831&SearchSource=55&CUI=&UM=5&UP=SP5E6B7DF5-445A-448C-A1AD-42F083FC3D58&SSPV=
Deleted [Startup_urls] : hxxp://start.iminent.com/?appId=21B0A979-2649-4CE6-99C5-2255678E935D
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MC3A93F6E-0691-450D-829E-5E87D15C4831&SearchSource=55&CUI=&UM=5&UP=SP5E6B7DF5-445A-448C-A1AD-42F083FC3D58&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [10975 octets] - [26/04/2014 05:22:56]
AdwCleaner[R1].txt - [1448 octets] - [26/04/2014 13:47:32]
AdwCleaner[S0].txt - [10825 octets] - [26/04/2014 05:25:34]
AdwCleaner[S1].txt - [1377 octets] - [26/04/2014 13:48:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1437 octets] ##########
 
 
 
Work calls, will return in few hours to see if any more worked is required. Thank you for all your help!

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK once you get back, have a play and let me know what problems remain 


  • 0

#7
asmartblondie

asmartblondie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

I have started and restarted Windows twice now successfully.  I have not had the issue with background audio noises.  A Quick Scan with Avast did not find any issues.  I am fairly confident that all is well now and sincerely thank you for the assistance!


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
asmartblondie

asmartblondie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you! I've been on most of the day and none of the issues have reappeared. I followed the rest of your advice as well, doing the clean up and downloading both Malwarebytes and CryptoPrevent. Again, thank you so very much for the assistance!


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, keep safe :)
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP