Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Sanity check: Did I clean everything?


  • Please log in to reply

#1
Jim Dearden

Jim Dearden

    Member

  • Member
  • PipPip
  • 37 posts

Hi,

 

I was given a laptop to clean that had multiple problems. I've cleaned it as best I could, but could use a lookover to see if I've missed anything.

 

System: Windows 8.11 64 bit

Symptoms: multiple pop-up browser windows selling products.

                  multiple toolbars for shopping sites, etc

                  several pc optimizers, malware scanners, all installed and running at the same time. Windows Defender basically doing nothing.

 

Steps taken: I first download and installed MalwareBytes. Scan found over 2000 items. Cleaned up those. The used Spybot. After that, used BitDefender, Comodo, Dr. Web, live cds to boot from and scan system. Reset the browsers back to default, and enabled extensions back carefully.

 

As I said, I may have gotten everything, but I'm not sure. Here's the results of the OTL quick scan:

 

OTL logfile created on: 2014-05-13 1:36:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joyce McEachern\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.87 Gb Total Physical Memory | 5.72 Gb Available Physical Memory | 72.65% Memory free
9.12 Gb Paging File | 6.84 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 650.96 Gb Total Space | 616.00 Gb Free Space | 94.63% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.03 Gb Free Space | 88.11% Space Free | Partition Type: NTFS
 
Computer Name: CRAFTY | User Name: Joyce McEachern 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-05-13 13:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
PRC - [2014-04-18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-04-06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-04-01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-03-27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-12-21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-11-12 00:44:29 | 000,363,520 | ---- | M] (Microsoft) -- C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe
PRC - [2013-09-17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2013-03-28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012-10-28 10:29:22 | 000,063,488 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012-08-13 12:11:44 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012-08-13 12:11:44 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012-07-27 14:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012-07-27 14:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012-07-17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-06-25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-05-01 21:56:02 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE
PRC - [2012-03-28 21:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2011-03-03 10:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-04-15 14:20:01 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\d875b108d13cb8d893ac4c27fff8f539\System.Xml.XmlSerializer.ni.dll
MOD - [2014-04-15 14:19:49 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servdea05680#\0c4ca02c69ce55cfcfefb541f195d705\System.ServiceModel.Primitives.ni.dll
MOD - [2014-04-15 14:19:48 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ee53227bcc4430088d0b560752c1cd02\System.ServiceModel.Internals.ni.dll
MOD - [2014-04-15 14:19:46 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\352d34797f7cd44cd0973c33539200f1\SMDiagnostics.ni.dll
MOD - [2014-04-15 14:19:42 | 000,770,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
MOD - [2014-04-10 15:11:35 | 001,282,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
MOD - [2014-04-10 15:11:35 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt9e372c89#\b3ad6730fe2c9bc26d2656994615e29e\System.Runtime.InteropServices.ni.dll
MOD - [2014-04-10 15:11:33 | 000,797,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
MOD - [2014-04-10 15:11:31 | 000,238,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
MOD - [2014-04-10 15:11:26 | 000,402,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
MOD - [2014-04-10 15:11:25 | 000,337,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
MOD - [2014-04-10 15:11:25 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.caf7096d#\a609227cf29283a141334946144866f3\System.Net.Primitives.ni.dll
MOD - [2014-04-10 15:11:24 | 000,133,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
MOD - [2014-04-10 15:11:20 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtdf6812ee#\b7c90cd61aa57b4858a896d7e33c30d9\System.Runtime.Serialization.Primitives.ni.dll
MOD - [2014-04-10 15:11:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Diagaa8d7fa5#\a374d5cee262e00ef48bb80a46ef261b\System.Diagnostics.Debug.ni.dll
MOD - [2014-04-10 15:11:18 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
MOD - [2014-04-10 15:11:18 | 000,304,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
MOD - [2014-04-10 15:11:17 | 000,960,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
MOD - [2014-04-10 15:11:17 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\67dd353e70bac0caa6a7dde153081d12\System.ObjectModel.ni.dll
MOD - [2014-04-10 15:11:16 | 001,130,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
MOD - [2014-04-10 15:11:16 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
MOD - [2014-04-10 15:11:16 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\7ab875026ab88e106bf40c8db4f640a1\System.Threading.Tasks.ni.dll
MOD - [2014-04-10 15:11:16 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Collections\ebeafb298ff3f25b6291e44deceb1d0c\System.Collections.ni.dll
MOD - [2014-04-10 15:11:16 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO\232833346ca4e705c2a15dd57af73bac\System.IO.ni.dll
MOD - [2014-04-10 15:11:14 | 003,530,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
MOD - [2014-04-10 15:11:14 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\1849d6bdd0f61a224d41ac2963221204\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2014-04-10 15:11:10 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime\7bf2203bf2d88857c463948cccf6156c\System.Runtime.ni.dll
MOD - [2014-04-10 13:36:25 | 000,041,984 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\fd561324312606ea5e028d3d974483e6\Microsoft.Games.Sentient.ni.dll
MOD - [2014-04-10 13:36:18 | 000,122,368 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\5e7a3519c51f6a3f39c48752e8487c57\Arkadium.ApplicationFramework.ni.dll
MOD - [2014-04-10 13:36:15 | 000,469,504 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\6416f87092fbbe9e12dafdd5bd1f2824\Microsoft.Xbox.ni.dll
MOD - [2014-04-10 13:36:12 | 000,563,200 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\d83cf8f4a7a1fa6022aa3f838c352e38\Arkadium.Advertisement.ni.dll
MOD - [2014-04-10 13:36:12 | 000,285,696 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\ec4bdd23e3efae51dd3a55fc30564d3d\Arkadium.WindowsStoreModule.ni.dll
MOD - [2014-04-10 13:36:12 | 000,254,976 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\d7bf5f6e41423876649185ab22fc2852\Arkadium.CdnModule.ni.dll
MOD - [2014-04-10 13:36:11 | 000,142,848 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\3d4a5498d7f0cd8980c9eec61eb0a1cd\Arkadium.AchievementsModule.ni.dll
MOD - [2014-04-10 13:36:10 | 000,295,936 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\a9f01fd5168602e1f2337fb96b641dba\Arkadium.LeaderboardModule.ni.dll
MOD - [2014-04-10 13:36:10 | 000,246,784 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\3a209adbb856f3ef11e419d9e90ba636\Arkadium.AwardsModule.ni.dll
MOD - [2014-04-10 13:36:10 | 000,114,176 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\4aa48440ff18447c1ccf234df9edcf95\Arkadium.Xaml.Toolkit.ni.dll
MOD - [2014-04-10 13:36:09 | 001,696,256 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\5c7e1b3c9657928343fb4a5c211495bb\Arkadium.DailyChallengeModule.ni.dll
MOD - [2014-04-10 13:36:01 | 000,227,328 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
MOD - [2014-04-10 13:22:29 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6f7a4225a199ad7894379512ca6ae50c\System.Xml.Linq.ni.dll
MOD - [2014-04-10 13:22:28 | 007,802,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014-04-10 13:22:04 | 019,566,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dll
MOD - [2014-04-10 13:21:47 | 000,573,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\32aee6654d81a07e698f9ee18c886a2a\System.Runtime.WindowsRuntime.ni.dll
MOD - [2014-04-10 13:21:47 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\ed68489987b413410ccb94c6e704f6b4\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2014-04-10 13:21:46 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a\System.Runtime.Serialization.ni.dll
MOD - [2014-04-10 13:21:43 | 000,522,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\5ba9e9e2d2253e30f3f28e12016e441d\System.Net.Http.ni.dll
MOD - [2014-04-10 13:21:24 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014-04-10 13:20:08 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014-04-10 13:19:56 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014-04-01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014-04-01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014-04-01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014-04-01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014-04-01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014-04-01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014-01-27 07:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2012-08-10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-04-09 20:53:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-03-08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-03-06 02:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-02-22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 05:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-01-27 11:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013-12-10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-23 00:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-11-14 03:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013-10-30 20:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013-10-30 20:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-09-17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2013-09-04 19:12:54 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-05-01 16:00:00 | 000,651,328 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012-10-28 10:29:22 | 000,063,488 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012-09-06 18:53:50 | 000,957,304 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012-07-18 15:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012-07-18 15:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012-07-18 15:14:04 | 000,627,504 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012-07-18 15:13:40 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012-06-08 05:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012-05-17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2012-04-20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014-04-29 18:13:50 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-04-18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-04-16 11:14:08 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe -- (NewPlayerUpdaterService)
SRV - [2014-03-27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-12-26 20:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-12-21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-12-21 01:02:54 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-11-14 03:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-07-17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-04-18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-03-31 16:06:48 | 000,274,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014-03-31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-03-27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-03-27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-03-27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-03-27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-03-27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-03-19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 16:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 11:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-02-22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 11:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-02-22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 11:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-09 23:49:01 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-02-09 23:49:00 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-02-09 23:49:00 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-26 20:42:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013-12-21 01:02:44 | 004,216,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-12-14 19:34:54 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-12-14 19:34:54 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-12-04 14:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-11-14 03:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 03:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 03:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 03:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-10-30 20:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-10-30 20:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013-10-30 20:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-09-04 19:12:52 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013-09-04 19:12:38 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013-09-04 16:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-08 14:37:41 | 003,344,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013-06-18 10:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-10-06 09:18:49 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012-10-06 09:18:49 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012-08-29 22:23:58 | 000,186,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012-08-29 22:23:56 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012-08-29 22:23:54 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012-08-26 22:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-08-26 22:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-08-24 05:07:36 | 000,975,104 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2012-08-16 16:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-08-09 22:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012-07-26 19:48:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012-07-02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-26 22:08:32 | 001,608,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012-06-19 10:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-15 01:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-06-13 20:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6097BA1E-EA64-4BFD-8552-16337C2FC9A0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6097BA1E-EA64-4BFD-8552-16337C2FC9A0}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\.DEFAULT\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-18\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59472;https=127.0.0.1:59472
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3: C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9: C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Google Search = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SPOTS - A better way to start = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc\0.1.37_0\
CHR - Extension: Pin It Button = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.1_0\
CHR - Extension: Google Wallet = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-08-22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-976370131-2331909618-2087438408-1002..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" File not found
O4 - HKU\S-1-5-21-976370131-2331909618-2087438408-1002..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-310 Series" File not found
O4 - HKU\S-1-5-21-976370131-2331909618-2087438408-1002..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O4 - Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.69.184.199 67.69.184.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03EC1FA-029B-4335-BFA7-84B7972033A3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E58F82D0-718D-485E-A269-3D8F30AE6AB4}: DhcpNameServer = 67.69.184.199 67.69.184.7
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) -  File not found
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-05-13 13:32:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
[2014-05-13 04:27:36 | 000,000,000 | ---D | C] -- C:\cce_linux
[2014-05-11 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
[2014-05-11 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
[2014-05-11 20:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-05-11 20:39:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-05-11 20:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-05-11 20:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014-05-11 20:35:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\MFAData
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Avg2014
[2014-05-11 03:18:54 | 000,000,000 | ---D | C] -- C:\RescueCD Logs
[2014-05-10 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014-05-10 21:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014-05-10 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
[2014-05-09 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\Doctor Web
[2014-05-09 21:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014-05-09 21:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-05-09 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Optimizer Pro
[2014-05-09 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiscaoUntLocatoR
[2014-05-09 18:37:40 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-05-09 18:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-04-27 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
[2014-04-27 20:25:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014-04-27 09:22:24 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\fastcleanpro
[2014-04-27 09:19:18 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
[2014-04-27 09:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RoyaliCoupoN
[2014-04-26 22:31:13 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\com
[2014-04-26 22:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstaller
[2014-04-26 22:02:26 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\.android
[2014-04-26 22:02:25 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\cache
[2014-04-26 22:02:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Mobogenie
[2014-04-26 22:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014-04-26 22:00:38 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\PriceMeterLiveUpdate
[2014-04-26 22:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PriceMeterLiveUpdate
[2014-04-26 22:00:35 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\systweak
[2014-04-26 21:51:56 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\newplayer
[2014-04-26 21:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014-04-26 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014-04-26 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Activeris
[2014-04-26 21:48:50 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014-04-26 21:45:44 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Genesis
[2014-04-26 21:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014-04-21 12:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\d8b241c0b0684db9
[2014-04-21 12:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DiscaoUntLocatoR
[2014-04-20 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Oracle
[2014-04-20 15:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-04-18 15:01:30 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
[1 C:\Users\Joyce McEachern\AppData\Local\*.tmp files -> C:\Users\Joyce McEachern\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-05-13 13:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
[2014-05-13 13:25:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
[2014-05-13 13:25:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
[2014-05-13 13:25:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
[2014-05-13 13:25:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
[2014-05-13 13:22:53 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-05-13 13:22:16 | 000,000,369 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
[2014-05-13 13:21:36 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-13 13:20:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-05-13 13:20:51 | 2464,378,879 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-13 13:19:12 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-05-13 13:19:12 | 000,735,932 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-05-13 13:19:12 | 000,139,816 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-05-13 13:17:45 | 000,000,166 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014-05-13 13:13:01 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Price Meter Updater.job
[2014-05-13 08:13:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-05-13 08:00:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\MySearchDial.job
[2014-05-13 07:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-13 07:09:20 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-05-11 20:40:07 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-05-10 14:36:11 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2014-05-09 19:48:09 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014-05-09 19:31:54 | 001,201,864 | ---- | M] () -- C:\Users\Joyce McEachern\Documents\malware-scan.xml
[2014-05-09 18:42:02 | 000,000,702 | ---- | M] () -- C:\WINDOWS\SysWow64\ff.bin
[2014-05-09 18:31:19 | 000,000,552 | ---- | M] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014-05-02 00:42:16 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
[2014-05-02 00:42:16 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
[2014-04-27 22:27:11 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
[2014-04-27 21:00:01 | 000,000,043 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
[2014-04-26 21:53:40 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014-04-26 21:51:04 | 000,000,318 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Roaming\aps.uninstall.scan.results
[2014-04-26 21:44:41 | 000,000,000 | ---- | M] () -- C:\END
[2014-04-18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
[1 C:\Users\Joyce McEachern\AppData\Local\*.tmp files -> C:\Users\Joyce McEachern\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-05-11 20:40:07 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-05-10 22:13:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014-05-10 13:52:56 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2014-05-09 20:05:14 | 000,000,369 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
[2014-05-09 19:45:52 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014-05-09 19:32:23 | 001,201,864 | ---- | C] () -- C:\Users\Joyce McEachern\Documents\malware-scan.xml
[2014-04-27 21:00:01 | 000,000,043 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
[2014-04-27 12:26:23 | 000,000,702 | ---- | C] () -- C:\WINDOWS\SysWow64\ff.bin
[2014-04-27 09:19:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014-04-26 22:23:57 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
[2014-04-26 22:23:56 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
[2014-04-26 22:23:53 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
[2014-04-26 22:01:07 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysNative\sasnative64.exe
[2014-04-26 22:00:43 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\MySearchDial.job
[2014-04-26 22:00:35 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\Price Meter Updater.job
[2014-04-26 21:53:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014-04-26 21:51:49 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014-04-26 21:50:28 | 000,000,318 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Roaming\aps.uninstall.scan.results
[2014-04-26 21:43:23 | 000,000,000 | ---- | C] () -- C:\END
[2014-04-09 21:07:39 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-18 21:32:09 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-12-21 01:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-12-21 01:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-12-21 01:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 12:44:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\XP-310.ini
[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-08-07 23:13:46 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\none23134638.bat
[2012-10-06 09:00:52 | 000,001,897 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2012-10-06 09:00:52 | 000,001,897 | ---- | C] () -- C:\WINDOWS\SysWow64\vm331Rmv.ini
[2012-10-06 08:48:34 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012-07-25 16:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012-07-25 16:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2014-04-01 01:54:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-19 23:48:41 | 021,232,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-19 21:20:53 | 018,679,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-08-23 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Acer
[2014-05-09 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Activeris
[2014-05-11 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
[2013-08-23 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Epson
[2013-08-23 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Leader Technologies
[2013-08-22 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Leadertech
[2014-02-12 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Lenovo
[2013-01-18 00:51:55 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Oberon Media
[2013-12-24 16:45:14 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\OpenOffice.org
[2014-04-20 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Oracle
[2014-05-09 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\systweak
[2014-05-11 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
[2014-02-12 22:51:37 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Joyce McEachern\SkyDrive:ms-properties
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DE22D45C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 
 
Also, here is the Extras log file as well:
 

OTL Extras logfile created on: 2014-05-13 1:36:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joyce McEachern\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.87 Gb Total Physical Memory | 5.72 Gb Available Physical Memory | 72.65% Memory free
9.12 Gb Paging File | 6.84 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 650.96 Gb Total Space | 616.00 Gb Free Space | 94.63% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.03 Gb Free Space | 88.11% Space Free | Partition Type: NTFS
 
Computer Name: CRAFTY | User Name: Joyce McEachern 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013437C5-1C3C-4486-965F-F81DFB94D4D2}" = dir=in | name=taptiles | 
"{01560BF5-5F9C-44C6-B103-C85D6ADAC183}" = dir=out | name=allrecipes | 
"{02014995-0B83-4FFE-BDB8-4D27376E44D1}" = dir=out | name=bonus wordz | 
"{0437E4D8-1A84-42E5-A47B-38DF919FDA48}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0780F194-5582-4FD8-9472-45BB4773C93A}" = dir=out | name=powerdvd for lenovo idea | 
"{09E9EE9D-3D70-40CD-A92E-A417B942C783}" = dir=out | name=map app for windows | 
"{0C5231A1-E2BA-4498-AAE7-DFAC7A480C9E}" = dir=out | name=glo bible | 
"{0D7E07F5-BC1B-406C-8A12-55C260A62DD9}" = dir=out | name=@{43248summitdatacorp.solitairepro_1.9.6.0_x64__hmd3687kaknfw?ms-resource://43248summitdatacorp.solitairepro/resources/appnamesolitaire} | 
"{12380C42-CD33-4C26-A0FC-E8F9876AA8E7}" = dir=in | name=microsoft mahjong | 
"{136EB9EF-F49D-4CA1-B356-639FB6343429}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{1498989C-5477-498D-9A4F-BAB5025B8171}" = dir=out | name=my pinterest | 
"{16729F18-A2E3-4174-9056-340318BFFDF9}" = dir=out | name=mahjong deluxe free | 
"{172144EB-047D-47F2-88C5-A38AF0920DFD}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{18D97E65-5FE1-47D9-888A-A59C8356E214}" = dir=out | name=my sudoku | 
"{1ABF8F3A-D88E-4BB4-B25C-FD0D9AC89471}" = dir=in | name=sonicwall mobile connect | 
"{1AFCFF82-C4EB-4A3D-8D49-78EC7302573F}" = dir=out | name=riddle me this! | 
"{1C4B1B0D-22D4-476A-A734-459E75D190BC}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{1D9250B1-C1B6-41CE-A284-FC1444424E9C}" = dir=out | name=propoints calculator | 
"{1F86A44A-B9B4-4CA6-A150-C1403121351B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{224E49EC-0B99-49C9-B7DE-2EA5BAABAADF}" = dir=out | name=@{43248summitdatacorp.cardgameschest_1.9.6.0_x64__hmd3687kaknfw?ms-resource://43248summitdatacorp.cardgameschest/resources/appnamegamechest} | 
"{234B3109-0DD2-4DE6-A886-E39787C7940E}" = dir=out | name=toronto events & festivals | 
"{25354474-CB76-46EC-BC66-4F61A4066510}" = dir=out | name=wordament | 
"{25E3D270-8550-4E4E-9B36-DD30812E1C58}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{2979F5A1-7E74-440B-82F7-074654341A42}" = dir=out | name=netflix | 
"{2A145AAF-F1C6-42F3-9797-5CE4A77A1539}" = dir=out | name=taptiles | 
"{2B92D856-EE55-4028-8F21-FDF8EABC2185}" = dir=out | name=microsoft solitaire collection | 
"{2EE13455-B1AC-47F8-B199-3D1CC3B3F748}" = dir=out | name=gin rummy free | 
"{3273FE2F-04F6-4FE6-B12B-4E395ECDC5F8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{33A19CFB-AF0A-4E82-95B9-61E4E6E0EAAC}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{351867AA-693C-44D3-904F-2F156D6D01CA}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | 
"{36B9D4B6-40B3-4A8A-9D9A-8097C1D52D03}" = dir=out | name=@{22514elbrinner.biblesquestions_1.0.0.23_neutral__5ac9hy7me1akm?ms-resource://22514elbrinner.biblesquestions/resources/app.titulo} | 
"{380E9769-DFD8-45E2-B8BA-07893791DA05}" = dir=out | name=trip journal | 
"{3A0649EC-A911-4F06-89B6-02A70AD3424A}" = dir=out | name=best western search & stay ℠ | 
"{3E012DD3-5C53-4B0E-BED8-6DEA43450D1A}" = dir=out | name=candy fun | 
"{3F52560E-7456-41A5-928A-78C14DD03917}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{43BE4613-6D28-4318-99D3-8D5770F4CF15}" = dir=out | name=windows 8 cheat keys | 
"{454F339E-8C4E-4BBB-B233-04A71221ED5E}" = dir=out | name=juniper networks junos pulse | 
"{456DADA7-9D4E-4741-A3A4-331913C04602}" = dir=out | name=blocks win8 | 
"{463353B0-5D3B-437C-A651-361D73F9A851}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{49D9D480-ED53-4D2D-8012-43516FA6FA3B}" = dir=out | name=tetrablox | 
"{4A496496-AA2B-4741-960B-D32E6871A1D6}" = dir=out | name=@{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{4DA07209-FECD-4106-BDBC-4850D62AD275}" = dir=in | name=trip journal | 
"{4E476ED4-E516-450C-8E65-1CAE62E4A67D}" = dir=in | name=microsoft solitaire collection | 
"{539FF009-1FA1-4EA3-9058-86053CF2A7BF}" = dir=in | name=powerdvd for lenovo idea | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{57952049-655C-4D2A-A4C0-73C3222B0644}" = dir=out | name=@{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{5C7AF41E-3BBA-4F20-8B44-6236A91D34CB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{609AD367-8180-4C0E-AE56-2A1A295CF9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{60B66153-9270-46FF-AA40-824D705C5721}" = dir=out | name=dominoes | 
"{632EFAD3-7745-4FFE-A226-ABA15AAC729A}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{6651A246-2914-43A9-8A86-51DBEBE93100}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{67A29117-4F25-4322-B1BF-D2C9857F9622}" = dir=out | name=@{microsoft.zunemusic_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{69F5C0C8-8B3E-42F0-BE02-3A0B7F4BA25B}" = dir=out | name=solitaire hd | 
"{69F98476-0660-4B12-B97D-E74B92F9DBAC}" = dir=out | name=learn windows8 | 
"{6AA5CC19-3267-4DD7-9FCA-01A4407229AA}" = dir=out | name=tunein radio | 
"{6DFFEE1D-9DE2-46AA-AE93-03E4BB5D835B}" = dir=out | name=windows_ie_ac_001 | 
"{6E296E6E-0EC0-4C2F-A799-75AB7CB86A65}" = dir=in | name=skype | 
"{6F117E1F-1333-4CA9-9255-B73E47BFEA67}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{710A0C1B-C733-4489-A8F7-F956CC79C763}" = dir=out | name=word search | 
"{72D7A3B2-3B51-45B3-A645-E6625EC970C6}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{751FA56D-2E04-4A95-B4AC-7CA085D01B1A}" = dir=out | name=xolitaire | 
"{761F2CB7-BC26-4351-A211-6EF5FE65E1E8}" = dir=out | name=hotels.com | 
"{7D7B0CCB-C2D2-4EDA-A50C-C18C9C593373}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{7E39BA56-82ED-4D56-99BB-7B34709E97B1}" = dir=out | name=@{828b5831.mahjonggartifacts2_1.0.0.0_x86__ytsefhwckbdv6?ms-resource://828b5831.mahjonggartifacts2/resources/kd_app_name} | 
"{7F40F28C-2801-4BBC-9E98-823DB7F78B6D}" = dir=out | name=new york city tourist guide | 
"{7FD377BE-D6C3-43FE-A016-45E8FE20119A}" = dir=out | name=@{digitalchemyllc.calculatorfree_1.4.0.78_neutral__q7s52g45wnx0g?ms-resource://digitalchemyllc.calculatorfree/resources/freeappname} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80DE8399-5FDC-4C27-A978-C79DC152BD08}" = dir=out | name=f5 vpn | 
"{832DC64F-026E-424D-9A05-6932DFA1CF2B}" = dir=out | name=@{43248summitdatacorp.freecellfree_1.9.6.0_x64__hmd3687kaknfw?ms-resource://43248summitdatacorp.freecellfree/resources/appnamefreecell} | 
"{83392BCF-5F10-42D8-AEAA-3B618ECB1E5E}" = dir=out | name=cribbage free | 
"{83638337-185F-4ACF-B096-493A4CDDAC32}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{8420C714-0699-4FA4-9B4E-69739744BC47}" = dir=in | name=check point vpn | 
"{862D9512-DD1A-41EF-BA9D-FC504740D6C4}" = dir=out | name=google search | 
"{87166AE4-1E4D-46E7-B1F7-B30A940FC514}" = dir=out | name=daily bread | 
"{87EDD23C-6FA0-41E9-B5B9-33F198AC3635}" = dir=out | name=@{43248summitdatacorp.switch_1.9.8.0_x64__hmd3687kaknfw?ms-resource://43248summitdatacorp.switch/resources/appnameswitch} | 
"{8A2A6A4A-8206-4DC0-9282-A34AF152E66F}" = dir=out | name=facebook | 
"{8D67CD59-DDAB-41DF-B1A2-103EA05562ED}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{8FE78F32-BB9E-4FED-B19D-B651BE0BB699}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9115EDBA-9EEB-4342-9909-DD53FFA2BD3E}" = dir=in | name=evernote touch | 
"{96FCB269-B27D-42C4-AE50-B17DC85FE6C0}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9EC6FC42-5435-49DD-AEBB-ADE91C508E08}" = dir=out | name=bubble blast 2 | 
"{A11AC77D-FBC5-4799-8D77-7A5B6AA751AC}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{A5CE8C65-D042-49EF-A35F-3A25E99931D9}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A6EEBC39-45DC-4B3C-8D2A-F0000ED28BC5}" = dir=in | name=f5 vpn | 
"{A7C9AF6D-DFCC-42F8-BE02-58192E9F682D}" = dir=out | name=@{microsoft.bingnews_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{A89A3BEC-C35E-4AAC-B7AB-0C0E98DC8596}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{AB0B7B6A-580D-4D83-A2C3-56853448B28A}" = dir=in | name=allrecipes | 
"{ADDED5E0-92A6-4318-A865-A21DA224B365}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{B04EF500-DE24-4802-9C83-377E48051EC3}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{B198F343-C66C-4E65-B844-64B695939FA2}" = dir=out | name=@{microsoft.zunevideo_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{B3DE4B33-15FB-4782-95A5-7EFD0304149A}" = dir=out | name=accuweather for windows 8 | 
"{B4D1F831-DC95-44DD-A86D-662F95B90C00}" = dir=out | name=holiday inn | 
"{B5B100BC-0355-4E31-A0C8-B0E980C8DD96}" = dir=out | name=lenovo support | 
"{B8A6B79A-023D-451B-856D-EC2DDFDAE18E}" = dir=out | name=mr. bean | 
"{B91595D6-6132-498F-A709-BFA583535AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{BFBCC636-CC1E-4C49-9AA8-CEE6DD69D3DB}" = dir=out | name=check point vpn | 
"{C0A276F1-3EAE-439F-94B1-A234949C201D}" = dir=out | name=@{b-interaktivegmbh.yahtzyfree_1.2.0.1_x64__qbsg90x8tpqqt?ms-resource://b-interaktivegmbh.yahtzyfree/resources/_appnamefree} | 
"{C33BCD6D-3C3F-41D2-BC3D-55537ADD8082}" = dir=out | name=@{livestrong.com.livestrong.comcalorietracker_1.5.0.2198_x64__pvk2r70nnyfg4?ms-resource://livestrong.com.livestrong.comcalorietracker/resources/manifest_package_displayname} | 
"{C3F1A0F9-0320-4309-AD22-A8B4A3C55412}" = dir=out | name=lenovo companion | 
"{C5E73044-88DB-49E8-8BA4-F7A9A4D3B43C}" = dir=out | name=word twirl | 
"{C60C489D-2430-4994-B48A-938E7CF5F079}" = dir=out | name=pacman pac-man super mega | 
"{C8E60CBC-1BD2-4407-8E5A-39775469AF94}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{CB76E387-6F03-4EA2-9036-39A89A57E8FA}" = dir=out | name=candy crush: walkthrough | 
"{D1417C9F-90E1-4FF8-8CD5-06951E6E4FC5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DA240A1F-A755-4246-80FC-098D34E09953}" = dir=out | name=groupon pro | 
"{DAEEFCF9-94E3-4ACF-ACAA-9C60C66A84C4}" = dir=in | name=@{828b5831.mahjonggartifacts2_1.0.0.0_x86__ytsefhwckbdv6?ms-resource://828b5831.mahjonggartifacts2/resources/kd_app_name} | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DCC85010-335F-4588-A859-F21E48FA0742}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{DD481504-FFDC-4102-9AAD-B7FEB99EE783}" = dir=out | name=microsoft mahjong | 
"{DD9AC0DF-3BF8-47D9-855F-F602FFCECF03}" = dir=in | name=juniper networks junos pulse | 
"{E0FDB39B-679F-4D62-AFE3-C196C28C635C}" = dir=out | name=@{3574gindasoft.to-dos_2.1.0.0_neutral__vhpcp2ef0a8kc?ms-resource://3574gindasoft.to-dos/resources/manifest_appname} | 
"{E14A41AB-D539-4BF5-BA64-87E0FE4D0857}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{E544865E-8C6E-4CED-AE9E-C52788ECACA9}" = dir=out | name=@{43248summitdatacorp.spidersolitairefree_1.9.6.0_x64__hmd3687kaknfw?ms-resource://43248summitdatacorp.spidersolitairefree/resources/appnamespider} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8241154-A1B1-4D81-B3AD-56E1A97A5E98}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{E8817B86-7292-46F5-BBE0-880C4D4FB396}" = dir=out | name=movie showtime | 
"{E98D3B89-792B-4F6B-9208-48EED99CA06F}" = dir=out | name=evernote touch | 
"{EA80D958-4352-4841-B159-524694575C1E}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EE60FE48-215F-4676-BE4C-0F82C91200A8}" = dir=out | name=@{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{F0C6D737-74EB-45D3-8B5D-4F2085B627BF}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{F154B593-DB28-4920-B7A6-C5C259269C4C}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{F160F3EA-C079-4DB4-B287-FAF910B22410}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F691C818-DB49-442A-AFC3-D20A717C071A}" = dir=out | name=skype | 
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F793BDC9-F899-4AFB-A33F-4CF70BDEE5C9}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{FA38778A-0967-477C-BA1D-CCB58A6FFC54}" = dir=out | name=windows_ie_ac_001 | 
"{FDC83C35-216F-494D-9C3C-34C855C5F083}" = dir=out | name=sonicwall mobile connect | 
"{FE7F1D42-D644-49DB-918A-1116B80DA402}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FF0A6408-CE02-4388-B665-1C9BEF43AF2E}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | 
"TCP Query User{540DB7E0-5531-45EB-BAD2-B1B6BEBDC236}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{6F21A7D8-2C7C-4ADC-BF92-0ADE8A0A360D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{96641659-6759-4FCE-B9DC-40526A86C97A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{B2DE8DFE-C8CD-4F0E-8400-6CEA0D93A143}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{66E2237E-2E10-48A2-B8D3-2092B8BA8484}" = Classic Shell
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{854E96CC-266C-4873-A50F-CDF5367EE848}" = AVG 2014
"{89D2FA50-6002-4AFB-8586-3E38B355E891}" = Intel® PROSet/Wireless WiFi Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC06BAEB-6D52-4D69-82EB-56CF1594C6A7}" = AVG 2014
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel® WiDi
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
"AVG" = AVG 2014
"CCleaner" = CCleaner
"DOLBY Config" = Dolby Config
"EPSON XP-310 Series" = EPSON XP-310 Series Printer Uninstall
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{2970697F-2A11-4588-8B7F-97322D1CCF3C}" = Epson Event Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005576}" = Rainbow Web 3
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}" = OpenOffice.org 3.4.1
"{A3B308B9-BE96-4334-816F-3D82B19A7DE2}" = Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}" = Shopping Helper Smartbar
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B38E9B55-7136-4E66-A084-320512FF3F6F}" = LTCM Client
"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DD7D6D84-93AB-48CA-A759-94324E341CBA}" = Intelligent Touchpad
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E6B105B8-1F65-4428-9397-1DFD8A03B94D}" = SupraSavings
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"DMUninstaller" = DMUninstaller
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON Scanner" = EPSON Scan
"Game Downloader" = Game Downloader
"GamesBar" = GamesBar 2.0.1.82
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Kobo" = Kobo
"Lenovo Dependency Package_is1" = Lenovo Dependency Package
"NewPlayer" = NewPlayer
"SugarSync" = SugarSync Manager
"VLC media player" = VLC media player 2.1.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-05-07 11:33:52 PM | Computer Name = Crafty | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail
 did not launch within its allotted time.
 
Error - 2014-05-07 11:34:18 PM | Computer Name = Crafty | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.3.9600.17031 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 3154    Start
 Time: 01cf6a6e49ead1aa    Termination Time: 4294967295    Application Path: C:\WINDOWS\system32\wwahost.exe
 
Report
 Id: 95634b4d-d661-11e3-bea5-08edb9d9f1ce    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe
 
Faulting
 package-relative application ID: Microsoft.WindowsLive.Mail  
 
Error - 2014-05-07 11:34:18 PM | Computer Name = Crafty | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 2014-05-07 11:38:21 PM | Computer Name = Crafty | Source = Application Hang | ID = 1002
Description = The program backgroundTaskHost.exe version 6.3.9600.16384 stopped 
interacting with Windows and was closed. To see if more information about the problem
 is available, check the problem history in the Action Center control panel.    Process
 ID: d48    Start Time: 01cf6a6e3dd84ea5    Termination Time: 4294967295    Application Path:
 C:\WINDOWS\system32\backgroundTaskHost.exe    Report Id: 31d1625d-d662-11e3-bea5-08edb9d9f1ce
 
Faulting
 package full name: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt    Faulting package-relative
 application ID: App  
 
Error - 2014-05-08 10:12:56 PM | Computer Name = Crafty | Source = Application Hang | ID = 1002
Description = The program backgroundTaskHost.exe version 6.3.9600.16384 stopped 
interacting with Windows and was closed. To see if more information about the problem
 is available, check the problem history in the Action Center control panel.    Process
 ID: 99c    Start Time: 01cf6b2b7f134676    Termination Time: 4294967295    Application Path:
 C:\WINDOWS\syswow64\backgroundTaskHost.exe    Report Id: 6cf6d62c-d71f-11e3-bea5-08edb9d9f1ce
 
Faulting
 package full name: Microsoft.MicrosoftMahjong_2.3.1403.3117_x86__8wekyb3d8bbwe    Faulting
 package-relative application ID: MicrosoftMahjong  
 
Error - 2014-05-09 10:17:35 AM | Computer Name = Crafty | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 2014-05-09 7:37:25 PM | Computer Name = Crafty | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 2014-05-09 7:37:26 PM | Computer Name = Crafty | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 2014-05-09 7:37:27 PM | Computer Name = Crafty | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 2014-05-09 7:37:27 PM | Computer Name = Crafty | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 2014-05-09 7:37:30 PM | Computer Name = Crafty | Source = MsiInstaller | ID = 10005
Description = 
 
[ System Events ]
Error - 2014-05-08 12:06:14 AM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-08 12:06:14 AM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-08 10:09:59 PM | Computer Name = Crafty | Source = bowser | ID = 8003
Description = 
 
Error - 2014-05-08 10:23:51 PM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-08 10:23:51 PM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-08 10:23:52 PM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-09 7:43:41 PM | Computer Name = Crafty | Source = Service Control Manager | ID = 7034
Description = The Computer Backup (MyPC Backup) service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 2014-05-09 7:55:25 PM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-09 7:55:25 PM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-09 7:55:25 PM | Computer Name = Crafty | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
 
 
Thanks for any help!
 
Jim Dearden

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi!Jim Dearden, My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Please remove these programs Start > Control panel > programs & Features.

1-Shopping Helper Smartbar
2-SupraSavings


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply please post:

    1- AdwCleaner [SO].txt
    2- JRT.txt

    Thanks
    Joe :)

  • 0

#3
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi zep516,

 

thanks for the help!

 

Please remove these programs Start > Control panel > programs & Features.

1-Shopping Helper Smartbar
2-SupraSavings

 

 

1-ShoppingHelper Smartbar - unistall can't find the uninstaller msi

2- SupraSavings - not in the program list.

 

Here's the AdwCleaner[S0].txt file:

 

# AdwCleaner v3.208 - Report created 14/05/2014 at 07:54:14
# Updated 11/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Joyce McEachern 2 - CRAFTY
# Running from : C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : NewPlayerUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\GamesBar
Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\DiscaoUntLocatoR
Folder Deleted : C:\ProgramData\RoyaliCoupoN
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Program Files (x86)\DiscaoUntLocatoR
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\apn
Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Genesis
Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\NewPlayer
Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\PriceMeterLiveUpdate
Folder Deleted : C:\Users\Joyce McEachern\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Joyce McEachern\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Joyce McEachern\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[!] Folder Deleted : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\NewPlayer.lnk
File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\Joyce McEachern\daemonprocess.txt
File Deleted : C:\Users\Joyce McEachern\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Joyce McEachern\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\user.js
File Deleted : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\WINDOWS\Tasks\APSnotifierPP1.job
File Deleted : C:\WINDOWS\System32\Tasks\APSnotifierPP1
File Deleted : C:\WINDOWS\Tasks\APSnotifierPP2.job
File Deleted : C:\WINDOWS\System32\Tasks\APSnotifierPP2
File Deleted : C:\WINDOWS\Tasks\APSnotifierPP3.job
File Deleted : C:\WINDOWS\System32\Tasks\APSnotifierPP3
File Deleted : C:\WINDOWS\System32\Tasks\LaunchApp
File Deleted : C:\WINDOWS\Tasks\MySearchDial.job
File Deleted : C:\WINDOWS\System32\Tasks\MySearchDial
File Deleted : C:\WINDOWS\System32\Tasks\pricemeterdownloader
File Deleted : C:\WINDOWS\System32\Tasks\pricemetertask
File Deleted : C:\WINDOWS\System32\Tasks\pricemeterwatcher

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchEngineProtection]
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\gamesbar
Key Deleted : HKCU\Software\genesis
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\gamesbar
Key Deleted : HKLM\Software\NewPlayer
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
Deleted [Extension] : majjphhgppkndjjkmhhnbgafooenebhd

[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16400 octets] - [14/05/2014 07:41:48]
AdwCleaner[R1].txt - [16461 octets] - [14/05/2014 07:52:49]
AdwCleaner[S0].txt - [12852 octets] - [14/05/2014 07:54:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12913 octets] ##########
 

Here's the JRT.txt file:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Joyce McEachern 2 on 2014-05-14 at  8:04:50.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-05-14 at  8:08:26.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Thanks again!

 

Jim


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
You're welcome :)

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\.DEFAULT\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-18\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
    IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
    IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://feed.snapdo.c...q=
    IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59472;https=127.0.0.1:59472
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found 
    O4 - HKU\S-1-5-21-976370131-2331909618-2087438408-1002..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" File not found
    O4 - HKU\S-1-5-21-976370131-2331909618-2087438408-1002..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-310 Series" File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
    O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) -  File not found
    [2014-05-09 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Optimizer Pro
    [2014-04-27 09:22:24 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\fastcleanpro
    [2014-04-26 22:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PriceMeterLiveUpdate
    [2014-04-26 22:00:35 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\systweak
    [2014-04-26 21:51:56 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\newplayer
    [2014-04-26 21:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
    [2014-04-26 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
    [2014-04-26 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Activeris
    [2014-04-26 21:48:50 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    [2014-04-26 21:45:44 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Genesis
    [2014-04-26 21:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\003
    [1 C:\Users\Joyce McEachern\AppData\Local\*.tmp files -> C:\Users\Joyce McEachern\AppData\Local\*.tmp -> ]
    [2014-05-13 13:13:01 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Price Meter Updater.job
    [2014-05-13 08:00:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\MySearchDial.job
    [2014-05-02 00:42:16 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
    [2014-05-02 00:42:16 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
    [2014-04-27 22:27:11 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
    2014-04-26 21:53:40 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
    @Alternate Data Stream - 220 bytes -> C:\Users\Joyce McEachern\SkyDrive:ms-properties
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DE22D45C
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
    
    
    :Files
    
    ipconfig /flushdns /c
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:

1-OTL Fix lix log located here-> C:\_OTL\Moved Files
1- New OTL Log after quick scan.

Thanks
Joe :)
  • 0

#5
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here you go Joe!

 

Fix Log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKEY_USERS\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000001 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll deleted successfully.
C:\Program Files (x86)\System Optimizer Pro folder moved successfully.
C:\Users\Joyce McEachern\AppData\Local\fastcleanpro\Logs folder moved successfully.
C:\Users\Joyce McEachern\AppData\Local\fastcleanpro\fastcleanpro.exe_Url_kv14dt5yiys1fi05fch3u155bolmnofm\1.0.0.0 folder moved successfully.
C:\Users\Joyce McEachern\AppData\Local\fastcleanpro\fastcleanpro.exe_Url_kv14dt5yiys1fi05fch3u155bolmnofm folder moved successfully.
C:\Users\Joyce McEachern\AppData\Local\fastcleanpro folder moved successfully.
Folder C:\ProgramData\PriceMeterLiveUpdate\ not found.
Folder C:\Users\Joyce McEachern\AppData\Roaming\systweak\ not found.
Folder C:\Users\Joyce McEachern\AppData\Local\newplayer\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer\ not found.
Folder C:\Program Files (x86)\NewPlayer\ not found.
Folder C:\Users\Joyce McEachern\AppData\Roaming\Activeris\ not found.
Folder C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\ not found.
Folder C:\Users\Joyce McEachern\AppData\Local\Genesis\ not found.
Folder C:\Program Files\003\ not found.
C:\Users\Joyce McEachern\AppData\Local\nsv82AC.tmp deleted successfully.
C:\Windows\Tasks\Price Meter Updater.job moved successfully.
File C:\WINDOWS\tasks\MySearchDial.job not found.
File C:\WINDOWS\tasks\APSnotifierPP1.job not found.
File C:\WINDOWS\tasks\APSnotifierPP3.job not found.
File C:\WINDOWS\tasks\APSnotifierPP2.job not found.
Unable to delete ADS C:\Users\Joyce McEachern\SkyDrive:ms-properties .
ADS C:\ProgramData\Temp:DE22D45C deleted successfully.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joyce McEachern\Desktop\cmd.bat deleted successfully.
C:\Users\Joyce McEachern\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 415060404 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
 
User: Default.migrated
 
User: Joyce McEachern
->Temp folder emptied: 1876513 bytes
->Temporary Internet Files folder emptied: 5779701 bytes
->Java cache emptied: 862861 bytes
->Google Chrome cache emptied: 11397116 bytes
->Flash cache emptied: 595 bytes
 
User: Joyce McEachern 2
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10995623 bytes
RecycleBin emptied: 525847688 bytes
 
Total Files Cleaned = 927.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05142014_093136
 
Files\Folders moved on Reboot...
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
OTL quick scan log:
 

OTL logfile created on: 2014-05-14 9:37:01 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joyce McEachern\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.87 Gb Total Physical Memory | 6.48 Gb Available Physical Memory | 82.36% Memory free
9.12 Gb Paging File | 7.72 Gb Available in Paging File | 84.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 650.96 Gb Total Space | 616.16 Gb Free Space | 94.65% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.03 Gb Free Space | 88.11% Space Free | Partition Type: NTFS
 
Computer Name: CRAFTY | User Name: Joyce McEachern 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-05-13 13:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
PRC - [2014-05-08 09:48:48 | 000,041,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2014-04-18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-04-06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-03-27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-12-21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-11-12 00:44:29 | 000,363,520 | ---- | M] (Microsoft) -- C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe
PRC - [2013-09-17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2013-03-28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012-10-28 10:29:22 | 000,063,488 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012-08-13 12:11:44 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012-08-13 12:11:44 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012-07-27 14:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012-07-27 14:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012-07-17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-06-25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-05-01 21:56:02 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE
PRC - [2012-03-28 21:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-04-15 14:19:49 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servdea05680#\0c4ca02c69ce55cfcfefb541f195d705\System.ServiceModel.Primitives.ni.dll
MOD - [2014-04-15 14:19:48 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ee53227bcc4430088d0b560752c1cd02\System.ServiceModel.Internals.ni.dll
MOD - [2014-04-15 14:19:46 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\352d34797f7cd44cd0973c33539200f1\SMDiagnostics.ni.dll
MOD - [2014-04-15 14:19:42 | 000,770,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
MOD - [2014-04-10 15:11:33 | 000,797,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
MOD - [2014-04-10 15:11:31 | 000,238,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
MOD - [2014-04-10 15:11:26 | 000,402,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
MOD - [2014-04-10 15:11:25 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.caf7096d#\a609227cf29283a141334946144866f3\System.Net.Primitives.ni.dll
MOD - [2014-04-10 15:11:24 | 000,133,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
MOD - [2014-04-10 15:11:20 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtdf6812ee#\b7c90cd61aa57b4858a896d7e33c30d9\System.Runtime.Serialization.Primitives.ni.dll
MOD - [2014-04-10 15:11:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Diagaa8d7fa5#\a374d5cee262e00ef48bb80a46ef261b\System.Diagnostics.Debug.ni.dll
MOD - [2014-04-10 15:11:18 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
MOD - [2014-04-10 15:11:18 | 000,304,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
MOD - [2014-04-10 15:11:17 | 000,960,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
MOD - [2014-04-10 15:11:17 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\67dd353e70bac0caa6a7dde153081d12\System.ObjectModel.ni.dll
MOD - [2014-04-10 15:11:16 | 001,130,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
MOD - [2014-04-10 15:11:16 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
MOD - [2014-04-10 15:11:16 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\7ab875026ab88e106bf40c8db4f640a1\System.Threading.Tasks.ni.dll
MOD - [2014-04-10 15:11:16 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Collections\ebeafb298ff3f25b6291e44deceb1d0c\System.Collections.ni.dll
MOD - [2014-04-10 15:11:14 | 003,530,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
MOD - [2014-04-10 15:11:14 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\1849d6bdd0f61a224d41ac2963221204\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2014-04-10 15:11:10 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime\7bf2203bf2d88857c463948cccf6156c\System.Runtime.ni.dll
MOD - [2014-04-10 13:36:25 | 000,041,984 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\fd561324312606ea5e028d3d974483e6\Microsoft.Games.Sentient.ni.dll
MOD - [2014-04-10 13:36:18 | 000,122,368 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\5e7a3519c51f6a3f39c48752e8487c57\Arkadium.ApplicationFramework.ni.dll
MOD - [2014-04-10 13:36:15 | 000,469,504 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\6416f87092fbbe9e12dafdd5bd1f2824\Microsoft.Xbox.ni.dll
MOD - [2014-04-10 13:36:12 | 000,563,200 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\d83cf8f4a7a1fa6022aa3f838c352e38\Arkadium.Advertisement.ni.dll
MOD - [2014-04-10 13:36:12 | 000,285,696 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\ec4bdd23e3efae51dd3a55fc30564d3d\Arkadium.WindowsStoreModule.ni.dll
MOD - [2014-04-10 13:36:12 | 000,254,976 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\d7bf5f6e41423876649185ab22fc2852\Arkadium.CdnModule.ni.dll
MOD - [2014-04-10 13:36:11 | 000,142,848 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\3d4a5498d7f0cd8980c9eec61eb0a1cd\Arkadium.AchievementsModule.ni.dll
MOD - [2014-04-10 13:36:10 | 000,295,936 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\a9f01fd5168602e1f2337fb96b641dba\Arkadium.LeaderboardModule.ni.dll
MOD - [2014-04-10 13:36:10 | 000,246,784 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\3a209adbb856f3ef11e419d9e90ba636\Arkadium.AwardsModule.ni.dll
MOD - [2014-04-10 13:36:10 | 000,114,176 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\4aa48440ff18447c1ccf234df9edcf95\Arkadium.Xaml.Toolkit.ni.dll
MOD - [2014-04-10 13:36:09 | 001,696,256 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\5c7e1b3c9657928343fb4a5c211495bb\Arkadium.DailyChallengeModule.ni.dll
MOD - [2014-04-10 13:36:01 | 000,227,328 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
MOD - [2014-04-10 13:22:28 | 007,802,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014-04-10 13:22:04 | 019,566,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dll
MOD - [2014-04-10 13:21:47 | 000,573,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\32aee6654d81a07e698f9ee18c886a2a\System.Runtime.WindowsRuntime.ni.dll
MOD - [2014-04-10 13:21:47 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\ed68489987b413410ccb94c6e704f6b4\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2014-04-10 13:21:46 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a\System.Runtime.Serialization.ni.dll
MOD - [2014-04-10 13:21:24 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014-04-10 13:20:08 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014-04-10 13:19:56 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014-01-27 07:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2012-08-10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-04-09 20:53:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-03-08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-03-06 02:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-02-22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 05:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-01-27 11:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013-12-10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-23 00:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-11-14 03:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013-10-30 20:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013-10-30 20:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-09-17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2013-09-04 19:12:54 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-05-01 16:00:00 | 000,651,328 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012-10-28 10:29:22 | 000,063,488 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012-09-06 18:53:50 | 000,957,304 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012-07-18 15:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012-07-18 15:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012-07-18 15:14:04 | 000,627,504 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012-07-18 15:13:40 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012-06-08 05:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012-05-17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2012-04-20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014-04-29 18:13:50 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-04-18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-03-27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-12-26 20:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-12-21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-12-21 01:02:54 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-11-14 03:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-07-17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-04-18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-03-31 16:06:48 | 000,274,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014-03-31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-03-27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-03-27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-03-27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-03-27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-03-27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-03-19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 16:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 11:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-02-22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 11:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-02-22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 11:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-09 23:49:01 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-02-09 23:49:00 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-02-09 23:49:00 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-26 20:42:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013-12-21 01:02:44 | 004,216,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-12-14 19:34:54 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-12-14 19:34:54 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-12-04 14:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-11-14 03:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 03:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 03:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 03:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-10-30 20:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-10-30 20:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013-10-30 20:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-09-04 19:12:52 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013-09-04 19:12:38 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013-09-04 16:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-08 14:37:41 | 003,344,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013-06-18 10:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-10-06 09:18:49 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012-10-06 09:18:49 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012-08-29 22:23:58 | 000,186,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012-08-29 22:23:56 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012-08-29 22:23:54 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012-08-26 22:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-08-26 22:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-08-24 05:07:36 | 000,975,104 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2012-08-16 16:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-08-09 22:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012-07-26 19:48:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012-07-02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-26 22:08:32 | 001,608,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012-06-19 10:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-15 01:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-06-13 20:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6097BA1E-EA64-4BFD-8552-16337C2FC9A0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6097BA1E-EA64-4BFD-8552-16337C2FC9A0}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Google Search = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pin It Button = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.1_0\
CHR - Extension: Yaimo extension = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl\1.0_0\
CHR - Extension: Yaimo extension = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl\1.0_1\
CHR - Extension: Google Wallet = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-05-14 09:32:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O4 - Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.69.184.199 67.69.184.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03EC1FA-029B-4335-BFA7-84B7972033A3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E58F82D0-718D-485E-A269-3D8F30AE6AB4}: DhcpNameServer = 67.69.184.199 67.69.184.7
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-05-14 09:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-05-14 08:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-05-14 08:02:30 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Joyce McEachern\Desktop\JRT.exe
[2014-05-14 07:42:03 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014-05-14 07:41:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-05-13 13:32:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
[2014-05-13 04:27:36 | 000,000,000 | ---D | C] -- C:\cce_linux
[2014-05-11 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
[2014-05-11 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
[2014-05-11 20:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-05-11 20:39:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-05-11 20:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-05-11 20:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014-05-11 20:35:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\MFAData
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Avg2014
[2014-05-11 03:18:54 | 000,000,000 | ---D | C] -- C:\RescueCD Logs
[2014-05-10 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014-05-10 21:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014-05-10 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
[2014-05-09 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\Doctor Web
[2014-05-09 21:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014-05-09 21:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-05-09 18:37:40 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-05-09 18:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-04-27 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
[2014-04-27 20:25:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014-04-27 09:19:18 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
[2014-04-26 22:31:13 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\com
[2014-04-26 22:02:26 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\.android
[2014-04-26 22:02:25 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\cache
[2014-04-21 12:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\d8b241c0b0684db9
[2014-04-20 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Oracle
[2014-04-20 15:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-04-18 15:01:30 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014-05-14 09:35:59 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-05-14 09:35:33 | 000,000,369 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
[2014-05-14 09:35:27 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-14 09:33:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-05-14 09:33:57 | 2464,378,879 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-14 09:32:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014-05-14 09:29:13 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-05-14 09:29:13 | 000,735,932 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-05-14 09:29:13 | 000,139,816 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-05-14 08:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-14 08:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-05-14 08:02:34 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Joyce McEachern\Desktop\JRT.exe
[2014-05-14 07:40:53 | 000,000,111 | ---- | M] () -- C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Virus, Spyware, Malware Removal.url
[2014-05-14 07:39:18 | 001,325,827 | ---- | M] () -- C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
[2014-05-13 13:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
[2014-05-13 13:25:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
[2014-05-13 13:25:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
[2014-05-13 13:25:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
[2014-05-13 13:25:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
[2014-05-13 13:17:45 | 000,000,166 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014-05-13 07:09:20 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-05-11 20:40:07 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-05-09 19:48:09 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014-05-09 19:31:54 | 001,201,864 | ---- | M] () -- C:\Users\Joyce McEachern\Documents\malware-scan.xml
[2014-05-09 18:42:02 | 000,000,702 | ---- | M] () -- C:\WINDOWS\SysWow64\ff.bin
[2014-05-09 18:31:19 | 000,000,552 | ---- | M] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014-04-27 21:00:01 | 000,000,043 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
[2014-04-18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
 
========== Files Created - No Company Name ==========
 
[2014-05-14 07:40:53 | 000,000,111 | ---- | C] () -- C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Virus, Spyware, Malware Removal.url
[2014-05-14 07:39:15 | 001,325,827 | ---- | C] () -- C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
[2014-05-11 20:40:07 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-05-10 22:13:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014-05-09 20:05:14 | 000,000,369 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
[2014-05-09 19:45:52 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014-05-09 19:32:23 | 001,201,864 | ---- | C] () -- C:\Users\Joyce McEachern\Documents\malware-scan.xml
[2014-04-27 21:00:01 | 000,000,043 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
[2014-04-27 12:26:23 | 000,000,702 | ---- | C] () -- C:\WINDOWS\SysWow64\ff.bin
[2014-04-27 09:19:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014-04-26 22:01:07 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysNative\sasnative64.exe
[2014-04-26 21:53:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014-04-09 21:07:39 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-18 21:32:09 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-12-21 01:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-12-21 01:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-12-21 01:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 12:44:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\XP-310.ini
[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-08-07 23:13:46 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\none23134638.bat
[2012-10-06 09:00:52 | 000,001,897 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2012-10-06 09:00:52 | 000,001,897 | ---- | C] () -- C:\WINDOWS\SysWow64\vm331Rmv.ini
[2012-10-06 08:48:34 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012-07-25 16:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012-07-25 16:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2014-04-01 01:54:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-19 23:48:41 | 021,232,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-19 21:20:53 | 018,679,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-08-23 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Acer
[2014-05-11 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
[2013-08-23 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Epson
[2013-08-23 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Leader Technologies
[2013-08-22 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Leadertech
[2014-02-12 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Lenovo
[2013-01-18 00:51:55 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Oberon Media
[2013-12-24 16:45:14 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\OpenOffice.org
[2014-04-20 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Oracle
[2014-05-11 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
[2014-02-12 22:51:37 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Joyce McEachern\SkyDrive:ms-properties
 
< End of report >
 
Thanks,
 
Jim

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello Jim Dearden,

I see a clean OTL Log. Can you tell me if you have any more issues, pop ups, redirects etc.

The last step of the exercise is to run an Eset on-Line scan, and clean up all the tools we used.

Thanks
Joe :)
  • 0

#7
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

no symptoms so far... I'll run the onlin scan and clean up, and let you know!

 

Jim


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Do it this way,

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

#9
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

I've finished the scan, and will post the results below.

 

I think there is a problem, however. I had a boot-time crash, Windows did a disk scan, and the went into a setting up Windows message, and booted into what looked like a first-time users desktop. 

 

Upon reboot, the original user was back. However, both Explorer and Chrome have been hijacked to a www(dot)yaimo(dot)com start page, which I can't override. 

 

It looks like Windows used a restore point, (didn't give me a choice in the matter) and faithfully restored some of the problems. (mutter, mutter, scream...)

 

Also, I just checked, and the log isn't there. I'll run it again, and report back.

 

Jim


  • 0

#10
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

Here's the online scan log:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e37bd63739fb734eb2f6169be5ff72f1
# engine=18267
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-15 02:04:19
# local_time=2014-05-14 10:04:19 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 184420 16514156 0 0
# scanned=204337
# found=10
# cleaned=0
# scan_time=2961
sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="a variant of MSIL/DomaIQ.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir"
sh=E176D7F68E9CC6D03E8555B51565423033CDF6A9 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joyce McEachern\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir"
sh=E45C1D583BDD644F636D8DA387761796CE1D7038 ft=1 fh=fe33acdf835fbfaa vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joyce McEachern\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=75773C452146645B80387025120B3AFC1BD7F608 ft=1 fh=f924702fd032a998 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joyce McEachern\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=CD814F8CAC8880831029BCA4568031141FFE8534 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joyce McEachern\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=D9B3BA161D98EA1AD0E61015B2F11DB47A0A6875 ft=1 fh=8252b73ae811ba6a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joyce McEachern\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Joyce McEachern\Downloads\ccsetup413.exe"
sh=3947DC53990D4C0F5E5F655818233800CF9F601B ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.C potentially unwanted application" ac=I fn="C:\Windows\Installer\4cb99b80.msi"
sh=F900184DCFE3A6F825E5B995124985906A9C573D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ[1].7z"
sh=F900184DCFE3A6F825E5B995124985906A9C573D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ[1].7z"
 
 
Jim

  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi Jim,

How is everything with the computer ?

Just a few "minor" things we can get rid of of. If you look at the ESET Log close you can see that AdwCleaner has most of the files already Quarantined. We can clean up the left overs using OTL.

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    
    :Files
    C:\Users\Joyce McEachern\Downloads\ccsetup413.exe"
    C:\Windows\Installer\4cb99b80.msi
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ[1].7z
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ[1].7z
    
    :Commands
    
    [emptytemp]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Thanks
Joe :)
  • 0

#12
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

The computer seems to be working ok, with a few browser problems. Chrome opens fine with the right home page, but also pops up a message, "Your preferences cannot be read. Some features may be unavailable and changes to preferences won't be saved."

 

Explorer still has the Yaimo com page hijack.

 

Here's the fix log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\Users\Joyce McEachern\Downloads\ccsetup413.exe moved successfully.
C:\Windows\Installer\4cb99b80.msi moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ[1].7z moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-ORJ[1].7z not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
 
User: Default.migrated
 
User: Joyce McEachern
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6444399 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11476857 bytes
->Flash cache emptied: 506 bytes
 
User: Joyce McEachern 2
 
User: Public
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6864 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 17.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05152014_222225
 
Files\Folders moved on Reboot...
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File\Folder C:\WINDOWS\temp\APPX.35f1tpf7pnwtkzaxnzinkf7fc.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.397z8uj7pukr7n6yz7i1xdhse.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.3pvlzngbnww9onbzspcm97qig.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.62pcnuho0a8snm1l6ly32xplg.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.o_uk5vibc6wp3vklwnxe255ub.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.wp67t3xzh7u16kgrnzj76_yyb.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.__ix_wncc9rzirwmegbr0c9l.tmp not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Here's the OTL txt file:
 

OTL logfile created on: 2014-05-15 10:27:28 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joyce McEachern\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.87 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 78.34% Memory free
9.12 Gb Paging File | 7.42 Gb Available in Paging File | 81.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 650.96 Gb Total Space | 614.14 Gb Free Space | 94.34% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.03 Gb Free Space | 88.11% Space Free | Partition Type: NTFS
 
Computer Name: CRAFTY | User Name: Joyce McEachern 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-05-13 13:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
PRC - [2014-04-18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-04-06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-04-01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-03-27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-12-21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-09-17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2013-03-28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012-10-28 10:29:22 | 000,063,488 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012-08-13 12:11:44 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012-08-13 12:11:44 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012-07-27 14:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012-07-27 14:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012-07-17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-06-25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-05-01 21:56:02 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE
PRC - [2012-03-28 21:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-04-01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014-04-01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014-04-01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014-04-01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014-04-01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014-04-01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2012-08-10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-04-09 20:53:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-03-08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-03-06 02:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-02-22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 05:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-01-27 11:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013-12-10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-23 00:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-11-14 03:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013-10-30 20:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013-10-30 20:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-09-17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2013-09-04 19:12:54 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-05-01 16:00:00 | 000,651,328 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012-10-28 10:29:22 | 000,063,488 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012-09-06 18:53:50 | 000,957,304 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012-07-18 15:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012-07-18 15:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012-07-18 15:14:04 | 000,627,504 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012-07-18 15:13:40 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012-06-08 05:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012-05-17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2012-04-20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014-05-14 18:14:03 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-04-18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-03-27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-12-26 20:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-12-21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-12-21 01:02:54 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-11-14 03:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-07-17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-04-18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-03-31 16:06:48 | 000,274,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014-03-31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-03-27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-03-27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-03-27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-03-27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-03-27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-03-19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 16:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 11:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-02-22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 11:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-02-22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 11:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-09 23:49:01 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-02-09 23:49:00 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-02-09 23:49:00 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-26 20:42:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013-12-21 01:02:44 | 004,216,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-12-14 19:34:54 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-12-14 19:34:54 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-12-04 14:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-11-14 03:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 03:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 03:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 03:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-10-30 20:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-10-30 20:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013-10-30 20:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-09-04 19:12:52 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013-09-04 19:12:38 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013-09-04 16:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-08 14:37:41 | 003,344,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013-06-18 10:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-10-06 09:18:49 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012-10-06 09:18:49 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012-08-29 22:23:58 | 000,186,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012-08-29 22:23:56 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012-08-29 22:23:54 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012-08-26 22:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-08-26 22:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-08-24 05:07:36 | 000,975,104 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2012-08-16 16:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-08-09 22:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012-07-26 19:48:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012-07-02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-26 22:08:32 | 001,608,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012-06-19 10:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-15 01:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-06-13 20:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6097BA1E-EA64-4BFD-8552-16337C2FC9A0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6097BA1E-EA64-4BFD-8552-16337C2FC9A0}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes,DefaultScope = {BF51FC24-C5CA-4757-B9AF-522522AD814E}
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\..\SearchScopes\{BF51FC24-C5CA-4757-B9AF-522522AD814E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-976370131-2331909618-2087438408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Google Search = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pin It Button = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.1_0\
CHR - Extension: Yaimo extension = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-05-14 09:32:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O4 - Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03EC1FA-029B-4335-BFA7-84B7972033A3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E58F82D0-718D-485E-A269-3D8F30AE6AB4}: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-05-14 18:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014-05-14 09:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-05-14 08:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-05-14 08:02:30 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Joyce McEachern\Desktop\JRT.exe
[2014-05-14 07:42:03 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014-05-14 07:41:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-05-13 13:32:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
[2014-05-13 04:27:36 | 000,000,000 | ---D | C] -- C:\cce_linux
[2014-05-11 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
[2014-05-11 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
[2014-05-11 20:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-05-11 20:39:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-05-11 20:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-05-11 20:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014-05-11 20:35:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\MFAData
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-05-11 20:35:54 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Avg2014
[2014-05-11 03:18:54 | 000,000,000 | ---D | C] -- C:\RescueCD Logs
[2014-05-10 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014-05-10 21:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014-05-10 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
[2014-05-09 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\Doctor Web
[2014-05-09 21:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014-05-09 21:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-05-09 18:37:40 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-05-09 18:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-04-27 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
[2014-04-27 20:25:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014-04-27 09:19:18 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
[2014-04-26 22:31:13 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\com
[2014-04-26 22:02:26 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\.android
[2014-04-26 22:02:25 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Local\cache
[2014-04-21 12:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\d8b241c0b0684db9
[2014-04-20 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Joyce McEachern\AppData\Roaming\Oracle
[2014-04-20 15:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-04-18 15:01:30 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014-05-15 22:26:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-05-15 22:25:25 | 000,000,369 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
[2014-05-15 22:25:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
[2014-05-15 22:25:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
[2014-05-15 22:25:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
[2014-05-15 22:25:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
[2014-05-15 22:24:58 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-15 22:24:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-05-15 22:24:36 | 2464,378,879 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-15 22:21:37 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-05-15 22:21:37 | 000,735,932 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-05-15 22:21:37 | 000,139,816 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-05-15 02:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-05-15 01:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-14 09:32:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014-05-14 08:02:34 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Joyce McEachern\Desktop\JRT.exe
[2014-05-14 07:40:53 | 000,000,111 | ---- | M] () -- C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Virus, Spyware, Malware Removal.url
[2014-05-14 07:39:18 | 001,325,827 | ---- | M] () -- C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
[2014-05-13 13:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce McEachern\Desktop\OTL.exe
[2014-05-13 13:17:45 | 000,000,166 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014-05-13 07:09:20 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-05-11 20:40:07 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-05-09 19:48:09 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014-05-09 19:31:54 | 001,201,864 | ---- | M] () -- C:\Users\Joyce McEachern\Documents\malware-scan.xml
[2014-05-09 18:42:02 | 000,000,702 | ---- | M] () -- C:\WINDOWS\SysWow64\ff.bin
[2014-05-09 18:31:19 | 000,000,552 | ---- | M] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014-04-27 21:00:01 | 000,000,043 | ---- | M] () -- C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
[2014-04-18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
 
========== Files Created - No Company Name ==========
 
[2014-05-14 07:40:53 | 000,000,111 | ---- | C] () -- C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Virus, Spyware, Malware Removal.url
[2014-05-14 07:39:15 | 001,325,827 | ---- | C] () -- C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
[2014-05-11 20:40:07 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-05-10 22:13:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014-05-09 20:05:14 | 000,000,369 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
[2014-05-09 19:45:52 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014-05-09 19:32:23 | 001,201,864 | ---- | C] () -- C:\Users\Joyce McEachern\Documents\malware-scan.xml
[2014-04-27 21:00:01 | 000,000,043 | ---- | C] () -- C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
[2014-04-27 12:26:23 | 000,000,702 | ---- | C] () -- C:\WINDOWS\SysWow64\ff.bin
[2014-04-27 09:19:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014-04-26 22:01:07 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysNative\sasnative64.exe
[2014-04-26 21:53:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014-04-09 21:07:39 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-18 21:32:09 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-12-21 01:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-12-21 01:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-12-21 01:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 12:44:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\XP-310.ini
[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-08-07 23:13:46 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\none23134638.bat
[2012-10-06 09:00:52 | 000,001,897 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2012-10-06 09:00:52 | 000,001,897 | ---- | C] () -- C:\WINDOWS\SysWow64\vm331Rmv.ini
[2012-10-06 08:48:34 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012-07-25 16:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012-07-25 16:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2014-04-01 01:54:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-19 23:48:41 | 021,232,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-19 21:20:53 | 018,679,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-08-23 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Acer
[2014-05-11 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
[2013-08-23 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Epson
[2013-08-23 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Leader Technologies
[2013-08-22 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Leadertech
[2014-02-12 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Lenovo
[2013-01-18 00:51:55 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Oberon Media
[2013-12-24 16:45:14 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\OpenOffice.org
[2014-04-20 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\Oracle
[2014-05-11 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
[2014-02-12 22:51:37 | 000,000,000 | ---D | M] -- C:\Users\Joyce McEachern\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Joyce McEachern\SkyDrive:ms-properties
 
< End of report >
 
 
Thanks again!
 
Jim

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,
 

The computer seems to be working ok, with a few browser problems. Chrome opens fine with the right home page, but also pops up a message, "Your preferences cannot be read. Some features may be unavailable and changes to preferences won't be saved."
Explorer still has the Yaimo com page hijack.


I see the Yaimo in Chrome, CHR - Extension: Yaimo extension = C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl\1.0_0\

1-Click the Chrome menu button on the browser toolbar, select Tools and then click on Extensions.

2-In the Extensions tab, remove Yaimo by clicking on the Recycle Bin at the end of the row.

See Here. for removing Chrome extensions.

Let me look a bit more at Internet Explorer, and the error you're receiving in chrome, and Ill get back to you. In the mean time if you have time.

Could you run this for me too,

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Thanks
Joe :)
  • 0

#14
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

I remove the extension in Chrome, but it come back every time I load Chrome. This may be tied to the preferences problem. I googled that, and it seems that it's a file permissions issue, which may be why I can't fully delete the extension.

 

Here is the FRST.tx file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 (administrator) on CRAFTY on 16-05-2014 10:25:44
Running from C:\Users\Joyce McEachern\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-26] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-26] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKLM - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKCU - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = 
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Drive) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-12]
CHR Extension: (YouTube) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-12]
CHR Extension: (Adblock Plus) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-11-12]
CHR Extension: (Google Search) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-12]
CHR Extension: (Pin It Button) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-10-10]
CHR Extension: (Yaimo extension) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl [2014-05-16]
CHR Extension: (Google Wallet) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-12]
CHR HKLM-x32\...\Chrome\Extension: [jgapnhijgmmehljdkfkojcoefcddinjl] - C:/Program Files (x86)/Yaimo/yaimo.crx [2014-03-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-26] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-16 10:25 - 2014-05-16 10:25 - 00019856 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-16 10:25 - 2014-05-16 10:25 - 00000000 ____D () C:\FRST
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-14 21:04 - 2014-05-14 21:04 - 02347384 _____ (ESET) C:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
2014-05-14 19:21 - 2014-05-14 19:21 - 02347384 _____ (ESET) C:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (1).exe
2014-05-14 18:27 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 18:24 - 2014-05-14 18:24 - 02347384 _____ (ESET) C:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu.exe
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 17:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla
2014-05-14 17:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-14 17:52 - 2014-02-09 21:01 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-14 17:52 - 2012-10-06 09:13 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-05-14 17:52 - 2010-12-19 01:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:59 - 2014-05-16 10:15 - 01131766 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-14 07:56 - 2014-05-15 22:24 - 00013070 _____ () C:\WINDOWS\PFRO.log
2014-05-14 07:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-14 07:41 - 2014-05-14 07:54 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:40 - 2014-05-14 07:40 - 00000111 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Virus, Spyware, Malware Removal.url
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-13 13:59 - 2014-05-14 18:22 - 00000833 _____ () C:\WINDOWS\setupact.log
2014-05-13 13:59 - 2014-05-13 13:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 04:27 - 2014-05-13 04:30 - 00000000 ____D () C:\cce_linux
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:39 - 2014-05-11 20:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-16 10:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-11 20:35 - 2014-05-11 20:45 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-10 22:13 - 2014-05-13 13:17 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:56 - 2014-05-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 21:56 - 2014-05-13 13:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 21:36 - 2014-05-10 21:42 - 00012572 _____ () C:\Users\Joyce McEachern\Downloads\hijackthis.log
2014-05-10 21:35 - 2014-05-10 21:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce McEachern\Downloads\HijackThis.exe
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-09 21:51 - 2014-05-09 21:59 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:05 - 2014-05-16 10:16 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2014-05-15 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-09 19:45 - 2014-02-25 15:30 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 19:32 - 2014-05-09 19:31 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 19:31 - 2014-05-09 19:32 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 18:37 - 2014-05-13 07:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 16:24 - 2014-04-29 10:01 - 23547904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-03 16:24 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-03 16:23 - 2014-04-09 08:00 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-03 16:23 - 2014-04-08 23:32 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-03 16:23 - 2014-04-08 23:31 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-03 16:23 - 2014-04-08 23:23 - 01705984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-03 16:23 - 2014-04-08 23:21 - 03408896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 12:26 - 2014-05-09 18:42 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-04-27 09:19 - 2014-05-09 18:31 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-05-09 21:23 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 22:01 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-26 22:00 - 2014-04-26 22:00 - 00002674 _____ () C:\WINDOWS\System32\Tasks\Price Meter Updater
2014-04-26 21:53 - 2014-05-09 19:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 21:50 - 2014-04-26 21:51 - 00003534 _____ () C:\WINDOWS\System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1
2014-04-21 12:08 - 2014-05-09 19:36 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 15:52 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-04-20 15:52 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-04-20 15:52 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-04-20 15:51 - 2014-04-20 15:52 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-16 10:25 - 2014-05-16 10:25 - 00019856 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-16 10:25 - 2014-05-16 10:25 - 00000000 ____D () C:\FRST
2014-05-16 10:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-16 10:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-16 10:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-16 10:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-16 10:21 - 2014-05-11 20:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-16 10:18 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-16 10:16 - 2014-05-09 20:05 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-16 10:15 - 2014-05-14 07:59 - 01131766 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 10:15 - 2014-02-10 09:14 - 00000000 __RDO () C:\Users\Joyce McEachern\SkyDrive
2014-05-16 10:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-16 10:15 - 2012-11-12 16:05 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 23:00 - 2014-05-09 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-15 22:50 - 2012-11-12 16:05 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 22:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-15 22:31 - 2012-11-12 16:04 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-976370131-2331909618-2087438408-1002
2014-05-15 22:24 - 2014-05-14 07:56 - 00013070 _____ () C:\WINDOWS\PFRO.log
2014-05-15 22:24 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-15 22:24 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-15 02:13 - 2013-08-04 21:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-14 21:04 - 2014-05-14 21:04 - 02347384 _____ (ESET) C:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
2014-05-14 19:21 - 2014-05-14 19:21 - 02347384 _____ (ESET) C:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (1).exe
2014-05-14 19:16 - 2013-08-13 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 19:14 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-14 19:14 - 2012-11-13 19:51 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 18:24 - 2014-05-14 18:24 - 02347384 _____ (ESET) C:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu.exe
2014-05-14 18:22 - 2014-05-13 13:59 - 00000833 _____ () C:\WINDOWS\setupact.log
2014-05-14 18:14 - 2013-08-04 21:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:08 - 2014-02-09 20:58 - 00000000 ____D () C:\Users\Joyce McEachern
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:54 - 2014-05-14 07:41 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:40 - 2014-05-14 07:40 - 00000111 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Virus, Spyware, Malware Removal.url
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-14 07:39 - 2013-02-07 21:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 13:59 - 2014-05-13 13:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 13:20 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-13 13:17 - 2014-05-10 22:13 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-13 13:17 - 2014-05-10 21:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-13 07:15 - 2014-02-10 13:23 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74C59E82-1FDD-4855-9DC9-C954424F52F1}
2014-05-13 07:09 - 2014-05-09 18:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 04:30 - 2014-05-13 04:27 - 00000000 ____D () C:\cce_linux
2014-05-11 20:58 - 2014-05-11 20:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:45 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-11 20:33 - 2012-10-06 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-05-11 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-10 22:13 - 2012-10-06 09:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 21:42 - 2014-05-10 21:36 - 00012572 _____ () C:\Users\Joyce McEachern\Downloads\hijackthis.log
2014-05-10 21:36 - 2012-11-12 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\VirtualStore
2014-05-10 21:35 - 2014-05-10 21:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce McEachern\Downloads\HijackThis.exe
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-05-09 21:59 - 2014-05-09 21:51 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:42 - 2012-10-06 08:48 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-05-09 21:23 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-05-09 21:11 - 2014-02-09 23:51 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:52 - 2014-02-09 20:53 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-09 20:19 - 2014-02-12 17:32 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2012-10-06 09:01 - 00000000 ____D () C:\Program Files\Lenovo
2014-05-09 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2014-05-09 19:55 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-05-09 19:48 - 2014-04-26 21:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-09 19:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-09 19:36 - 2014-04-21 12:08 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-05-09 19:32 - 2014-05-09 19:31 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 19:31 - 2014-05-09 19:32 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 18:58 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 18:42 - 2014-04-27 12:26 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 18:31 - 2014-04-27 09:19 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-29 10:01 - 2014-05-03 16:24 - 23547904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-29 08:48 - 2014-05-03 16:24 - 17384448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 22:00 - 2014-04-26 22:00 - 00002674 _____ () C:\WINDOWS\System32\Tasks\Price Meter Updater
2014-04-26 21:53 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-04-26 21:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-04-26 21:51 - 2014-04-26 21:50 - 00003534 _____ () C:\WINDOWS\System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1
2014-04-22 20:24 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-04-22 20:24 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-21 14:54 - 2012-11-13 19:14 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\vlc
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:56 - 2013-10-21 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-20 15:51 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 15:52 - 2013-06-24 17:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-14 19:11
 
==================== End Of Log ============================
 
And here is the Addition.txt file
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 at 2014-05-16 10:26:10
Running from C:\Users\Joyce McEachern\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Classic Shell (HKLM\...\{66E2237E-2E10-48A2-B8D3-2092B8BA8484}) (Version: 3.6.2 - IvoSoft)
Dolby Config (HKLM\...\DOLBY Config) (Version: 1.0.0.0 - Conexant Systems)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Game Downloader (HKLM-x32\...\Game Downloader) (Version: 3.9 - Dev-Fire)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{89D2FA50-6002-4AFB-8586-3E38B355E891}) (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.14.0 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Control Panel 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Rainbow Web 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005576}) (Version:  - Oberon Media)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
 
==================== Restore Points  =========================
 
11-05-2014 02:13:42 Cleaner (Spybot - Search & Destroy 2.3, administrator privileges
14-05-2014 13:31:46 OTL Restore Point - 2014-05-14 9:31:46 AM
16-05-2014 02:22:36 OTL Restore Point - 2014-05-15 10:22:35 PM
 
==================== Hosts content: ==========================
 
2013-08-22 09:25 - 2014-05-14 09:32 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {06444F70-9E5A-4AAC-9D4D-C6BA185D7B82} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0F9F84DE-3B2F-4810-8714-995582EA3073} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {122FE0E6-E2DB-45EA-9F7C-EFC12C7A31FD} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {19AA27C2-F03A-4D61-B682-348309469C93} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {203D31A3-5CA5-4CC5-A959-0A2CDB78983C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {207B3370-B0D2-4E46-B1AF-FA6B6E13CBE0} - System32\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21D708A3-8EC4-493D-B02A-D8BD7A2A32CB} - System32\Tasks\Price Meter Updater => C:\Users\JOYCEM~1\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {24D80345-9ECD-4409-A9F7-99E35D870263} - System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {2AA3DD4B-F844-4068-8D18-7AA1A54B395D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-26] (Synaptics Incorporated)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EA21046-9927-43DF-BC08-A025B972F9FF} - System32\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3DC79B56-B92B-44FA-BE6C-75AE2D3A9DB8} - System32\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {3E8F4085-D6CA-4A7F-B07E-202B3FFB5F84} - \pricemetertask No Task File <==== ATTENTION
Task: {494D5A27-62AE-4A10-9E3F-17306CC5B38F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72CC9FD8-61B9-4626-9417-E5A8D505B888} - \MySearchDial No Task File <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {835971C5-0970-4476-841B-C6CF94222373} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-09-17] ()
Task: {83A4B37F-9900-4D09-96A3-CE2D6738508F} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E3EC755-87C0-482B-9C1B-3EA13D08F5C0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {8F31C1F8-942C-4C06-A61F-94AB44C8C53C} - System32\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {90FCC687-C4BD-4EBE-BD52-6875327BB42D} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A42DE9A2-548B-4A19-8D5C-ADF62B659C3D} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-09-17] ()
Task: {BD66E6E8-5CFB-4909-A1EB-36B8D5907153} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C628CC56-8824-40DB-BE78-A1C13E0A3ADF} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {C998A2BC-DFEE-45EC-BFDE-298A14DFF3ED} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF00F654-63AB-4566-98CB-90E5E5B02CC5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E606C0F2-7731-45C3-B06E-62D620AD3054} - \LaunchApp No Task File <==== ATTENTION
Task: {E6C097A1-78C6-4FAF-8A5B-B02C71277727} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F086E2DC-72B3-4F24-8AD1-65CEA05F2B6C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FB039400-9BDE-4E45-850E-B2FD49A8A4FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {FB94E05D-2A0A-4485-A73B-56790F421D53} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-06 18:53 - 2012-09-06 18:53 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-12 23:18 - 2014-04-12 23:18 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-06 08:39 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Joyce McEachern\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2014 10:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/16/2014 10:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/16/2014 10:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/15/2014 02:27:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/14/2014 09:04:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/14/2014 09:04:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/14/2014 09:04:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/14/2014 09:04:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/14/2014 07:29:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/14/2014 07:22:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (05/15/2014 10:26:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (05/15/2014 10:26:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (05/15/2014 10:24:21 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{89ef2867-0c5e-405c-a2b8-8e971689d89e} encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (05/15/2014 10:22:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Classic Shell Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/14/2014 06:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (05/14/2014 06:24:36 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (05/14/2014 06:21:44 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{89ef2867-0c5e-405c-a2b8-8e971689d89e} encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (05/14/2014 06:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (05/14/2014 06:05:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (05/14/2014 06:02:24 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{89ef2867-0c5e-405c-a2b8-8e971689d89e} encountered a non-retryable error and could not start.  The data contains the error code.
 
 
Microsoft Office Sessions:
=========================
Error: (05/16/2014 10:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (05/16/2014 10:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu.exe
 
Error: (05/16/2014 10:24:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (05/15/2014 02:27:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/14/2014 09:04:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (05/14/2014 09:04:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (05/14/2014 09:04:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (05/14/2014 09:04:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (05/14/2014 07:29:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/14/2014 07:22:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joyce McEachern\Downloads\esetsmartinstaller_enu (1).exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-10 21:35:03.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.321
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.174
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:03.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:02.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-10 21:35:02.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 8057.77 MB
Available physical RAM: 6314.51 MB
Total Pagefile: 9337.77 MB
Available Pagefile: 7634.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:650.96 GB) (Free:614.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 5FBA8F93)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Thanks again,
 
Jim
 

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Please uninstall this program if found from your uninstall list.
SupraSavings

Next

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad. Make sure you get it all.
 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jgapnhijgmmehljdkfkojcoefcddinjl] - C:/Program Files (x86)/Yaimo/yaimo.crx [2014-03-29]
CHR Extension: (Yaimo extension) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl [2014-05-16]
2014-04-26 22:00 - 2014-04-26 22:00 - 00002674 _____ () C:\WINDOWS\System32\Tasks\Price Meter Updater
2014-04-26 21:50 - 2014-04-26 21:51 - 00003534 _____ () C:\WINDOWS\System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1
Task: {06444F70-9E5A-4AAC-9D4D-C6BA185D7B82} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {122FE0E6-E2DB-45EA-9F7C-EFC12C7A31FD} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {21D708A3-8EC4-493D-B02A-D8BD7A2A32CB} - System32\Tasks\Price Meter Updater => C:\Users\JOYCEM~1\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {24D80345-9ECD-4409-A9F7-99E35D870263} - System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {3E8F4085-D6CA-4A7F-B07E-202B3FFB5F84} - \pricemetertask No Task File <==== ATTENTION
Task: {72CC9FD8-61B9-4626-9417-E5A8D505B888} - \MySearchDial No Task File <==== ATTENTION
Task: {83A4B37F-9900-4D09-96A3-CE2D6738508F} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {90FCC687-C4BD-4EBE-BD52-6875327BB42D} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {C998A2BC-DFEE-45EC-BFDE-298A14DFF3ED} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {E606C0F2-7731-45C3-B06E-62D620AD3054} - \LaunchApp No Task File <==== ATTENTION
Task: {E6C097A1-78C6-4FAF-8A5B-B02C71277727} - \APSnotifierPP1 No Task File <==== ATTENTION
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Thanks.
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP