Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Encrypted Files, blackmail letter [Solved]

Started by AuntieHolly , Oct 15 2014 02:06 PM

This topic is locked

#1
AuntieHolly

Posted 15 October 2014 - 02:06 PM

Member

Member
49 posts

I have a new computer running windows 7. I used the free office 365 program and when the trial was completed I decided to use Office Pro instead. I deleted Office 365 and started having all kinds of problems with files not being found, slow response, and not being able to connect to the internet. This also coincided with the completion of the free McAfee trial. I didn't want to pay for McAfee because I already have a Norton account. I had not downloaded Norton yet. I decided since I didn't have much on the computer that I would just restore the computer to its factory settings and start over. I saved the few files I needed onto a flash drive. I restored the computer to factory settings on the 11th of October. Internet worked fine. Adobe worked fine. I uninstalled Office 365 and downloaded Office Pro again. It worked fine.

Today I needed to print something and had to install my printer. After I installed the printer I was able to print the one file I had saved to the hard drive but when I went to print a file I had saved to the flash drive, a message came up that the file extensions were not compatible and to proceed with caution. Since the file was generated from me I opened the file only to find it was all encrypted. I thought perhaps this was because the file was originally an excel 97 file and I hadn't enabled compatibility view in Office Pro. I tried to open a photo from the flash drive and a message saying file not found came up. There was a text file on the flash drive that I thought came from installing the printer so I opened it. It read like a blackmail letter.

In essence: Where did all your files go? They were encrypted with a strong encryption and unless you go to these specific sites you will not get your files back. Yikes!!! I did not go to the sites. They had names like payforTOR. I closed the text and removed the flash drive. The one file on my hard drive seems to be ok but now I am worried. What happened? Is my computer infected? Is it safe to use. Will I ever be able to use that flash drive again? Will I be able to get my files from the flash drive back? Thanks for your help.

Holly

OTL logfile created on: 10/15/2014 12:19:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 12.52 Gb Available Physical Memory | 78.65% Memory free
31.84 Gb Paging File | 27.48 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.25 Gb Total Space | 856.39 Gb Free Space | 94.39% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/10/15 12:19:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Downloads\OTL.exe
PRC - [2014/10/15 11:34:43 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\yurdsutzwta.exe
PRC - [2013/12/09 15:27:38 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/12/09 15:27:36 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/07/29 17:25:00 | 000,286,056 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/07/29 17:24:58 | 000,014,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/06/20 12:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/09/23 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/07/13 18:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\regsvr32.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/15 11:34:43 | 008,537,928 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\pdf.dll
MOD - [2014/10/15 11:34:43 | 001,732,936 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/10/15 11:34:43 | 000,718,152 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libglesv2.dll
MOD - [2014/10/15 11:34:43 | 000,353,096 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/10/15 11:34:43 | 000,126,280 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libegl.dll
MOD - [2014/05/26 10:18:48 | 000,641,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\e492c172f08e8af816d5ceba961a1b17\System.Transactions.ni.dll
MOD - [2014/05/26 10:18:36 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d9f7232b71547ec2c985bbffbbff2a2b\System.Windows.Forms.ni.dll
MOD - [2014/05/26 10:18:33 | 001,631,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dadb15941ecb5c7ad0f4276e7aaed3c9\System.Drawing.ni.dll
MOD - [2014/05/26 10:18:32 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll
MOD - [2014/05/26 10:18:32 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f31ac8665f9f5d8e6ad4abd29f913386\System.ServiceModel.Internals.ni.dll
MOD - [2014/05/26 10:18:32 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll
MOD - [2014/05/26 10:18:17 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2014/05/26 10:18:15 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\61c26df51b250070ba949d858c55aa71\System.Configuration.ni.dll
MOD - [2014/05/26 10:18:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d581cfc0867a2d1a3513c967bc954517\System.Core.ni.dll
MOD - [2014/05/26 10:18:11 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2014/05/26 10:18:00 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/25 03:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/07/24 15:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2014/05/27 01:05:46 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/27 01:05:44 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/08/26 23:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/26 23:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/29 17:24:58 | 000,014,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/06/18 21:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/12/20 22:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/26 10:15:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/13 11:42:00 | 000,836,168 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0119421413132636mcinst.exe -- (0119421413132636mcinstcleanup)
SRV - [2014/01/29 19:04:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/13 08:02:54 | 000,198,664 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/12/09 15:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/09 15:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/11/21 02:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/07/02 08:00:14 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/06/20 12:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/09/23 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/08 09:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/24 14:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 14:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/22 14:57:34 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/01/22 14:51:26 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/09 15:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/07/24 13:28:34 | 000,666,984 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/24 13:28:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/09 14:58:32 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/07/02 07:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/07/02 07:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/07/02 07:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/07/02 07:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/07/02 07:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/07/01 12:33:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/07/01 12:33:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/07/01 12:33:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/06/25 14:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/04/10 12:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE - HKCU\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/10/12 19:40:28 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43698C58-0689-4BB4-A57C-5F26901BB663}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/15 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Microsoft Help
[2014/10/15 11:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/10/15 11:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/10/15 11:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/10/15 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/10/15 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\HP
[2014/10/15 08:51:24 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/10/14 14:10:16 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\BSA pamphlet child abuse
[2014/10/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Skyline Bears 2014
[2014/10/14 13:26:09 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Custom Office Templates
[2014/10/14 11:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/10/14 11:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/10/14 11:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/10/14 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/10/14 11:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/10/14 11:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/10/13 15:54:06 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\PCDr
[2014/10/13 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Adobe
[2014/10/12 19:40:25 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/10/12 10:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2014/10/12 10:13:30 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Diagnostics
[2014/10/12 10:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/10/12 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/10/12 10:01:39 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Google
[2014/10/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Deployment
[2014/10/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apps
[2014/10/12 09:57:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Dell
[2014/10/12 09:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\EmieUserList
[2014/10/12 09:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\EmieSiteList
[2014/10/12 09:55:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Intel Corporation
[2014/10/12 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\BMExplorer
[2014/10/12 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Bluetooth Folder
[2014/10/12 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Leadertech
[2014/10/12 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Atheros
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\Searches
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/10/12 09:54:27 | 000,000,000 | -H-D | C] -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/10/12 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Identities
[2014/10/12 09:54:18 | 000,000,000 | R--D | C] -- C:\Users\Holly\Contacts
[2014/10/12 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Macromedia
[2014/10/12 09:54:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/10/12 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\VirtualStore
[2014/10/12 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Adobe
[2014/10/12 09:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/10/12 09:50:29 | 000,000,000 | --SD | C] -- C:\Users\Holly\AppData\Roaming\Microsoft
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Videos
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Saved Games
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Pictures
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Music
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Links
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Favorites
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Downloads
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Documents
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Desktop
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\Temporary Internet Files
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Templates
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Start Menu
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\SendTo
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Recent
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\PrintHood
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\NetHood
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Videos
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Pictures
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Music
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\My Documents
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Local Settings
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\History
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Cookies
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Application Data
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\Application Data
[2014/10/12 09:50:29 | 000,000,000 | -H-D | C] -- C:\Users\Holly\AppData
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Temp
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Microsoft
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Media Center Programs
[2014/10/11 18:47:23 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014/10/11 18:46:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2014/10/15 12:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/15 12:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/15 11:49:52 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2014/10/15 11:49:52 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk
[2014/10/15 11:47:27 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/10/15 10:06:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/15 08:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/14 12:48:54 | 000,781,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/14 12:48:54 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/14 12:48:54 | 000,121,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/14 11:29:15 | 014,381,616 | ---- | M] () -- C:\WindowsMSYHBD.tt2
[2014/10/14 11:29:10 | 021,543,568 | ---- | M] () -- C:\WindowsMSYH.tt2
[2014/10/14 11:29:10 | 000,222,632 | ---- | M] () -- C:\WindowsMSUIGHUR.tt2
[2014/10/14 11:29:02 | 014,343,024 | ---- | M] () -- C:\WindowsMSJHBD.tt2
[2014/10/14 11:28:57 | 021,302,624 | ---- | M] () -- C:\WindowsMSJH.tt2
[2014/10/14 11:28:49 | 000,094,064 | ---- | M] () -- C:\WindowsLEELAWAD.tt2
[2014/10/14 11:28:49 | 000,093,836 | ---- | M] () -- C:\WindowsLEELAWDB.tt2
[2014/10/12 10:02:29 | 000,002,281 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/12 10:02:22 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/12 09:55:31 | 000,001,409 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/12 09:55:20 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/12 09:55:20 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/11 18:48:28 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/10/11 18:48:28 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/10/11 18:46:07 | 4229,640,190 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2014/10/15 11:49:52 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2014/10/15 11:49:52 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk
[2014/10/15 11:47:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/10/14 11:29:18 | 021,543,568 | ---- | C] () -- C:\WindowsMSYH.tt2
[2014/10/14 11:29:18 | 021,302,624 | ---- | C] () -- C:\WindowsMSJH.tt2
[2014/10/14 11:29:18 | 014,381,616 | ---- | C] () -- C:\WindowsMSYHBD.tt2
[2014/10/14 11:29:18 | 014,343,024 | ---- | C] () -- C:\WindowsMSJHBD.tt2
[2014/10/14 11:29:18 | 000,222,632 | ---- | C] () -- C:\WindowsMSUIGHUR.tt2
[2014/10/14 11:29:18 | 000,094,064 | ---- | C] () -- C:\WindowsLEELAWAD.tt2
[2014/10/14 11:29:18 | 000,093,836 | ---- | C] () -- C:\WindowsLEELAWDB.tt2
[2014/10/12 10:02:22 | 000,002,281 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/12 10:02:22 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/12 10:01:44 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/12 10:01:44 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/12 09:55:31 | 000,001,409 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/12 09:54:28 | 000,001,415 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/10/12 09:50:43 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/10/12 09:50:29 | 000,000,290 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/10/12 09:50:29 | 000,000,272 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/10/11 18:46:07 | 4229,640,190 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/27 00:53:14 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/27 00:53:12 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/27 00:53:12 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/05/26 10:25:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/08/26 23:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/05/27 01:05:41 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/05/27 01:05:41 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/10/12 09:54:35 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Leadertech
[2014/10/13 15:55:08 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PCDr

========== Purity Check ==========

< End of report >

#2
Biscuithd

Posted 15 October 2014 - 03:59 PM

Trusted Helper

Malware Removal
2,573 posts

Hi,

I'll be back with you tomorrow with an assessment and next steps.

#3
Biscuithd

Posted 16 October 2014 - 08:24 AM

Trusted Helper

Malware Removal
2,573 posts

Yes, you do have some significat issues, but I think we can get them all handled. It might take a few days though

Let's get started.

Fix with OTL

Please re-run OTL with this removal script included.

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Right-click on icon and select Run as Administrator to start the tool.

Under the Custom Scans/Fixes bar in the box paste in the following:

:COMMANDS
[CREATERESTOREPOINT]
PRC - [2014/10/15 11:34:43 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\yurdsutzwta.exe
MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/15 11:34:43 | 008,537,928 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\pdf.dll
MOD - [2014/10/15 11:34:43 | 001,732,936 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/10/15 11:34:43 | 000,718,152 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libglesv2.dll
MOD - [2014/10/15 11:34:43 | 000,353,096 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/10/15 11:34:43 | 000,126,280 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libegl.dll
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB
IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB
HKCU\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O18:64bit: - Protocol\Handler\osf - No CLSID value found
:files
C:\Users\Holly\AppData\LocalLow\EmieUserList
:Commands
[emptytemp]
[resethosts]
[reboot]

Push Run Fix and wait patiently.
If asked to reboot, please allow it to.
A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

Fix with RogueKiller

Please re-run RogueKiller.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.

Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.

Accept the Terms of use.

When the Scan button becomes available, please click it. RogueKiller will start a full scan.

Upon completion, the Delete button will become available. Click it.

Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.

Let this process run uninterrupted!.

When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Finally, re-run OTL as you did initially and post the resulting OTL.txt

#4
AuntieHolly

Posted 16 October 2014 - 10:43 AM

Member

Topic Starter
Member
49 posts

Ok thanks for your help.
The OTL icon disappeared when I tried to use it, so I downloaded it again. Now I have two in my download files but the icon is still missing. After I applied the fix you gave, I couldn't find the file to copy so I ran the fix again. I finally found the OTL folder so am sending both logs.

First fix:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <PRC - [2014/10/15 11:34:43 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\yurdsutzwta.exe> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 008,537,928 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\pdf.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 001,732,936 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ffmpegsumo.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 000,718,152 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libglesv2.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 000,353,096 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ppgooglenaclpluginchrome.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 000,126,280 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libegl.dll> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB> in the current context!
Error: Unable to interpret <HKCU\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}> in the current context!
Error: Unable to interpret <CHR - plugin: Error reading preferences file> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\osf - No CLSID value found> in the current context!
========== FILES ==========
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\wcxpygsmvhnv folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\Dictionaries folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\VisualElements folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\Locales folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\Extensions folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\default_apps folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143 folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\Orzlqcxfnsdi folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\Grbjjtulx folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay folder moved successfully.
C:\Users\Holly\AppData\LocalLow\EmieUserList folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Holly
->Temp folder emptied: 6207187 bytes
->Temporary Internet Files folder emptied: 255081717 bytes
->Google Chrome cache emptied: 391471224 bytes
->Flash cache emptied: 2479 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4576934 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 627.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10162014_090407

Files\Folders moved on Reboot...
C:\Users\Holly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TXEGEGOR\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TXEGEGOR\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TXEGEGOR\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F5FEZ95M\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\87NVC967\344276-encrypted-files-blackmail-letter[1].htm moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
File\Folder C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla3434.tmp not found!
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\HOLLY-PC-20141014-1128.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20141014112815755C).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20141014112815755C).log not found!
C:\Windows\temp\ood_stream.x86.en-us.dat moved successfully.
C:\Windows\temp\ood_stream.x86.x-none.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Second fix:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <PRC - [2014/10/15 11:34:43 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\yurdsutzwta.exe> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 008,537,928 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\pdf.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 001,732,936 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ffmpegsumo.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 000,718,152 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libglesv2.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 000,353,096 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ppgooglenaclpluginchrome.dll> in the current context!
Error: Unable to interpret <MOD - [2014/10/15 11:34:43 | 000,126,280 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libegl.dll> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB> in the current context!
Error: Unable to interpret <HKCU\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}> in the current context!
Error: Unable to interpret <CHR - plugin: Error reading preferences file> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\osf - No CLSID value found> in the current context!
========== FILES ==========
C:\Users\Holly\AppData\LocalLow\EmieUserList folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Holly
->Temp folder emptied: 205657 bytes
->Temporary Internet Files folder emptied: 7686450 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 991 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 845734 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10162014_092130

Files\Folders moved on Reboot...
C:\Users\Holly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XDU1YOVF\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XDU1YOVF\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XDU1YOVF\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ESW6ZZ9V\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSH52AEL\344276-encrypted-files-blackmail-letter[1].htm moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\HOLLY-PC-20141016-0911.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20141016091115574).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20141016091117574).log not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

You wrote to re-run roguekiller. I have never ran that program that I am aware of. Although it is underlined like a link it doesn't go anywhere. Please advise.

Thanks again,
Holly

#5
Biscuithd

Posted 16 October 2014 - 12:33 PM

Trusted Helper

Malware Removal
2,573 posts

Ok thanks for your help.

You are welcome!!

The OTL icon disappeared when I tried to use it, so I downloaded it again. Now I have two in my download files but the icon is still missing.

The instructions on the website indicate to install OTL from the Desktop, so the the Icon and the resulting files are easier to find. It's easy to miss that instruction. You've got one version of OTL installed in C:\Users\Holly\Downloads. It's likely that the other one is there as well. If you're worried about cluttering up your desktop, don't be as I have a tools that we can run at the end that will clean up all the tools that we use.

After I applied the fix you gave, I couldn't find the file to copy so I ran the fix again. I finally found the OTL folder so am sending both logs.

Here are the instructions again.

A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

This means that if your ran an OTL fix today, the results of the fix would be in C:\ _OTL\MovedFiles directory on your main drive

with a file name of (date)_(time).log The date and time are necessary as there could be many of these files on your hard drive.

You wrote to re-run roguekiller. I have never ran that program that I am aware of. Although it is underlined like a link it doesn't go anywhere. Please advise.

Usually, when I have a user run RogueKiller, I do the scan first and then "re-run" to delete. I should have amended my script in your case since you had not run RK before. Sorry for the confusion.

Ok, here's the instructions for Rogue Killer. Hopefully the link works this time.

Fix with RogueKiller

Please download RogueKiller and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.

Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.

Accept the Terms of use.

When the Scan button becomes available, please click it. RogueKiller will start a full scan.

Upon completion, the Delete button will become available. Click it.

Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.

Let this process run uninterrupted!.

When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Sorry I didn't get to reply to your initial questions. Let me do that now.

I have a new computer running windows 7. I used the free office 365 program and when the trial was completed I decided to use Office Pro instead. I deleted Office 365 and started having all kinds of problems with files not being found, slow response, and not being able to connect to the internet. This also coincided with the completion of the free McAfee trial. I didn't want to pay for McAfee because I already have a Norton account. I had not downloaded Norton yet. I decided since I didn't have much on the computer that I would just restore the computer to its factory settings and start over. I saved the few files I needed onto a flash drive. I restored the computer to factory settings on the 11th of October. Internet worked fine. Adobe worked fine. I uninstalled Office 365 and downloaded Office Pro again. It worked fine.

Sounds like you did all the right things! I will mention and McAfee and Norton are notorious for slowing down computers and causing issues. I find that Defender or Avast (Free) work as well or better than Norton or McAfee with out the added overhead issues.

Today I needed to print something and had to install my printer. After I installed the printer I was able to print the one file I had saved to the hard drive but when I went to print a file I had saved to the flash drive, a message came up that the file extensions were not compatible and to proceed with caution. Since the file was generated from me I opened the file only to find it was all encrypted. I thought perhaps this was because the file was originally an excel 97 file and I hadn't enabled compatibility view in Office Pro. I tried to open a photo from the flash drive and a message saying file not found came up. There was a text file on the flash drive that I thought came from installing the printer so I opened it. It read like a blackmail letter.

This sounds like one of the Crypto family of infections although I didn't find that in the scans. RogueKiller might show us more. I think it's a good bet that the infection came from the flash drive. Do not use it again until we clean you computer and I help you clean the flash drive as well.

In essence: Where did all your files go? They were encrypted with a strong encryption and unless you go to these specific sites you will not get your files back. Yikes!!! I did not go to the sites. They had names like payforTOR. I closed the text and removed the flash drive. The one file on my hard drive seems to be ok but now I am worried. What happened? Is my computer infected? Is it safe to use. Will I ever be able to use that flash drive again? Will I be able to get my files from the flash drive back? Thanks for your help.

Yes, Crypto Locker and it's variants are particularly nasty. The encrypt your Hard Drive with little recourse than either paying the ransom or reformatting the HD and starting over. Recently, someone managed to hack the Crypto site and in some cases can provide the decrypt key.

I will work as quickly as I can to avoid this issue and clean your computer. Once we are finished, I will provide a tool that will protect your computer from future attacks of this type.

#6
AuntieHolly

Posted 17 October 2014 - 01:38 PM

Member

Topic Starter
Member
49 posts

Ok, here is the RogueKiller log:

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Holly [Administrator]
Mode : Delete -- Date : 10/17/2014 12:30:55

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0199721413476263mcinstcleanup -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0199721413476263mcinstcleanup -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0199721413476263mcinstcleanup -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-534934637-3198636804-1178557441-1001\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Deleted
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> Deleted

¤¤¤ Antirootkit : 40 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\syswow64\CFGMGR32.dll @ 0x75ff7498
[IAT:Addr] (iexplore.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\syswow64\CFGMGR32.dll @ 0x75ff86ef
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x74731b51
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x747318e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x74731a15
[IAT:Addr] (iexplore.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\syswow64\CFGMGR32.dll @ 0x75ff7498
[IAT:Addr] (iexplore.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\syswow64\CFGMGR32.dll @ 0x75ff86ef

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a7978e78736d3adc62975a251745cae2
[BSP] bee73a2414f823bec78c2a9fde8c6ac1 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 24802 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 50876416 | Size: 929026 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_10172014_122351.log

Question for you. Since I really don't have anything special or specific I need on this computer would it be easier to fix if I just restored it to factory settings again or would the virus still be there?

Thanks again for all your help.

Holly

#7
Biscuithd

Posted 18 October 2014 - 08:16 AM

Trusted Helper

Malware Removal
2,573 posts

Question for you. Since I really don't have anything special or specific I need on this computer would it be easier to fix if I just restored it to factory settings again or would the virus still be there?

I've already considered that and my honest answer is, I don't know if it would still be there.

What your computer has is something we are starting to see more and more. Yours is just a bit of a morph. You know how every year they want to give you a flu shot because the strain of Flu changes. Same with these infections except that they change every few days/weeks rather than every year.

Thanks again for all your help.

You are quite welcome!

I think we are getting close to the finish line with this, so bear with me a little longer. :thumbsup:

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Make sure that Scan All Users, LOP check and Purity check are ticked.
For 64-bit systems only - make sure that Include 64-bit option is also ticked.
Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
Section Extra Registry is also set to Use Safelist.
Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

#8
AuntieHolly

Posted 18 October 2014 - 06:59 PM

Member

Topic Starter
Member
49 posts

Here are the requested logs.

Combo fix:

ComboFix 14-10-15.01 - Holly 10/18/2014 17:14:06.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16301.13683 [GMT -7:00]
Running from: c:\users\Holly\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\12856377-13ca-4a23-b36d-60217190121a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\31432802-7f43-4786-a8e0-71cd2588572a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7c5b1d75-4145-4f69-b184-a8fb559fd417.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a05de01f-6d84-4008-82c8-44786a5ba980.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d25002f9-4300-486b-80e9-bcb6abe38487.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a96c3d-2e95-42ea-ad11-9e3f77fdabd4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\fbd50850-4122-4fe3-a72e-fcbe58a0f196.dll
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-09-19 to 2014-10-19 )))))))))))))))))))))))))))))))
.
.
2014-10-19 00:30 . 2014-10-19 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-17 19:16 . 2014-10-17 19:16 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-17 19:16 . 2014-10-17 19:16 -------- d-----w- c:\programdata\RogueKiller
2014-10-16 16:18 . 2014-10-16 16:18 -------- d-----w- c:\programdata\softthinks
2014-10-16 16:04 . 2014-10-16 16:04 -------- d-----w- C:\_OTL
2014-10-15 18:49 . 2012-10-17 11:31 741480 ------w- c:\windows\system32\HPDiscoPM5C12.dll
2014-10-15 18:48 . 2014-10-15 18:48 -------- d-----w- c:\programdata\HP
2014-10-15 18:48 . 2014-10-15 18:48 -------- d-----w- c:\program files (x86)\HP
2014-10-15 18:47 . 2014-10-15 18:47 -------- d-----w- c:\program files\HP
2014-10-14 18:32 . 2014-10-14 18:29 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-14 18:30 . 2014-10-14 18:40 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-10-14 18:28 . 2014-10-14 18:28 -------- d-----w- c:\program files\Microsoft Office 15
2014-10-14 18:17 . 2014-10-14 18:17 -------- d-----w- c:\windows\system32\appmgmt
2014-10-13 02:40 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-10-12 17:39 . 2014-10-12 17:39 -------- d-----w- c:\windows\SMINST
2014-10-12 17:01 . 2014-10-12 17:02 -------- d-----w- c:\program files (x86)\Google
2014-10-12 16:50 . 2014-10-12 16:54 -------- d-----w- c:\users\Holly
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-24 21:33 . 2014-07-24 21:33 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-07-24 21:32 . 2014-07-24 21:32 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-07-24 21:31 . 2014-07-24 21:31 444720 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:34 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:34 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:34 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0
*Deregistered* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-12 17:02 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26 17:15]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-12 17:01]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-12 17:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:34 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:34 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:34 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 770544]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-07-30 36352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-07-27 7194840]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-29 1321688]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-29 1321688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: bleepingcomputer.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
Completion time: 2014-10-18 17:30:47
ComboFix-quarantined-files.txt 2014-10-19 00:30
.
Pre-Run: 903,564,394,496 bytes free
Post-Run: 915,171,479,552 bytes free
.
- - End Of File - - D33AC401E0EDBDC7AC7D64AE42F7C17D
5C616939100B85E558DA92B899A0FC36

Here are the OTL logs:

OTL logfile created on: 10/18/2014 5:45:20 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.40% Memory free
31.84 Gb Paging File | 29.11 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.25 Gb Total Space | 852.18 Gb Free Space | 93.93% Space Free | Partition Type: NTFS
Drive Y: | 24.22 Gb Total Space | 13.83 Gb Free Space | 57.11% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/15 12:19:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Downloads\OTL.exe
PRC - [2013/12/09 15:27:38 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/12/09 15:27:36 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/11/21 02:19:24 | 004,136,976 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/11/21 02:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/11/21 02:17:30 | 000,490,344 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/07/29 17:25:00 | 000,286,056 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/07/29 17:24:58 | 000,014,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/06/20 12:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/09/23 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/12 12:00:10 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\af2add04dbc75dbaafbf679611c5aae2\System.IdentityModel.ni.dll
MOD - [2014/10/12 12:00:09 | 019,536,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a8e34abf48d8f47064adb0e6f098c463\System.ServiceModel.ni.dll
MOD - [2014/10/12 12:00:09 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d4db1c5aab0982ab670f41360145b45c\System.Net.Http.ni.dll
MOD - [2014/10/12 12:00:02 | 001,075,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\325a216798d8cec936e4162bac2a6b43\System.ServiceModel.Web.ni.dll
MOD - [2014/10/12 12:00:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\42d08f7dc2ccfe772c12567d2c4d21ef\System.Xml.Linq.ni.dll
MOD - [2014/05/26 10:18:47 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fbd27463487e2aa7b161020577c22713\System.Xaml.ni.dll
MOD - [2014/05/26 10:18:43 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\65d8ef00d3e0ecf90bbb5996062a4376\System.Management.ni.dll
MOD - [2014/05/26 10:18:36 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d9f7232b71547ec2c985bbffbbff2a2b\System.Windows.Forms.ni.dll
MOD - [2014/05/26 10:18:33 | 001,631,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dadb15941ecb5c7ad0f4276e7aaed3c9\System.Drawing.ni.dll
MOD - [2014/05/26 10:18:32 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll
MOD - [2014/05/26 10:18:32 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f31ac8665f9f5d8e6ad4abd29f913386\System.ServiceModel.Internals.ni.dll
MOD - [2014/05/26 10:18:32 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll
MOD - [2014/05/26 10:18:30 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\f3650a719097cb74b104fea7e8cbb3af\PresentationFramework.Aero.ni.dll
MOD - [2014/05/26 10:18:29 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\42d1beb0060ffeecafb59c882db36cc0\PresentationFramework.ni.dll
MOD - [2014/05/26 10:18:23 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7b9c01f3fd9fa02d9c4e0ca16cf7f5e0\PresentationCore.ni.dll
MOD - [2014/05/26 10:18:20 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f6ae43015c58cfab09af0d45530b380f\WindowsBase.ni.dll
MOD - [2014/05/26 10:18:17 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2014/05/26 10:18:15 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\61c26df51b250070ba949d858c55aa71\System.Configuration.ni.dll
MOD - [2014/05/26 10:18:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d581cfc0867a2d1a3513c967bc954517\System.Core.ni.dll
MOD - [2014/05/26 10:18:11 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2014/05/26 10:18:00 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll
MOD - [2013/11/21 00:00:44 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/11/25 07:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/25 07:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/25 03:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/07/24 15:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2014/05/27 01:05:46 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/27 01:05:44 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/08/26 23:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/26 23:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/29 17:24:58 | 000,014,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/06/18 21:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/12/20 22:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/26 10:15:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 19:04:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/13 08:02:54 | 000,198,664 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/12/09 15:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/09 15:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/11/21 02:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/07/02 08:00:14 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/06/20 12:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/09/23 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/08 09:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/10/17 12:16:23 | 000,034,808 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/24 14:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 14:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/22 14:57:34 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/01/22 14:51:26 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/09 15:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/07/24 13:28:34 | 000,666,984 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/24 13:28:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/09 14:58:32 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/07/02 07:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/07/02 07:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/07/02 07:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/07/02 07:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/07/02 07:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/07/01 12:33:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/07/01 12:33:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/07/01 12:33:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/06/25 14:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/04/10 12:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}
IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/10/16 09:17:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/10/18 17:30:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\..Trusted Domains: bleepingcomputer.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43698C58-0689-4BB4-A57C-5F26901BB663}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/18 17:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/10/18 17:30:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/10/18 17:12:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/10/18 17:12:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/10/18 17:12:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/10/18 17:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/10/18 17:12:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/10/18 17:11:09 | 005,583,559 | R--- | C] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2014/10/18 17:04:38 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/10/17 12:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/10/16 09:18:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\softthinks
[2014/10/16 09:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/10/16 09:04:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/16 08:58:47 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\CrashDumps
[2014/10/15 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Microsoft Help
[2014/10/15 11:49:53 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll
[2014/10/15 11:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/10/15 11:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/10/15 11:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/10/15 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/10/15 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\HP
[2014/10/14 14:10:16 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\BSA pamphlet child abuse
[2014/10/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Skyline Bears 2014
[2014/10/14 13:26:09 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Custom Office Templates
[2014/10/14 11:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/10/14 11:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/10/14 11:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/10/14 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/10/14 11:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/10/14 11:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/10/13 15:54:06 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\PCDr
[2014/10/13 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Adobe
[2014/10/12 19:40:25 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/10/12 10:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2014/10/12 10:13:30 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Diagnostics
[2014/10/12 10:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/10/12 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/10/12 10:01:39 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Google
[2014/10/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Deployment
[2014/10/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apps
[2014/10/12 09:57:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Dell
[2014/10/12 09:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\EmieUserList
[2014/10/12 09:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\EmieSiteList
[2014/10/12 09:55:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Intel Corporation
[2014/10/12 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\BMExplorer
[2014/10/12 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Bluetooth Folder
[2014/10/12 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Leadertech
[2014/10/12 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Atheros
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\Searches
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/10/12 09:54:27 | 000,000,000 | -H-D | C] -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/10/12 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Identities
[2014/10/12 09:54:18 | 000,000,000 | R--D | C] -- C:\Users\Holly\Contacts
[2014/10/12 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Macromedia
[2014/10/12 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\VirtualStore
[2014/10/12 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Adobe
[2014/10/12 09:50:29 | 000,000,000 | --SD | C] -- C:\Users\Holly\AppData\Roaming\Microsoft
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Videos
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Saved Games
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Pictures
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Music
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Links
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Favorites
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Downloads
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Documents
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Desktop
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\Temporary Internet Files
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Templates
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Start Menu
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\SendTo
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Recent
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\PrintHood
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\NetHood
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Videos
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Pictures
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Music
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\My Documents
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Local Settings
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\History
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Cookies
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Application Data
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\Application Data
[2014/10/12 09:50:29 | 000,000,000 | -H-D | C] -- C:\Users\Holly\AppData
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Temp
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Microsoft
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Media Center Programs
[2014/10/11 18:47:23 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014/10/11 18:46:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2014/10/18 17:44:12 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/18 17:44:12 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/18 17:41:11 | 000,781,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/18 17:41:11 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/18 17:41:11 | 000,121,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/18 17:36:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/18 17:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/18 17:36:31 | 4229,640,190 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/18 17:30:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/10/18 17:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/18 17:11:09 | 005,583,559 | R--- | M] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2014/10/18 17:07:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/17 12:16:23 | 000,034,808 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/10/17 12:14:08 | 015,725,144 | ---- | M] () -- C:\Users\Holly\Desktop\RogueKiller.exe
[2014/10/16 09:11:55 | 000,002,281 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 09:11:05 | 000,436,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/15 11:49:52 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2014/10/15 11:49:52 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk
[2014/10/15 11:47:27 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/10/12 10:02:22 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/12 09:55:31 | 000,001,409 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/11 18:48:28 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/10/11 18:48:28 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2014/10/18 17:12:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/10/18 17:12:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/10/18 17:12:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/10/18 17:12:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/10/18 17:12:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/10/17 12:16:23 | 000,034,808 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/10/17 12:12:03 | 015,725,144 | ---- | C] () -- C:\Users\Holly\Desktop\RogueKiller.exe
[2014/10/15 11:49:52 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2014/10/15 11:49:52 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk
[2014/10/15 11:47:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/10/12 10:02:22 | 000,002,281 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/12 10:02:22 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/12 10:01:44 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/12 10:01:44 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/12 09:55:31 | 000,001,409 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/12 09:54:28 | 000,001,415 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/10/12 09:50:43 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/10/12 09:50:29 | 000,000,290 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/10/12 09:50:29 | 000,000,272 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/10/11 18:46:07 | 4229,640,190 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/27 00:53:14 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/27 00:53:12 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/27 00:53:12 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/05/26 10:25:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/08/26 23:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/05/27 01:05:41 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/05/27 01:05:41 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/10/12 09:54:35 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Leadertech
[2014/10/13 15:55:08 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PCDr

========== Purity Check ==========

< End of report >

And the OTL extra log:

OTL Extras logfile created on: 10/18/2014 5:45:20 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.40% Memory free
31.84 Gb Paging File | 29.11 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.25 Gb Total Space | 852.18 Gb Free Space | 93.93% Space Free | Partition Type: NTFS
Drive Y: | 24.22 Gb Total Space | 13.83 Gb Free Space | 57.11% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005B7863-ACA9-4647-B0E3-7AC0DBCF2E3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{02C3F894-B18B-4F28-8C17-30172E2E83C0}" = lport=137 | protocol=17 | dir=in | app=system |
"{06FB016A-0DEE-4654-BC48-C68ADF02EA6D}" = rport=139 | protocol=6 | dir=out | app=system |
"{12A822EA-B481-4FBF-A1E1-4918BF36FE58}" = lport=445 | protocol=6 | dir=in | app=system |
"{1ADA3610-EBC8-416E-9726-1096B703D930}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20ABCC9A-D263-44F9-B6A5-3746E83795B5}" = rport=137 | protocol=17 | dir=out | app=system |
"{48A80A78-E2BB-4975-BFA1-7756474C1CAC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{52633904-5E00-4F4A-A4DF-1CDE8B14EEF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E389687-945D-4AD2-9A88-102F19F492A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7ED00925-5626-4EB8-A1C8-D5972CAE02E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{945E4DE4-B7FC-4525-9675-C8A7677B317F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95CCC957-9619-4674-B363-569D3316557C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DF0EAD8-AFF7-42A0-861D-1B4D30F9B8B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A25FD309-E817-4E70-BE66-1F29A3E6B53F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8D9D554-BA7E-409F-92E7-F8427D01D845}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF32C760-C60E-4B59-AB2E-159680615C1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBC75CE9-DB01-48B5-AA3E-7B6CE817A1F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFF121C6-06A3-4F64-827F-40646DDC4BA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D6E56709-BE95-46DF-9899-7A05B1D34C96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DC1E1F84-D015-48FC-BD6D-67D77C16E944}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED5E1321-C1AF-49E1-8343-B4488C5CB7B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF1AB5AA-0BD3-44E1-AF32-CF72BC73BCCF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE0A9594-7CB7-4DAD-9233-A17A2CA719BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01319593-6CAC-434A-AFEA-FF7A47A7ECBA}" = protocol=58 | dir=out | [email protected],-28546 |
"{0915C11D-ACDF-4330-83D1-926B920F855A}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicatorcom.exe |
"{0DA13409-8520-4E72-B72C-80099273DF5B}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{1C1CF8C4-6C9F-40F0-B0EA-EEBEB5F81803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{212FD0FB-E1F3-486A-A155-FE6520091042}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{22739109-543D-4524-A9AE-2D20B2D36FFA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2333EEB7-D7CC-4D09-B1B6-FB860CCC8C8A}" = protocol=1 | dir=in | [email protected],-28543 |
"{25B99589-6AC7-4A26-B633-9253D9DA44A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{2A2D1CB7-F4D2-43C3-A8BC-B7DD7E1E9485}" = protocol=58 | dir=in | [email protected],-28545 |
"{377588A8-C255-4D5A-BFDF-BFD00292E4B0}" = protocol=58 | dir=out | [email protected],-503 |
"{3F7F2582-5747-43D6-9714-1115FC967B17}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{4396A934-243E-4E38-9A1A-33C03911E287}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61119348-5EAC-4F65-95C3-6985302D28F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64B4A618-FEDC-4A93-BF72-A1DA0C5461A9}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\sendafax.exe |
"{653AAFCE-EC68-4C85-B4A1-43BD51512D0A}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{65FEAD22-5F41-41BA-95FB-6D89BA4AB9D1}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\faxapplications.exe |
"{67B8EEF1-4A09-42E4-B8B1-DF9AD24EF836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C280D6C-D510-4C4F-BEB3-2165FB668A1B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7068F278-97B9-4162-A4E8-4A4CB0DC64E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{731E4065-F75E-4D7E-9657-40FD43D1C247}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{780F8787-8995-4C9F-A053-6378DFF27F51}" = protocol=6 | dir=out | app=system |
"{7EC0CDAA-5FF3-4621-B96C-1EAD926F7590}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{8444DADC-0F54-48BF-82AD-8960EC7841D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94686EF3-A0CD-4BA8-9A5B-746CA8670B10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{958D1450-6F8D-42E1-8563-4A34EE9AAA98}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{A54702C3-FC6E-4BA0-857A-9BC84AAD7EDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5949D95-472B-423B-AB2A-0A80854CD63E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFE97F1A-C451-41D5-A6B9-E19B8EE56721}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\digitalwizards.exe |
"{B77A81EB-17B8-4C37-8E0B-BA254D4A6365}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{C398D0EE-2CA9-42DB-9FB7-6F98BDA290CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB63E8C1-8F8E-45F2-895F-AE956979C384}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E34456B5-8B4C-4354-BDCD-439F68782844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E73C0FF0-1E45-498A-85FC-1FCFF5FE7980}" = protocol=1 | dir=out | [email protected],-28544 |
"{EAF6E65C-D29F-42F3-8AF8-F4EF20D5144D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFC82707-3A08-4896-9D2F-8F969A327DC7}" = protocol=58 | dir=in | app=system |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8B7B39-179F-47F8-A7AC-63D9C433A567}" = Intel® Rapid Storage Technology
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A1CFA587-90D4-4DE6-B200-68CC0F92252F}" = HP Officejet 6700 Basic Device Software
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"PC-Doctor for Windows" = My Dell
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A9F528-A754-460F-B2C1-AC125A147114}" = Dell Digital Delivery
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI MUI
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{E1AE0CB7-1333-4728-8520-CB3F88A252B4}" = HP Officejet 6700 Help
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Google Chrome" = Google Chrome
"MSC" = McAfee LiveSafe – Internet Security

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2014 7:38:54 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17105,
time stamp: 0x535f9f59 Exception code: 0xc00000fd Fault offset: 0x000db863 Faulting
process id: 0x9e38 Faulting application start time: 0x01cfea635e9ac091 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: c11a61b7-5656-11e4-b2e7-90489a004c76

Error - 10/17/2014 7:51:30 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17105,
time stamp: 0x535f9f59 Exception code: 0xc00000fd Fault offset: 0x000d9b5c Faulting
process id: 0xdd80 Faulting application start time: 0x01cfea65342996c9 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 83ba4087-5658-11e4-b2e7-90489a004c76

Error - 10/17/2014 10:11:29 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17105,
time stamp: 0x535f9f59 Exception code: 0xc00000fd Fault offset: 0x000d9b5c Faulting
process id: 0xdd08 Faulting application start time: 0x01cfea78c6fc0a7c Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 11ca0da2-566c-11e4-b2e7-90489a004c76

Error - 10/17/2014 10:17:22 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17105,
time stamp: 0x535f9f59 Exception code: 0xc00000fd Fault offset: 0x000d9b5c Faulting
process id: 0x158f8 Faulting application start time: 0x01cfea7911625a3c Faulting
application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module
path: C:\Windows\system32\MSHTML.dll Report Id: e40b7f1b-566c-11e4-b2e7-90489a004c76

Error - 10/17/2014 11:09:05 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17105,
time stamp: 0x535f9f59 Exception code: 0xc00000fd Fault offset: 0x000db863 Faulting
process id: 0x4f88 Faulting application start time: 0x01cfea80d2477640 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 1d8ec7cd-5674-11e4-b2e7-90489a004c76

Error - 10/17/2014 11:32:28 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17105,
time stamp: 0x535f9f59 Exception code: 0xc00000fd Fault offset: 0x000d97c4 Faulting
process id: 0x5f38 Faulting application start time: 0x01cfea84052ff716 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 61f19d8a-5677-11e4-b2e7-90489a004c76

Error - 10/18/2014 1:22:24 AM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BtvStack.exe, version: 8.0.1.230, time
stamp: 0x51d3bb87 Faulting module name: audio.dll, version: 8.0.1.230, time stamp:
0x51d3bc5c Exception code: 0xc0000005 Fault offset: 0x000000000001b308 Faulting process
id: 0x5d0 Faulting application start time: 0x01cfe95d9f44f690 Faulting application
path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe Faulting
module path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll
Report
Id: bd7f3c1e-5686-11e4-b2e7-90489a004c76

Error - 10/18/2014 8:04:41 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BtvStack.exe, version: 8.0.1.230, time
stamp: 0x51d3bb87 Faulting module name: audio.dll, version: 8.0.1.230, time stamp:
0x51d3bc5c Exception code: 0xc0000005 Fault offset: 0x000000000001b308 Faulting process
id: 0xe84 Faulting application start time: 0x01cfeb302aaa14d8 Faulting application
path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe Faulting
module path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll
Report
Id: 859208f6-5723-11e4-9246-90489a004c76

Error - 10/18/2014 8:05:05 PM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2014 8:38:27 PM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/12/2014 7:58:47 PM | Computer Name = Holly-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 10/12/2014 10:38:32 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee
Personal Firewall Service service to connect.

Error - 10/12/2014 10:38:32 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%1053

Error - 10/12/2014 10:38:32 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee
Proxy Service service to connect.

Error - 10/12/2014 10:38:32 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%1053

Error - 10/12/2014 10:39:18 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee
Home Network service to connect.

Error - 10/12/2014 10:39:18 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Home Network service failed to start due to the following
error: %%1053

Error - 10/12/2014 10:39:19 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee
Personal Firewall Service service to connect.

Error - 10/12/2014 10:39:19 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%1053

< End of report >

Holly

#9
Biscuithd

Posted 18 October 2014 - 08:01 PM

Trusted Helper

Malware Removal
2,573 posts

This is looking much better. Have you tried using the machine or were you waiting for things to clear up first? I wouldn't blame you if you were waiting. In any case, go ahead and use it see if the previous have resolved. If so, I have some final cleaning I'd like to do. If not, I do have a plan "B".

#10
AuntieHolly

Posted 19 October 2014 - 06:30 PM

Member

Topic Starter
Member
49 posts

Hi, I have been using my computer to check my email and since you said it looks better I've been playing some games on FB and browsing a little. The only thing I've noticed is that some pages won't load from FB and that a certain game I have been playing through FB won't load pages in explorer but it will in chrome. The game plays better in explorer though. I have messages to update adobe and in order to use my work portal I need to download JAVA. I haven't done either of these yet. Thanks, Holly

#11
Biscuithd

Posted 20 October 2014 - 08:31 AM

Trusted Helper

Malware Removal
2,573 posts

Hi Holly,

This is exceptionally good news considering the way things were previously!

Now, we can restore a bit of order to your machine.

The only thing I've noticed is that some pages won't load from FB and that a certain game I have been playing through FB won't load pages in explorer but it will in chrome. The game plays better in explorer though.

Facebook games don't work? Gosh, that's just terrible isn't it :rofl:

Ok, I'll serious up now!! :whistling: Do you get an error message? If so, is it FB that is erroring or something else?

I have messages to update adobe and in order to use my work portal I need to download JAVA. I haven't done either of these yet.

Yes, these are quite important and a frequent souce of infections. Go directly to the source and download those products rather than follow a pop-up on your computer. Often these are fraudulent and are trying to Phish you into downloading more bad code.

Let's now looks at the various setting on your computer and start to set them to right.

Scan with MiniToolBox

Please download MiniToolBox by Farbar and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
In the main window please checkmark the following checkboxes:
- Flush DNS;
- Report IE Proxy Settings;
- Reset IE Proxy Settings;
- Report FF Proxy Settings;
- Reset FF Proxy Settings;
- List content of Hosts;
- List IP configuration;
- List Winsock Entries;
Click Go and wait paiently.
Upon completion (a reboot may be needed) a file called Result.txt will be saved on your desktop.

Please include the content of that file in your next reply.

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Follow onscreen instructions inside the black box. This scan won't take long.
Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

Right-click on https://sites.google...viceScanner.png
icon and select Run as Administrator to start the tool.
Make sure all of the options are checked!
Press Scan.
It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.

#12
AuntieHolly

Posted 22 October 2014 - 01:53 PM

Member

Topic Starter
Member
49 posts

Hi, here are the logs:

Mini tool kit:

MiniToolBox by Farbar Version: 21-07-2014
Ran by Holly (administrator) on 22-10-2014 at 12:36:16
Running from "C:\Users\Holly\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wireless Network Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Holly-PC
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 90-48-9A-00-4C-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 90-48-9A-00-4C-75
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F8-BC-12-87-AF-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:600a:21:35e5:215:242e:9df7(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, October 22, 2014 9:00:31 AM
   Lease Expires . . . . . . . . . . : Thursday, October 23, 2014 3:30:29 PM
   Link-local IPv6 Address . . . . . : fe80::b820:fe79:767f:a125%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 67.160.14.189(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Wednesday, October 22, 2014 9:00:34 AM
   Lease Expires . . . . . . . . . . : Friday, October 24, 2014 6:03:26 PM
   Default Gateway . . . . . . . . . : fe80::222:90ff:fec6:69e2%11
                                       67.160.12.1
   DHCP Server . . . . . . . . . . . : 76.96.94.200
   DHCPv6 IAID . . . . . . . . . . . : 251182098
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-16-01-05-F8-BC-12-87-AF-5B
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{523E4006-FBE8-4179-97E6-518801D7109A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:85b:179:bc5f:f142(Preferred)
   Link-local IPv6 Address . . . . . : fe80::85b:179:bc5f:f142%14(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.wa.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{46C0763A-1D95-4980-8B7F-257F90DE60CF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 2001:558:feed::1

Name:    google.com
Addresses: 2607:f8b0:400a:805::1009
   173.194.33.104
   173.194.33.102
   173.194.33.99
   173.194.33.96
   173.194.33.97
   173.194.33.100
   173.194.33.110
   173.194.33.98
   173.194.33.105
   173.194.33.103
   173.194.33.101

Pinging google.com [2607:f8b0:400a:805::1001] with 32 bytes of data:
Reply from 2607:f8b0:400a:805::1001: time=14ms
Reply from 2607:f8b0:400a:805::1001: time=11ms

Ping statistics for 2607:f8b0:400a:805::1001:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 14ms, Average = 12ms
Server: cdns01.comcast.net
Address: 2001:558:feed::1

Name:    yahoo.com
Addresses: 98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=18ms TTL=53
Reply from 206.190.36.45: bytes=32 time=18ms TTL=53

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 18ms, Average = 18ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...90 48 9a 00 4c 76 ......Bluetooth Device (Personal Area Network)
13...90 48 9a 00 4c 75 ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
11...f8 bc 12 87 af 5b ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0      67.160.12.1    67.160.14.189     10
      67.160.12.0    255.255.252.0         On-link     67.160.14.189    266
    67.160.14.189 255.255.255.255         On-link     67.160.14.189    266
    67.160.15.255 255.255.255.255         On-link     67.160.14.189    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    306
127.255.255.255 255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     67.160.14.189    266
255.255.255.255 255.255.255.255         On-link         127.0.0.1    306
255.255.255.255 255.255.255.255         On-link     67.160.14.189    266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
11    266 ::/0                     fe80::222:90ff:fec6:69e2
1    306 ::1/128                  On-link
14     58 2001::/32                On-link
14    306 2001:0:9d38:90d7:85b:179:bc5f:f142/128
                                    On-link
11    266 2001:558:600a:21:35e5:215:242e:9df7/128
                                    On-link
11    266 fe80::/64                On-link
14    306 fe80::/64                On-link
14    306 fe80::85b:179:bc5f:f142/128
                                    On-link
11    266 fe80::b820:fe79:767f:a125/128
                                    On-link
1    306 ff00::/8                 On-link
14    306 ff00::/8                 On-link
11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****

Security Check:

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome 38.0.2125.101
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Farbar Service Scan:

Farbar Service Scanner Version: 21-07-2014
Ran by Holly (administrator) on 22-10-2014 at 12:45:12
Running from "C:\Users\Holly\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

The link sites.google....vicescanner.png didn't work. Did I misunderstand your instructions?

The computer is running great when I use chrome. When I use explorer many of the secondary pages won't load. It looks like it is going to the page, but it doesn't change or in a new window it is just blank. I would use chrome all the time but there are a couple of sites that I use that are only completely compatible with explorer.

Thanks, Holly

#13
AuntieHolly

Posted 22 October 2014 - 02:15 PM

Member

Topic Starter
Member
49 posts

Hello again, Right after I ran the scans and posted the previous reply, I am getting an alert. "User account control" Do I want to allow the following program to make changes to this computer? -- The program name is Microsoft Windows and the Verified publisher is Microsoft Corporation. The file origin: Hard drive this computer. When I click on show details it points to C: users\holly\Appdata\LocalLow{C062.

Normally I would just click yes to this type of alert since it seems to be from Microsoft, but because of the previous problem I am suspicious and untrusting. I clicked no but the alert is quite persistent. Please advise.

Thanks, again.

Holly

#14
Biscuithd

Posted 23 October 2014 - 08:41 AM

Trusted Helper

Malware Removal
2,573 posts

Hi,

The persistant error message is something that I had thought was removed, but was not. We'll get it out with OTL. I'm glad that you didn't let it through.

Fix with OTL

Please re-run OTL with this removal script included.

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Right-click on icon and select Run as Administrator to start the tool.

Under the Custom Scans/Fixes bar in the box paste in the following:


:COMMANDS

[CREATERESTOREPOINT]
:OTL

PRC - [2014/10/15 11:34:43 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\yurdsutzwta.exe

MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll

MOD - [2014/10/15 11:34:43 | 014,669,128 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\PepperFlash\pepflashplayer.dll

MOD - [2014/10/15 11:34:43 | 008,537,928 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\pdf.dll

MOD - [2014/10/15 11:34:43 | 001,732,936 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ffmpegsumo.dll

MOD - [2014/10/15 11:34:43 | 000,718,152 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libglesv2.dll

MOD - [2014/10/15 11:34:43 | 000,353,096 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\ppgooglenaclpluginchrome.dll

MOD - [2014/10/15 11:34:43 | 000,126,280 | ---- | M] () -- C:\Users\Holly\AppData\LocalLow\EmieUserList\Qtlmluwjlgay\ukhtiezy\36.0.1985.143\libegl.dll

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}

IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB

IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}

IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB

HKCU\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O18:64bit: - Protocol\Handler\osf - No CLSID value found

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}

IE:64bit: - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB

IE - HKLM\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}

IE - HKLM\..\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}: "URL" = http://www.bing.com/...=IE11TR&pc=DCJB

IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\..\SearchScopes,DefaultScope = {B46C9C97-98EC-49B2-AF00-4CACCC690731}

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:files

C:\Users\Holly\AppData\LocalLow\EmieUserList

:Commands

[emptytemp]

[resethosts]

[reboot]

Push Run Fix and wait patiently.
If asked to reboot, please allow it to.
A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Make sure that Scan All Users, LOP check and Purity check are ticked.
For 64-bit systems only - make sure that Include 64-bit option is also ticked.
Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
Section Extra Registry is also set to Use Safelist.
Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

#15
AuntieHolly

Posted 23 October 2014 - 10:31 AM

Member

Topic Starter
Member
49 posts

Ok, Here is the fix scan:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named yurdsutzwta.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ not found.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ms folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\he folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\et folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\es_419 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\en_US folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\en_GB folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ms folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\he folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\et folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\es_419 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\en_US folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\en_GB folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ms folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\he folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\eu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\et folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es_419 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_US folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_GB folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_ folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\hr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\he folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\en folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\he folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\et folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es_419 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_US folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_GB folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ms folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\he folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\et folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\es_419 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\en_US folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\en_GB folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0 folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\__MACOSX\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\__MACOSX folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_metadata folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_TW folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_CN folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\vi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\uk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\tr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\th folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sk folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\se folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ru folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ro folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_PT folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_BR folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\no folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\nl folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lv folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lt folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ko folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ja folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\it folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\id folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hu folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fr folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fil folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fi folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\es folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\en folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\el folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\de folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\da folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\cs folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ca folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\bg folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ar folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales folder moved successfully.
C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46C9C97-98EC-49B2-AF00-4CACCC690731}\ not found.
HKEY_USERS\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
C:\Users\Holly\AppData\LocalLow\EmieUserList folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Holly
->Temp folder emptied: 1634682 bytes
->Temporary Internet Files folder emptied: 279120862 bytes
->Google Chrome cache emptied: 404655114 bytes
->Flash cache emptied: 4006 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 705835 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 654.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10232014_090209

Files\Folders moved on Reboot...
C:\Users\Holly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EF2UHVDS\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EF2UHVDS\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EF2UHVDS\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EF2UHVDS\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T9NHYGC\344276-encrypted-files-blackmail-letter[1].htm moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\HOLLY-PC-20141022-0900.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(201410220900357D8).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(201410220900377D8).log not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL scan log:
OTL logfile created on: 10/23/2014 9:20:03 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 13.67 Gb Available Physical Memory | 85.87% Memory free
31.84 Gb Paging File | 29.35 Gb Available in Paging File | 92.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.25 Gb Total Space | 850.69 Gb Free Space | 93.77% Space Free | Partition Type: NTFS
Drive Y: | 24.22 Gb Total Space | 13.83 Gb Free Space | 57.11% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/15 12:19:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Downloads\OTL.exe
PRC - [2013/12/09 15:27:38 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/12/09 15:27:36 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/11/21 02:19:24 | 004,136,976 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/11/21 02:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/11/21 02:17:30 | 000,490,344 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/07/29 17:25:00 | 000,286,056 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/07/29 17:24:58 | 000,014,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/06/20 12:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/09/23 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/12 12:00:10 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\af2add04dbc75dbaafbf679611c5aae2\System.IdentityModel.ni.dll
MOD - [2014/10/12 12:00:09 | 019,536,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a8e34abf48d8f47064adb0e6f098c463\System.ServiceModel.ni.dll
MOD - [2014/10/12 12:00:09 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d4db1c5aab0982ab670f41360145b45c\System.Net.Http.ni.dll
MOD - [2014/10/12 12:00:02 | 001,075,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\325a216798d8cec936e4162bac2a6b43\System.ServiceModel.Web.ni.dll
MOD - [2014/10/12 12:00:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\42d08f7dc2ccfe772c12567d2c4d21ef\System.Xml.Linq.ni.dll
MOD - [2014/05/26 10:18:47 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fbd27463487e2aa7b161020577c22713\System.Xaml.ni.dll
MOD - [2014/05/26 10:18:43 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\65d8ef00d3e0ecf90bbb5996062a4376\System.Management.ni.dll
MOD - [2014/05/26 10:18:36 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d9f7232b71547ec2c985bbffbbff2a2b\System.Windows.Forms.ni.dll
MOD - [2014/05/26 10:18:33 | 001,631,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dadb15941ecb5c7ad0f4276e7aaed3c9\System.Drawing.ni.dll
MOD - [2014/05/26 10:18:32 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll
MOD - [2014/05/26 10:18:32 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f31ac8665f9f5d8e6ad4abd29f913386\System.ServiceModel.Internals.ni.dll
MOD - [2014/05/26 10:18:32 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll
MOD - [2014/05/26 10:18:30 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\f3650a719097cb74b104fea7e8cbb3af\PresentationFramework.Aero.ni.dll
MOD - [2014/05/26 10:18:29 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\42d1beb0060ffeecafb59c882db36cc0\PresentationFramework.ni.dll
MOD - [2014/05/26 10:18:23 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7b9c01f3fd9fa02d9c4e0ca16cf7f5e0\PresentationCore.ni.dll
MOD - [2014/05/26 10:18:20 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f6ae43015c58cfab09af0d45530b380f\WindowsBase.ni.dll
MOD - [2014/05/26 10:18:17 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2014/05/26 10:18:15 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\61c26df51b250070ba949d858c55aa71\System.Configuration.ni.dll
MOD - [2014/05/26 10:18:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d581cfc0867a2d1a3513c967bc954517\System.Core.ni.dll
MOD - [2014/05/26 10:18:11 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2014/05/26 10:18:00 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll
MOD - [2013/11/21 00:00:44 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/11/25 07:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/25 07:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/25 03:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/07/24 15:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2014/05/27 01:05:46 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/27 01:05:44 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/08/26 23:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/26 23:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/29 17:24:58 | 000,014,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/06/18 21:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/12/20 22:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/26 10:15:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 19:04:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/13 08:02:54 | 000,198,664 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/12/09 15:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/09 15:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/11/21 02:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/07/02 08:00:14 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/06/20 12:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/09/23 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/08 09:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/10/17 12:16:23 | 000,034,808 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/24 14:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 14:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/22 14:57:34 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/01/22 14:51:26 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/09 15:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/07/24 13:28:34 | 000,666,984 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/24 13:28:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/09 14:58:32 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/07/02 07:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/07/02 07:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/07/02 07:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/07/02 07:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/07/02 07:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/07/02 07:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/07/01 12:33:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/07/01 12:33:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/07/01 12:33:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/06/25 14:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/04/10 12:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/10/16 09:17:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2014/10/23 09:10:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-534934637-3198636804-1178557441-1001\..Trusted Domains: bleepingcomputer.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43698C58-0689-4BB4-A57C-5F26901BB663}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/23 09:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/10/22 13:19:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
[2014/10/22 12:34:42 | 000,415,232 | ---- | C] (Farbar) -- C:\Users\Holly\Desktop\FSS.exe
[2014/10/22 12:32:19 | 000,401,920 | ---- | C] (Farbar) -- C:\Users\Holly\Desktop\MiniToolBox.exe
[2014/10/18 17:30:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/10/18 17:12:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/10/18 17:12:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/10/18 17:12:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/10/18 17:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/10/18 17:12:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/10/18 17:11:09 | 005,583,559 | R--- | C] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2014/10/18 17:04:38 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/10/17 12:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/10/16 09:18:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\softthinks
[2014/10/16 09:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/10/16 09:04:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/16 08:58:47 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\CrashDumps
[2014/10/15 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Microsoft Help
[2014/10/15 11:49:53 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll
[2014/10/15 11:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/10/15 11:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/10/15 11:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/10/15 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/10/15 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\HP
[2014/10/14 14:10:16 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\BSA pamphlet child abuse
[2014/10/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Skyline Bears 2014
[2014/10/14 13:26:09 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Custom Office Templates
[2014/10/14 11:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/10/14 11:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/10/14 11:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/10/14 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/10/14 11:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/10/14 11:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/10/13 15:54:06 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\PCDr
[2014/10/13 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Adobe
[2014/10/12 19:40:25 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/10/12 10:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2014/10/12 10:13:30 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Diagnostics
[2014/10/12 10:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/10/12 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/10/12 10:01:39 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Google
[2014/10/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Deployment
[2014/10/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apps
[2014/10/12 09:57:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Dell
[2014/10/12 09:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\EmieUserList
[2014/10/12 09:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\EmieSiteList
[2014/10/12 09:55:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Intel Corporation
[2014/10/12 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\BMExplorer
[2014/10/12 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Bluetooth Folder
[2014/10/12 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Leadertech
[2014/10/12 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Atheros
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\Searches
[2014/10/12 09:54:27 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/10/12 09:54:27 | 000,000,000 | -H-D | C] -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/10/12 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Identities
[2014/10/12 09:54:18 | 000,000,000 | R--D | C] -- C:\Users\Holly\Contacts
[2014/10/12 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Macromedia
[2014/10/12 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\VirtualStore
[2014/10/12 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Adobe
[2014/10/12 09:50:29 | 000,000,000 | --SD | C] -- C:\Users\Holly\AppData\Roaming\Microsoft
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Videos
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Saved Games
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Pictures
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Music
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Links
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Favorites
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Downloads
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Documents
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\Desktop
[2014/10/12 09:50:29 | 000,000,000 | R--D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\Temporary Internet Files
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Templates
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Start Menu
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\SendTo
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Recent
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\PrintHood
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\NetHood
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Videos
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Pictures
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Documents\My Music
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\My Documents
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Local Settings
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\History
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Cookies
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\Application Data
[2014/10/12 09:50:29 | 000,000,000 | -HSD | C] -- C:\Users\Holly\AppData\Local\Application Data
[2014/10/12 09:50:29 | 000,000,000 | -H-D | C] -- C:\Users\Holly\AppData
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Temp
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Microsoft
[2014/10/12 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Media Center Programs
[2014/10/11 18:47:23 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014/10/11 18:46:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2014/10/23 09:18:28 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/23 09:18:28 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/23 09:15:21 | 000,781,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/23 09:15:21 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/23 09:15:21 | 000,121,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/23 09:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/23 09:11:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/23 09:10:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/23 09:10:55 | 4229,640,190 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/23 09:10:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/10/23 09:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/22 12:34:42 | 000,415,232 | ---- | M] (Farbar) -- C:\Users\Holly\Desktop\FSS.exe
[2014/10/22 12:33:59 | 000,854,448 | ---- | M] () -- C:\Users\Holly\Desktop\SecurityCheck.exe
[2014/10/22 12:32:19 | 000,401,920 | ---- | M] (Farbar) -- C:\Users\Holly\Desktop\MiniToolBox.exe
[2014/10/19 15:08:09 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/18 17:11:09 | 005,583,559 | R--- | M] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2014/10/17 12:16:23 | 000,034,808 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/10/17 12:14:08 | 015,725,144 | ---- | M] () -- C:\Users\Holly\Desktop\RogueKiller.exe
[2014/10/16 09:11:55 | 000,002,281 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 09:11:05 | 000,436,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/15 11:49:52 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2014/10/15 11:49:52 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk
[2014/10/15 11:47:27 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/10/12 09:55:31 | 000,001,409 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/11 18:48:28 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/10/11 18:48:28 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2014/10/22 12:33:59 | 000,854,448 | ---- | C] () -- C:\Users\Holly\Desktop\SecurityCheck.exe
[2014/10/18 17:12:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/10/18 17:12:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/10/18 17:12:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/10/18 17:12:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/10/18 17:12:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/10/17 12:16:23 | 000,034,808 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/10/17 12:12:03 | 015,725,144 | ---- | C] () -- C:\Users\Holly\Desktop\RogueKiller.exe
[2014/10/15 11:49:52 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2014/10/15 11:49:52 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk
[2014/10/15 11:47:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/10/12 10:02:22 | 000,002,281 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/12 10:02:22 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/12 10:01:44 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/12 10:01:44 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/12 09:55:31 | 000,001,409 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/12 09:54:28 | 000,001,415 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/10/12 09:50:43 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/10/12 09:50:29 | 000,000,290 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/10/12 09:50:29 | 000,000,272 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/10/11 18:46:07 | 4229,640,190 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/27 00:53:14 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/27 00:53:12 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/27 00:53:12 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/05/26 10:25:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/08/26 23:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/05/27 01:05:41 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/05/27 01:05:41 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/10/12 09:54:35 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Leadertech
[2014/10/13 15:55:08 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PCDr

========== Purity Check ==========

< End of report >

OTL extra log:

OTL Extras logfile created on: 10/23/2014 9:20:03 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 13.67 Gb Available Physical Memory | 85.87% Memory free
31.84 Gb Paging File | 29.35 Gb Available in Paging File | 92.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.25 Gb Total Space | 850.69 Gb Free Space | 93.77% Space Free | Partition Type: NTFS
Drive Y: | 24.22 Gb Total Space | 13.83 Gb Free Space | 57.11% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005B7863-ACA9-4647-B0E3-7AC0DBCF2E3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{02C3F894-B18B-4F28-8C17-30172E2E83C0}" = lport=137 | protocol=17 | dir=in | app=system |
"{06FB016A-0DEE-4654-BC48-C68ADF02EA6D}" = rport=139 | protocol=6 | dir=out | app=system |
"{12A822EA-B481-4FBF-A1E1-4918BF36FE58}" = lport=445 | protocol=6 | dir=in | app=system |
"{1ADA3610-EBC8-416E-9726-1096B703D930}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20ABCC9A-D263-44F9-B6A5-3746E83795B5}" = rport=137 | protocol=17 | dir=out | app=system |
"{52633904-5E00-4F4A-A4DF-1CDE8B14EEF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E389687-945D-4AD2-9A88-102F19F492A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7ED00925-5626-4EB8-A1C8-D5972CAE02E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{945E4DE4-B7FC-4525-9675-C8A7677B317F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95CCC957-9619-4674-B363-569D3316557C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DF0EAD8-AFF7-42A0-861D-1B4D30F9B8B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F915CD7-7A56-44C1-B819-8538F97FC4F2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{A25FD309-E817-4E70-BE66-1F29A3E6B53F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8D9D554-BA7E-409F-92E7-F8427D01D845}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF32C760-C60E-4B59-AB2E-159680615C1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBC75CE9-DB01-48B5-AA3E-7B6CE817A1F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFF121C6-06A3-4F64-827F-40646DDC4BA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D6E56709-BE95-46DF-9899-7A05B1D34C96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DC1E1F84-D015-48FC-BD6D-67D77C16E944}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED5E1321-C1AF-49E1-8343-B4488C5CB7B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF1AB5AA-0BD3-44E1-AF32-CF72BC73BCCF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE0A9594-7CB7-4DAD-9233-A17A2CA719BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01319593-6CAC-434A-AFEA-FF7A47A7ECBA}" = protocol=58 | dir=out | [email protected],-28546 |
"{0915C11D-ACDF-4330-83D1-926B920F855A}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicatorcom.exe |
"{0DA13409-8520-4E72-B72C-80099273DF5B}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{1C1CF8C4-6C9F-40F0-B0EA-EEBEB5F81803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{212FD0FB-E1F3-486A-A155-FE6520091042}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{22739109-543D-4524-A9AE-2D20B2D36FFA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2333EEB7-D7CC-4D09-B1B6-FB860CCC8C8A}" = protocol=1 | dir=in | [email protected],-28543 |
"{25B99589-6AC7-4A26-B633-9253D9DA44A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{2A2D1CB7-F4D2-43C3-A8BC-B7DD7E1E9485}" = protocol=58 | dir=in | [email protected],-28545 |
"{2BA56252-50EF-4711-9E87-0721D3909BFF}" = protocol=58 | dir=out | [email protected],-503 |
"{3F7F2582-5747-43D6-9714-1115FC967B17}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{4396A934-243E-4E38-9A1A-33C03911E287}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61119348-5EAC-4F65-95C3-6985302D28F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64B4A618-FEDC-4A93-BF72-A1DA0C5461A9}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\sendafax.exe |
"{653AAFCE-EC68-4C85-B4A1-43BD51512D0A}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{65FEAD22-5F41-41BA-95FB-6D89BA4AB9D1}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\faxapplications.exe |
"{67B8EEF1-4A09-42E4-B8B1-DF9AD24EF836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6933FC26-51CA-4604-98FF-A3F27959E302}" = protocol=58 | dir=in | app=system |
"{6C280D6C-D510-4C4F-BEB3-2165FB668A1B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7068F278-97B9-4162-A4E8-4A4CB0DC64E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{731E4065-F75E-4D7E-9657-40FD43D1C247}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{780F8787-8995-4C9F-A053-6378DFF27F51}" = protocol=6 | dir=out | app=system |
"{7EC0CDAA-5FF3-4621-B96C-1EAD926F7590}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{8444DADC-0F54-48BF-82AD-8960EC7841D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94686EF3-A0CD-4BA8-9A5B-746CA8670B10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{958D1450-6F8D-42E1-8563-4A34EE9AAA98}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{A54702C3-FC6E-4BA0-857A-9BC84AAD7EDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5949D95-472B-423B-AB2A-0A80854CD63E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFE97F1A-C451-41D5-A6B9-E19B8EE56721}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\digitalwizards.exe |
"{B77A81EB-17B8-4C37-8E0B-BA254D4A6365}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{C398D0EE-2CA9-42DB-9FB7-6F98BDA290CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB63E8C1-8F8E-45F2-895F-AE956979C384}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E34456B5-8B4C-4354-BDCD-439F68782844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E73C0FF0-1E45-498A-85FC-1FCFF5FE7980}" = protocol=1 | dir=out | [email protected],-28544 |
"{EAF6E65C-D29F-42F3-8AF8-F4EF20D5144D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8B7B39-179F-47F8-A7AC-63D9C433A567}" = Intel® Rapid Storage Technology
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A1CFA587-90D4-4DE6-B200-68CC0F92252F}" = HP Officejet 6700 Basic Device Software
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"PC-Doctor for Windows" = My Dell
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A9F528-A754-460F-B2C1-AC125A147114}" = Dell Digital Delivery
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI MUI
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{E1AE0CB7-1333-4728-8520-CB3F88A252B4}" = HP Officejet 6700 Help
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Google Chrome" = Google Chrome
"MSC" = McAfee LiveSafe – Internet Security

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2014 1:22:24 AM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BtvStack.exe, version: 8.0.1.230, time
stamp: 0x51d3bb87 Faulting module name: audio.dll, version: 8.0.1.230, time stamp:
0x51d3bc5c Exception code: 0xc0000005 Fault offset: 0x000000000001b308 Faulting process
id: 0x5d0 Faulting application start time: 0x01cfe95d9f44f690 Faulting application
path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe Faulting
module path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll
Report
Id: bd7f3c1e-5686-11e4-b2e7-90489a004c76

Error - 10/18/2014 8:04:41 PM | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BtvStack.exe, version: 8.0.1.230, time
stamp: 0x51d3bb87 Faulting module name: audio.dll, version: 8.0.1.230, time stamp:
0x51d3bc5c Exception code: 0xc0000005 Fault offset: 0x000000000001b308 Faulting process
id: 0xe84 Faulting application start time: 0x01cfeb302aaa14d8 Faulting application
path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe Faulting
module path: C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll
Report
Id: 859208f6-5723-11e4-9246-90489a004c76

Error - 10/18/2014 8:05:05 PM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2014 8:38:27 PM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/21/2014 12:17:55 AM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/22/2014 1:05:53 AM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/22/2014 12:02:18 PM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/22/2014 4:18:07 PM | Computer Name = Holly-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Microsoft
Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program
Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity
found in manifest does not match the identity of the component requested. Reference
is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition
is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/22/2014 4:18:07 PM | Computer Name = Holly-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Microsoft
Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program
Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity
found in manifest does not match the identity of the component requested. Reference
is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition
is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/23/2014 12:12:50 PM | Computer Name = Holly-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/14/2014 2:39:30 PM | Computer Name = Holly-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/14/2014 2:39:50 PM | Computer Name = Holly-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/14/2014 2:40:10 PM | Computer Name = Holly-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/14/2014 7:06:44 PM | Computer Name = Holly-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 10/15/2014 1:23:34 AM | Computer Name = Holly-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 10/15/2014 11:51:18 AM | Computer Name = Holly-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 10/15/2014 2:24:34 PM | Computer Name = Holly-PC | Source = DCOM | ID = 10016
Description =

Error - 10/16/2014 12:04:08 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/16/2014 12:21:30 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/17/2014 11:23:15 AM | Computer Name = Holly-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

< End of report >

Thank again. Will wait for next steps
Holly