Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware making computer "run" all the time? [Closed]

Started by pharmchick99 , Oct 06 2014 08:38 PM

This topic is locked

#1
pharmchick99

Posted 06 October 2014 - 08:38 PM

Member

Member
12 posts

My computer sounds like the hard drive is spinning all the time, even when no programs are opened. I posted a topic earlier on a Windows Forum. The link to the thread is below:

http://www.geekstogo...g/#entry2443531

I followed the directions in the thread to use the self-help tools and haven't been able to figure out the problem yet.

I realized that I had a virus on my computer a few months ago while using McAfee as my security program. I didn't have the time to figure out the problem myself, so I took my laptop to a local tech guy. He said that McAfee was crap and supposedly cleaned my system. He also downloaded Avast and Malware Bytes on my system. When I got the computer home, it was quickly obvious that the computer still had the virus. Each time I scanned my computer, I got a message stating that all files couldn't be scanned because they were password protected.

Next, I assumed that something that someone in my family had downloaded must have infected my system. I uninstalled every program that didn't look like it came on the laptop when I purchased it. I assume that I have removed something that was associated with a media player because I get an error message each time I turn on my laptop. The error is a box that pops up and reads (See attachment):

RegSvr32

The module

"C:\Users\April\AppData\Local\Realtek\res2.dll" failed

to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent.DLL files.

The specified module could not be found.

I cannot do anything on the computer until I either exit off of the box or click "OK."

According to the thread for the topic that I posted on the Windows forum, I could possibly have 2 different media players that were conflicting with each other, I uninstalled the Nvidea.

When I ran the OTL program, I received the following info:

OTL logfile created on: 10/7/2014 10:57:03 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\April\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17280)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 64.33% Memory free

11.48 Gb Paging File | 9.13 Gb Available in Paging File | 79.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 89.56 Gb Free Space | 19.85% Space Free | Partition Type: NTFS

Computer Name: APRIL-PC | User Name: April | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/07 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\April\Downloads\OTL (1).exe

PRC - [2014/09/22 23:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/09/15 01:15:31 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\April\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/09/05 04:46:18 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe

PRC - [2014/09/05 04:45:56 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/08/08 00:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2014/08/04 20:03:24 | 001,080,104 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

PRC - [2014/07/31 12:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2010/08/19 19:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2010/06/30 18:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/06/30 18:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/06/27 03:47:26 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe

PRC - [2010/06/27 00:03:40 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

========== Modules (No Company Name) ==========

MOD - [2014/09/22 23:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll

MOD - [2014/09/22 23:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll

MOD - [2014/09/22 23:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll

MOD - [2014/09/22 23:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll

MOD - [2014/09/22 23:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

MOD - [2014/09/12 10:07:59 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\af8fbf8264223a599b742984ceeb2b35\System.Core.ni.dll

MOD - [2014/09/12 09:53:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f4292d91bd7d00b9a67d2ce630c665f3\PresentationFramework.Aero.ni.dll

MOD - [2014/09/12 09:53:17 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5dfbb403257456f8ac25042ba9fdc5cc\System.Web.Services.ni.dll

MOD - [2014/09/12 09:52:54 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4b6559c37c2745b865dad63c6d17ae4e\PresentationFramework.ni.dll

MOD - [2014/09/12 09:52:40 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll

MOD - [2014/09/12 09:52:34 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll

MOD - [2014/09/12 09:52:29 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll

MOD - [2014/09/12 09:52:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll

MOD - [2014/09/12 09:52:24 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b257f78ec0ec4e36de8ef43ab38ca0ad\PresentationCore.ni.dll

MOD - [2014/09/12 09:52:14 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll

MOD - [2014/09/12 09:52:11 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll

MOD - [2014/09/12 09:52:06 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll

MOD - [2014/09/05 04:45:56 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2014/09/05 04:45:56 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2010/02/09 14:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2010/02/09 14:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2010/02/09 14:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2010/02/09 14:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2010/02/09 14:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/05 04:45:56 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/05/20 07:07:02 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)

SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/01/04 00:14:37 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/06/30 18:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/06/30 18:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)

SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2014/09/05 04:46:13 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2014/09/05 04:45:58 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2014/09/05 04:45:58 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/09/05 04:45:58 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)

DRV:64bit: - [2014/09/05 04:45:58 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/09/05 04:45:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/09/05 04:45:58 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2014/09/05 04:45:57 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2013/07/25 13:32:08 | 000,086,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)

DRV:64bit: - [2013/07/25 13:32:08 | 000,079,592 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/11 12:46:46 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2010/07/28 01:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/07/14 23:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/07/12 05:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)

DRV:64bit: - [2010/06/20 13:45:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/05/30 23:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2010/03/03 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/26 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/09/17 04:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)

DRV:64bit: - [2009/09/16 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2014/05/22 09:30:43 | 000,075,048 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{07B9A43C-BC14-46E4-B280-2834C102D44C}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {944A879E-667F-4354-AF50-37EF7610029D}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{EB382ADA-8D58-4157-BFF5-ADD764429277}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]

IE - HKCU\..\URLSearchHook: - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02

IE - HKCU\..\SearchScopes\{15D811D6-979A-4DA0-9B21-A6E02AEABAEF}: "URL" = http://mysearch.swee...}&barid=&&st=23

IE - HKCU\..\SearchScopes\{1B0AEC5F-9979-4A64-8A2F-8014547A8D26}: "URL" = http://mysearch.swee...}&barid=&&st=23

IE - HKCU\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://mysearch.swee...}&barid=&&st=23

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes\{7A6F32AA-220D-4305-AF74-8D2113620567}: "URL" = http://search.yahoo....0627,6901,0,8,0

IE - HKCU\..\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}: "URL" = http://mysearch.swee...}&barid=&&st=23

IE - HKCU\..\SearchScopes\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8}: "URL" = http://mysearch.swee...}&barid=&&st=23

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\April\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\April\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/05 04:45:59 | 000,000,000 | ---D | M]

[2014/09/05 03:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: https://www.yahoo.co...ast&type=odc089

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhfmfognpljllafogopofkmjfhhjblo\1.0.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\afabkaienfhalholeaoibefiheojfdcm\3.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhbpeakeokbjgjhhddnhjfiphdfjjpc\3_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\anlcigghcnbogoebgajihnonnocgjgfa\2.0.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\anlobanlkdnegecgkgijbcejeaepeaob\1.2.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\baocjgbppdpelkefhfhblacenjhhmlmf\1.0.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjdhoikaocagmajhfbdioipfcbblleg\1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigbpmgpdffelbefknlmefjiejgoinao\1.3_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmkagpegbacdkfenpgimgihkcplmpdh\2.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.5_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\celkoncipomnbmcomjieepceifpcdgdl\1.0.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenghabdbpdbpgjjamkandgggaaiocbo\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpekglfbhgbgcfpoeecclfmckaephpo\1.35.3_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cllcnemhlcbajfagpgedoiifogemaimb\1.0.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbhnhkcpckbooiojiahhhfkkoadmmdk\1.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppbfngcbekaamdgacjndfkfpmnlhhmg\1.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkomfhgndbomdobjkgbfoianchcpfna\2.3.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogjmpnidphhakaoihnpkmkhmjmnpbdd\1.4_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogjmpnidphhakaoihnpkmkhmjmnpbdd\1.4_0\.bak

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\10_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo\4_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\fneoglghbpnjpipdbicpbmpngemkbime\2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\fneoglghbpnjpipdbicpbmpngemkbime\2_0\~

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak\1.0.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkdepceckdgeompmjjnbecidjboapcg\2.10_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkenkiidlghkpkihaiojpjnngfocahn\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb\1.24.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb\1.31.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmglmmbnahpmbdbphglbdfdecmmhkadb\1.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnieofmjopiiifehpejcgcpailcndege\1.2.2.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc\1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbhkjoamnfmpcilggihmfeebhienpea\1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg\2.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp\2.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\2.1.2.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnahkbhdamhjhpnakhggojbakdfbglh\1.1.31_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ionbnbmkaobmefcojpaalfddgieokcaf\1.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\jacpoliedopniegkhphlcjhkomkohdmm\1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfffneapblebcpnkjdocjgopbajigool\1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfkpejkiedieehgdecgcjbmcbpihimmb\0.0.54_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdjbhifhppglclhnmmnlfloepnolbkn\19.6_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kobijcjpajndolfoddpbjnkajbnlefio\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\laocjholfblfpcfajbhbomlinnbcefnl\1.1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko\4_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfefgnmdjdjnfpmillekddcnfnpijbdl\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.404_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmgkpnbfgimlalkolndeccanfnbpogcd\2.5.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpibnckjjeaabeepofhfmmpjmnomohee\2.5_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdikaneanenadjffcegmfkiflaanopm\1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin\3.5_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdlfmoglbdpomddljgapccmlognoaf\1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjlbfglfefcmkmglakdocbgnggeieno\0.0.0.7_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.9_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnedjlhmnhcgkgmofmdjihehakldembh\0.0.0.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocgpjcogkajdhiabjjnobcacnmdagfn\1.0.1.12_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkcbihjelakpbponjhpmkkmopghnpip\1.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmligjdignkpnaafpmjlabndeipgegcg\1.2_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkljogjenmmlkhkndneimnepljcfcao\2.0.6_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\omimkinlomnncbmnceacpkmlbfaapojj\1.2.10_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgehpfcdacccdblfioiflklnhcgppia\1.1_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpbdnchfplfpdjbckgbmpnddnjdijjk\1.0.0.4_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak

CHR - Extension: No name found = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/30 17:01:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Standby] C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)

O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)

O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKCU..\Run: [DellSystemDetect] C:\Users\April\AppData\Local\Apps\2.0\OTA46VN9.84N\B9OEE171.RJJ\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe (Dell)

O4 - HKCU..\Run: [GoogleChromeAutoLaunch_C7218881A817A82C927DBD8589D6F0B1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKCU..\Run: [Realtek Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\April\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)

O4 - Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Reg Error: Key error.)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34ABED37-ABD4-4D09-8FA2-C517CDEF2B83}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3623E06F-350F-4303-895A-B3D744829DD9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47BD5BFC-AA2F-4900-AC23-B77667783B4A}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AD4F750-F729-431B-A896-E8E4A2E20563}: DhcpNameServer = 198.224.178.135 198.224.181.135

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AD4F750-F729-431B-A896-E8E4A2E20563}: NameServer = 198.224.178.135,198.224.181.135

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C935CA02-23D0-4727-A3BB-F1D79B97DA15}: DhcpNameServer = 192.168.254.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (bootdelete)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/07 03:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

[2014/10/07 03:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy

[2014/10/05 02:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2014/10/05 01:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/10/05 01:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/10/05 01:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/10/05 01:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2014/10/05 01:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2 C:\Users\April\Documents\*.tmp files -> C:\Users\April\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/10/07 10:48:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/10/07 10:41:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/10/07 09:17:23 | 000,786,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/10/07 09:17:23 | 000,665,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/10/07 09:17:23 | 000,123,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/10/07 07:05:22 | 000,015,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/10/07 07:05:22 | 000,015,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/10/07 06:57:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/10/07 06:56:16 | 326,397,951 | -HS- | M] () -- C:\hiberfil.sys

[2014/10/07 03:18:40 | 000,059,392 | ---- | M] () -- C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/10/07 03:16:32 | 000,003,766 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

[2014/10/07 03:05:10 | 000,019,959 | ---- | M] () -- C:\Users\April\Documents\APRIL-PC.speccy

[2014/10/06 22:57:33 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/10/05 01:58:20 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/10/01 22:55:24 | 883,582,336 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2014/09/25 09:53:05 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/09/24 10:39:05 | 000,001,263 | ---- | M] () -- C:\Users\April\AppData\Local\recently-used.xbel

[2014/09/24 10:21:07 | 000,000,362 | ---- | M] () -- C:\Users\April\Desktop\Local Disk (E) - Shortcut.lnk

[2014/09/17 09:49:34 | 000,002,285 | ---- | M] () -- C:\Users\April\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/09/15 01:17:32 | 000,002,390 | ---- | M] () -- C:\Users\April\Desktop\April - Chrome.lnk

[2014/09/15 01:15:51 | 000,002,289 | ---- | M] () -- C:\Users\April\Desktop\First user - Chrome.lnk

[2014/09/12 03:04:25 | 000,779,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2 C:\Users\April\Documents\*.tmp files -> C:\Users\April\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/10/07 03:05:10 | 000,019,959 | ---- | C] () -- C:\Users\April\Documents\APRIL-PC.speccy

[2014/10/05 01:58:20 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/09/24 10:39:05 | 000,001,263 | ---- | C] () -- C:\Users\April\AppData\Local\recently-used.xbel

[2014/09/24 10:21:07 | 000,000,362 | ---- | C] () -- C:\Users\April\Desktop\Local Disk (E) - Shortcut.lnk

[2013/12/18 21:20:00 | 000,049,212 | ---- | C] () -- C:\Users\April\New document 2.2013_12_18_21_20_00.0.svg

[2013/12/18 21:20:00 | 000,001,364 | ---- | C] () -- C:\Users\April\New document 1.2013_12_18_21_20_00.1.svg

[2013/10/30 16:42:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/10/30 16:42:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/10/30 16:42:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/10/30 16:42:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/10/30 16:42:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/05/09 20:31:47 | 000,028,233 | ---- | C] () -- C:\Users\April\teacher appreciation.svg

[2012/12/01 11:40:45 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat

[2012/12/01 11:40:45 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat

[2012/10/13 07:04:27 | 000,975,360 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012/10/13 07:04:27 | 000,200,192 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012/02/04 22:13:09 | 000,000,024 | ---- | C] () -- C:\Users\April\random.dat

[2012/02/04 22:13:08 | 000,000,044 | ---- | C] () -- C:\Users\April\jagex_cl_runescape_LIVE.dat

[2012/01/06 17:33:04 | 000,000,000 | ---- | C] () -- C:\Users\April\AppData\Local\{5803002D-D476-42BC-8B5C-A525BF6FDA31}

[2011/01/25 19:54:59 | 000,000,008 | RHS- | C] () -- C:\ProgramData\08CEA296CF.sys

[2011/01/24 10:49:11 | 000,059,392 | ---- | C] () -- C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/24 10:48:53 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{5b51cb62-908d-be00-c32a-623c87aba4a2}\L

[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{5b51cb62-908d-be00-c32a-623c87aba4a2}\U

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/16 19:12:40 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\8BA66

[2012/02/17 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\A4A8B

[2014/09/05 04:47:29 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\AVAST Software

[2012/05/29 17:38:10 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Avery

[2012/07/08 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Babylon

[2011/01/23 23:50:35 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Canon

[2011/01/28 10:05:49 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Catalina Marketing Corp

[2014/08/19 18:54:34 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Dropbox

[2014/08/19 18:54:34 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\DropboxMaster

[2011/01/13 18:56:11 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Epson

[2013/05/09 15:49:29 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\inkscape

[2011/01/25 18:53:11 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\PCDr

[2014/09/30 00:44:13 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Spotify

[2011/01/08 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Template

[2011/02/10 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Ulead Systems

[2012/08/14 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

While perusing some of the files on my computer, I see some stuff that makes me wonder... My son downloaded a Star Wars game on my laptop and played it often. My computer didn't seem to have a problem until after the program was installed. My computer was not purchased for gaming, and probably doesn't have the capacity to act as such. The tech in the other forum mentioned that my hard drive space is almost depleted. I basically only use my system for music, pictures, and documents. Could the Star Wars game have my hard drive filled to capacity? Is there a way to delete the data that it is using? I have uninstalled the game already, but it looks like there are remnants throughout my documents.

I attached a couple of pictures of the items that I thought could be related to Star Wars.

The Speccy scan is as follows:

http://speccy.pirifo...0FnoPPp5KA0Urxh

I think I have included everything. Thanks in advance for any help that you can offer!

Attached Thumbnails

Edited by pharmchick99, 07 October 2014 - 10:12 AM.

#2
23red

Posted 10 October 2014 - 10:03 AM

Trusted Helper

Malware Removal
1,797 posts

Hi pharmchick99

I'm 23red, and it'll be my pleasure to assist you with your problem. Apologies for the delay ~ it's been busy of late

I am currently reviewing your log. In the meantime, I'd be grateful if you would note the following:

• Please make sure to carefully read every post completely before doing anything.

• If you're not sure, or if something unexpected happens do not continue! Stop and ask! It is not a problem.

• Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Please stick with me until all malware is gone from your system. Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

• Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts. I do my best to respond as quick as I can. I, like everyone else here am also a volunteer and sometimes life keeps me busy

• Thank you for your understanding and I appreciate your patience.

Please allow some time to go through the log you posted. I'll post back as soon as possible.

Thank you

#3
23red

Posted 12 October 2014 - 06:18 PM

Trusted Helper

Malware Removal
1,797 posts

Hi pharmchick99

There are some nasties in your browser that need to be removed and some other infection remnants.

Before we proceed with the cleaning:

First
This line here:

O4 - HKCU..\Run: [GoogleChromeAutoLaunch_C7218881A817A82C927DBD8589D6F0B1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Allows Google Chrome applications to run in the background when Chrome is closed.
To disable this feature, open Chrome, go into the settings, then Advanced Settings, and remove the checkmark in Continue running background apps when Google Chrome is closed.

Please let me know if you need further assistance with this.

Second

There really should not be any website in the Trusted Zone of Internet Explorer. The reason being the default security settings in the Trusted Zone are set too low, which makes it unsafe. Plus it should not be necessary for any remote server to have that level of access. Plenty of good and reputable sites get hacked to host malware; advertising networks are renowned for serving malware which can appear on any site. The best policy is to remove anything from the Trusted Zone unless it's absolutely required in order for the site to work and you trust that site implicitly.
Those I will remove also for the reasons stated

There are also remnants from an old zero access infection in the log I will remove. Were you aware you had a zero access infection at one time?

We'll get you cleaned up best as we can All this cleaning needs to be completely done to get everything out. Another half fix won't do a lot of good, ok?
There is a fair amount of infection remnants here.

Please stay with me until it's all cleaned out. Your computer will be much happier

Let's get started:

Step 1

OTL Fix

Please right click on on your Desktop, choose Run as Administrator, accept UAC prompts.

Under
in the textbox at the bottom, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKCU\..\SearchScopes\{15D811D6-979A-4DA0-9B21-A6E02AEABAEF}: "URL" = http://mysearch.swee...}&barid=&&st=23
IE - HKCU\..\SearchScopes\{1B0AEC5F-9979-4A64-8A2F-8014547A8D26}: "URL" = http://mysearch.swee...}&barid=&&st=23
IE - HKCU\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://mysearch.swee...}&barid=&&st=23
IE - HKCU\..\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}: "URL" = http://mysearch.swee...}&barid=&&st=23
IE - HKCU\..\SearchScopes\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8}: "URL" = http://mysearch.swee...}&barid=&&st=23
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
[2011/01/24 10:48:53 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/25 19:54:59 | 000,000,008 | RHS- | C] () -- C:\ProgramData\08CEA296CF.sys
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\AppData\Local\{5b51cb62-908d-be00-c32a-623c87aba4a2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{5b51cb62-908d-be00-c32a-623c87aba4a2}\U
[2011/11/16 19:12:40 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\8BA66
[2012/02/17 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\A4A8B
[2012/07/08 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Babylon
:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c
:Commands
[EmptyTemp]

• Push the button.

• OTL may ask to reboot the machine. Please do so if asked.

• A massage box will pop-up.

• Click the OK button and a report will open.

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

• Copy and Paste that report in your next reply, please

Step 2
Junkware Removal Tool

• Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.

• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

• The tool will open and start scanning your system.

• Please be patient as this can take a while to complete depending on your system's specifications.

• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

• Post the contents of JRT.txt into your next post.

Step 3
ADWCleaner

1. Please download AdwCleaner from this link to your Desktop.

• If it happens to save to another location, right click the ADWCleaner icon and select Cut then right click on Desktop and select Paste.

2. Right click on your Desktop, choose Run as Administrator.

3. Accept UAC prompt.

4. Accept AdwCleaner's Terms of Use. And the AdwCleaner window opens:

5. Click on the <~ Scan button and wait for the scan to finish.

6. After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove. Please check to be sure no good items accidentally got picked up.

7. Once that is complete, click the <~ Clean button

8. Once it has finished Cleaning, click the <~ Report button to get the log.

9. Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.

Step 4
Fresh OTL Scan

• Please right click on Run as Administrator, accept UAC prompts.

• Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• And under Extra Registry check also the radio dial by Use Safelist

•Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.

•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

•Please copy (Edit ~> Select All, Edit ~> Copy) both the two logs it produces in your next reply. One will be open, extras.txt will be minimized on the taskbar.

Step 5
Post!

When you return, please post:

1. OTL fix log
2. JRT.txt
3. ADWCleaner text
4. OTL fresh scans

Thank you

#4
23red

Posted 16 October 2014 - 08:00 PM

Trusted Helper

Malware Removal
1,797 posts

Hi pharmchick99

Do you still require help?

#5
Dakeyras

Posted 17 October 2014 - 05:07 AM

Anti-Malware Mammoth

Expert
9,772 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#6
Dakeyras

Posted 19 October 2014 - 02:37 AM

Anti-Malware Mammoth

Expert
9,772 posts

Topic re-opened per OP's request...

#7
pharmchick99

Posted 19 October 2014 - 08:20 AM

Member

Topic Starter
Member
12 posts

OTL Fix Log #1

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15D811D6-979A-4DA0-9B21-A6E02AEABAEF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D811D6-979A-4DA0-9B21-A6E02AEABAEF}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B0AEC5F-9979-4A64-8A2F-8014547A8D26}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B0AEC5F-9979-4A64-8A2F-8014547A8D26}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.

C:\ProgramData\KGyGaAvL.sys moved successfully.

C:\ProgramData\08CEA296CF.sys moved successfully.

Folder C:\Windows\SysWOW64\config\AppData\Local\{5b51cb62-908d-be00-c32a-623c87aba4a2}\L\ not found.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{5b51cb62-908d-be00-c32a-623c87aba4a2}\U folder moved successfully.

C:\Users\April\AppData\Roaming\8BA66 folder moved successfully.

C:\Users\April\AppData\Roaming\A4A8B folder moved successfully.

C:\Users\April\AppData\Roaming\Babylon folder moved successfully.

========== FILES ==========

< netsh advfirewall reset /c >

Ok.

C:\Users\April\Downloads\cmd.bat deleted successfully.

C:\Users\April\Downloads\cmd.txt deleted successfully.

< netsh advfirewall set allprofiles state on /c >

Ok.

C:\Users\April\Downloads\cmd.bat deleted successfully.

C:\Users\April\Downloads\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\April\Downloads\cmd.bat deleted successfully.

C:\Users\April\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: April

->Temp folder emptied: 3314509398 bytes

->Temporary Internet Files folder emptied: 973321428 bytes

->Java cache emptied: 3107729 bytes

->Google Chrome cache emptied: 94207310 bytes

->Apple Safari cache emptied: 36864 bytes

->Flash cache emptied: 43180 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: hedev

->Temp folder emptied: 0 bytes

User: John

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Sara Kay

->Temp folder emptied: 13378450 bytes

->Temporary Internet Files folder emptied: 3778586 bytes

->Java cache emptied: 1 bytes

->Google Chrome cache emptied: 35235105 bytes

->Flash cache emptied: 66093 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 531307250 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 90403071 bytes

RecycleBin emptied: 325122996 bytes

Total Files Cleaned = 5,135.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10192014_123149

Files\Folders moved on Reboot...

File\Folder C:\Users\April\AppData\Local\Temp\OICE_8EECAE7F-6794-431B-A97A-8A43A6881893.0\7DCF32A9. not found!

C:\Users\April\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

File\Folder C:\Windows\temp\TMP000000019F7DA0CE1B6EC46F not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

JRT.text

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.14.2014:1)

OS: Windows 7 Home Premium x64

Ran by April on Sun 10/19/2014 at 12:46:32.41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3310511

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS

~~~ Files

Successfully deleted: [File] "C:\Users\April\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"

Successfully deleted: [File] "C:\Users\April\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\April\appdata\locallow\skwconfig.bin"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\conduit"

Successfully deleted: [Folder] "C:\Users\April\appdata\local\babylon"

Successfully deleted: [Folder] "C:\Users\April\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\April\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\April\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Folder] "C:\Program Files (x86)\lucky leap"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{03E884D3-13BE-470D-8A5B-D3125B07D64B}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{09EB2FC7-443F-4E69-8B4E-817F7CC22CF8}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{0B31D1C0-207F-4EF0-B227-36B4C559FD2F}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{0BAE2A33-0472-4796-8FD1-CF633E0E2B75}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{0ECFC4A9-988D-4602-948D-E0775F37A8B0}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{176BBFDF-A8A1-4A50-B2BE-FC29DE3A130F}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{231D07BB-49F9-4BFF-9DC9-3B85ABB63134}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{287629DC-FD4C-4677-90FE-597FAC7DFD5C}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{35E40038-16A1-4DE8-8768-00F5AC096A4B}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{4179AD19-EA4B-46C3-843C-3ED0C2157D16}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{43277C2D-C378-4D8B-8991-3A7922152ED4}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{49E60271-33BB-4372-9E47-CA82BDB35671}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{53FCB275-0B4B-4990-9DE9-C7CA7A5023C8}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{5E3C5827-870F-4333-9AAB-0A40A07D1B3F}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{6BEE9AEE-423F-4B31-9220-4F24F6172D65}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{7878C752-D36C-4609-848F-B0D6E39B9EF4}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{79B88BD0-21D5-4BC0-8A2F-761A99220127}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{7C14D508-3797-4423-A8D8-1192CF27FB30}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{84E1472C-7355-4C43-AC74-31F0C40FD848}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{86449E7C-4539-48BF-89E2-8DF9737C163A}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{87B06730-0203-4761-A0B0-9ABBA10D9FD1}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{886C80F8-5CE9-45B2-8490-E4074799F26A}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{8B6B6D51-D0D1-4A9A-AA68-3F9BB38E1B18}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{902260D2-91E5-406D-81C5-FA56F85510E8}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{9BB4C5F5-4C0D-496E-BA59-DC2492FDBEC7}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{9EED10DB-BCB7-4D86-91B2-6C6429FA91B7}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{A2893E02-DDA1-439E-9372-81C163F7CE8A}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{B1E91B8F-FC4D-4A9C-A3BC-BD7207CF15A0}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{B56D643B-77B9-48B3-A547-3494928853F2}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{BC7C136A-ECD2-4DD7-BEFC-98155780CDBB}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{C07CF714-3B86-4978-BCF1-F997BC8B90D0}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{C4090F45-4C75-4DE2-B94D-D79D22BFB2EC}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{D7F52E7E-F3E3-43C6-A599-15AC821DF945}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{DECAEE19-5AA0-43D9-913C-8D87D275AB89}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{E1D31496-7785-4B10-8479-46DFD0623276}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{E31FCF56-DD00-4C05-96AA-2EB63A370BFD}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{EAEA2D48-2361-4CD9-BB98-76FF6109F24A}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{EE954003-F749-439C-85A1-C3761BFC9C16}

Successfully deleted: [Empty Folder] C:\Users\April\appdata\local\{F831575F-FCA5-4951-82B2-87C24BEB32D9}

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 10/19/2014 at 12:51:23.92

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWCleaner.text

# AdwCleaner v4.000 - Report created 19/10/2014 at 12:56:37

# DB v2014-10-17.9

# Updated 12/10/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : April - APRIL-PC

# Running from : C:\Users\April\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\003

Folder Deleted : C:\Users\April\AppData\Local\NativeMessaging

Folder Deleted : C:\SearchProtect

Folder Deleted : C:\Users\Sara Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop

Folder Deleted : C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko

Folder Deleted : C:\Users\Sara Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko

[!] Folder Deleted : C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko

[!] Folder Deleted : C:\Users\Sara Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko

File Deleted : C:\END

File Deleted : C:\Users\Sara Kay\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v37.0.2062.124

*************************

AdwCleaner[R0].txt - [3766 octets] - [19/10/2014 12:53:25]

AdwCleaner[S0].txt - [3362 octets] - [19/10/2014 12:56:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3422 octets] ##########

OTL Fresh Scan

OTL Extras logfile created on: 10/19/2014 1:02:03 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\April\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17280)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 53.84% Memory free

11.48 Gb Paging File | 8.87 Gb Available in Paging File | 77.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 81.36 Gb Free Space | 18.04% Space Free | Partition Type: NTFS

Computer Name: APRIL-PC | User Name: April | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2718873096-1216990195-2704496593-1002\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1967A4F4-B280-48BF-B1AB-81BAF5B2C1F4}" = rport=2869 | protocol=6 | dir=out | app=system |

"{1C80BE59-5841-443F-9F83-BC6750C7B6E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{1EDBE2A7-1D89-490D-9F87-6B97C8737F9B}" = lport=138 | protocol=17 | dir=in | app=system |

"{3E98D46D-FE58-49B9-BEDB-66D0463B98E3}" = rport=445 | protocol=6 | dir=out | app=system |

"{54413643-AC05-4A02-8B07-E539B63E8536}" = lport=137 | protocol=17 | dir=in | app=system |

"{586933B1-97A6-4013-8890-68BFE7EFD57A}" = lport=445 | protocol=6 | dir=in | app=system |

"{5C5251AC-4968-415E-88DC-69396600068B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6CF47728-91C4-4A8F-8237-3D2F5B1527AD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{85563A3E-32F9-4E1E-9A01-F9552F881575}" = rport=139 | protocol=6 | dir=out | app=system |

"{86936920-50B1-4193-BEF7-85EEB3B12508}" = rport=138 | protocol=17 | dir=out | app=system |

"{95FFB790-7927-42DF-8E34-0694611B595F}" = lport=139 | protocol=6 | dir=in | app=system |

"{A557CD17-C129-49EC-BEAB-28B6BB190BB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B751BBB1-B34B-48C2-98D4-D5A153D3AD15}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BF3660DD-99C2-4D2E-9A4C-5627900E09D4}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{CFAB87BB-3AD5-4842-A3D0-EA880FBB6B9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D60A78CC-1DEA-4536-AF89-68FCE874488E}" = rport=137 | protocol=17 | dir=out | app=system |

"{D60D023B-1E48-4A3A-90A8-1AA4696E1E13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F3E6EE6E-37AC-42D8-B7EA-22F6349FEA8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{F4FC2557-A13F-42ED-A1AA-9A42C4B472C6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{F6586329-C536-45A8-A2F8-84689B0C8531}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1DB403D5-43EF-4B58-931C-C3CA36C7E82B}" = protocol=58 | dir=in | [email protected],-28545 |

"{26FC6F08-3882-4F6B-B1B4-05596C17A4D8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{2D5C3061-39CD-4A55-ADAC-5A9A3865B1A3}" = protocol=1 | dir=in | [email protected],-28543 |

"{7CAE8951-2572-47E7-8781-034FEDF0CADE}" = protocol=58 | dir=out | [email protected],-28546 |

"{85C5DBCE-01D4-437F-A4C0-B4A45D2254C8}" = protocol=1 | dir=out | [email protected],-28544 |

"{C6817FBC-AF6A-4A9E-9017-41E63EA7655F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F5D34258-316F-44C3-94AB-952275094317}" = protocol=58 | dir=in | [email protected],-148 |

"TCP Query User{F9CBC7CB-41C8-4206-AC4B-1034D9B12B85}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{79DBDA39-DC23-4618-A354-DF07948C69F0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel® PROSet/Wireless WiFi Software

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{DFFE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes

"9E24492CE9279512BD465F61DB8523641BB7BBFC" = Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28)

"E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD" = Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28)

"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall

"ProInst" = Intel PROSet Wireless

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4

"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3

"_{DFAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Project Creator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 71

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.12)

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3

"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup

"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent

"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL

"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW

"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM

"{DF4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro

"{DF4ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share

"{DF612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup

"{DF75FFEE-2FCE-4774-902A-749198C00A68}" = PureHD

"{DF99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_PRJ

"{DFAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA

"{DFBCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO

"{DFC02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD

"{DFC4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO

"{DFD99A66-493F-468B-BCE1-6F88612B89D5}" = Contents

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"Adobe AIR" = Adobe AIR

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Avast" = avast! Free Antivirus

"BitRaider Web Client" = BitRaider Web Client

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Dell Dock" = Dell Dock

"Dell Webcam Central" = Dell Webcam Central

"DPP" = Canon Utilities Digital Photo Professional 3.8

"EOS Utility" = Canon Utilities EOS Utility

"EPSON Scanner" = EPSON Scan

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist 8.0.0.514

"Inkscape" = Inkscape 0.48.4

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PhotoStitch" = Canon Utilities PhotoStitch

"Picture Style Editor" = Canon Utilities Picture Style Editor

"Sure Cuts A Lot 2_is1" = Sure Cuts A Lot 2.038

"Sure Cuts A Lot 3 Pro_is1" = Sure Cuts A Lot Pro 3.053

"swtor_swtor" = Star Wars The Old Republic

"WFTK" = Canon Utilities WFT Utility

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

"Xvid_is1" = Xvid MPEG-4 Video Codec

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2718873096-1216990195-2704496593-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"9204f5692a8faf3b" = Dell System Detect

"Dropbox" = Dropbox

"f031ef6ac137efc5" = Dell Driver Download Manager

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/19/2014 1:59:12 PM | Computer Name = April-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ApplePhotoStreams.exe, version: 7.15.7.3,

time stamp: 0x53d97094 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,

time stamp: 0x53159a86 Exception code: 0xe06d7363 Fault offset: 0x0000c42d Faulting

process id: 0xfe0 Faulting application start time: 0x01cfebc64d3d9d09 Faulting application

path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

Faulting

module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: a15ccf21-57b9-11e4-9634-f04da2618140

[ Dell Events ]

Error - 8/30/2011 6:06:57 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/6/2011 7:06:24 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/6/2011 7:06:24 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/19/2011 9:02:17 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/19/2011 9:02:17 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/26/2011 9:30:51 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/26/2011 9:30:51 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/30/2011 12:04:30 AM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/30/2011 12:04:30 AM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/4/2011 1:01:57 PM | Computer Name = April-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ SendoriLogs Events ]

Error - 5/8/2014 12:31:19 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 5/8/2014 12:36:19 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 5/8/2014 12:41:19 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 5/8/2014 12:46:19 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 5/8/2014 12:51:19 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 5/8/2014 12:56:19 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 7/1/2014 4:39:11 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableCannot start service sndappv2 on computer '.'.

Error - 7/1/2014 9:27:32 PM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableCannot start service Application Sendori on computer '.'.

Error - 7/16/2014 3:39:51 AM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

Error - 7/16/2014 4:43:07 AM | Computer Name = April-PC | Source = SendoriLog | ID = 99

Description = On EnableObject reference not set to an instance of an object.

[ System Events ]

Error - 10/19/2014 1:56:40 PM | Computer Name = April-PC | Source = Service Control Manager | ID = 7034

Description = The Intel® Management & Security Application User Notification Service

service terminated unexpectedly. It has done this 1 time(s).

Error - 10/19/2014 1:56:40 PM | Computer Name = April-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

Error - 10/19/2014 1:56:41 PM | Computer Name = April-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 10/19/2014 1:57:03 PM | Computer Name = April-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Error - 10/19/2014 1:57:05 PM | Computer Name = April-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Error - 10/19/2014 1:57:05 PM | Computer Name = April-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Error - 10/19/2014 1:57:05 PM | Computer Name = April-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Error - 10/19/2014 1:58:40 PM | Computer Name = April-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 10/19/2014 1:58:59 PM | Computer Name = April-PC | Source = DCOM | ID = 10016

Description =

Error - 10/19/2014 1:59:10 PM | Computer Name = April-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

< End of report >

When I was looking for the OTL Scans to copy and paste here, there were 4 logs. I may have manually saved one or two, causing a duplication of each scan. I cannot really see a difference in the data printed in the first scan vs. the data printed in the second scan....but then again, I'm not really sure what I'm looking at anyway.

What's next?

By the way, thanks so much for your help thus far.

#8
23red

Posted 19 October 2014 - 10:55 AM

Trusted Helper

Malware Removal
1,797 posts

Hi pharmchick99

Welcome back and thank you for the logs! Good work! :thumbsup:

You've posted the OTL Extras.txt. I also need the OTL.txt log with the 10/19/2014 date.
It should be located in C:\Users\April\Downloads. While you are in there, please cut and paste the OTL program onto your Desktop.
OTL works much better from there

A couple of questions ~

You've uninstalled the game, do you want to remove the bitraider and Star Wars game/installer remnants found?

There was a good deal of Adware on the computer and removed, thus far. How is the computer running?

When you return please post:

OTL.txt Run 3
Answers to the above questions

Thank you

#9
pharmchick99

Posted 19 October 2014 - 03:32 PM

Member

Topic Starter
Member
12 posts

Is this the correct one?

OTL logfile created on: 10/19/2014 1:02:03 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\April\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17280)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 53.84% Memory free

11.48 Gb Paging File | 8.87 Gb Available in Paging File | 77.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 81.36 Gb Free Space | 18.04% Space Free | Partition Type: NTFS

Computer Name: APRIL-PC | User Name: April | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/07 06:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\April\Downloads\OTL.exe