Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

please help my computer

Unread postby amandarutledge » April 11th, 2014, 7:22 am

multiple problems with computer. Frequently I will get the error "windows installer cannot be accessed". I tried to use cmd prompt admin and when cmd appeared with appdata/localow after user name. found keyloggers and malware recently. screen flashes periodically. Thanks for any and all help.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/12/2013 6:54:33 AM
System Uptime: 4/11/2014 3:40:43 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 188.537 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.281 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.094 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP322: 4/4/2014 3:00:22 AM - Windows Update
RP323: 4/5/2014 3:00:24 AM - Windows Update
RP324: 4/6/2014 3:00:31 AM - Windows Update
RP325: 4/7/2014 3:00:27 AM - Windows Update
RP326: 4/8/2014 3:00:28 AM - Windows Update
RP327: 4/9/2014 3:00:20 AM - Windows Update
RP328: 4/11/2014 3:00:27 AM - Windows Update
RP329: 4/11/2014 3:28:59 AM - Revo Uninstaller's restore point - iDump Classic 2013
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
Apple Mobile Device Support
Audacity 2.0.5
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bonjour
Build-a-lot 2
Cake Mania
CCleaner
Chuzzle Deluxe
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
EaseUS Data Recovery Wizard 7.5
Escape Rosecliff Island
ESET Online Scanner v3
ESU for Microsoft Windows 7
Everyone's Legal Forms 2007
Faerie Solitaire
FATE
FFmpeg v0.6.2 for Audacity
Free Alarm Clock 2.7.1
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Quick Launch
HP Setup
HP Smart Web Printing
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0183
HP Wireless Assistant
iCare Data Recovery Free 5.4
iCloud
iDump Classic 2013
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25 (64-bit)
Jewel Quest 3
Jewel Quest Solitaire 2
LabelPrint
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Mystery P.I. - The New York Fortune
Opera Stable 20.0.1387.91
Penguins!
Picasa 3
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Quiknowledge
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.95
RtVOsd
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SketchUp 8
Synaptics Pointing Device Driver
TelevisionFanatic Internet Explorer Toolbar
TextTwist 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Virtual Families
Virtual Villagers - The Secret City
VLC media player 2.1.3
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Writer
Youtube To MP3 5.0
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
4/11/2014 5:05:40 AM, Error: Service Control Manager [7000] - The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 5:02:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
4/11/2014 4:25:36 AM, Error: Service Control Manager [7000] - The WMPNetworkSvc service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 3:43:14 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 3:41:06 AM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 3:41:02 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 3:41:00 AM, Error: Service Control Manager [7000] - The HitmanPro Scheduler service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 3:29:30 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The system cannot find the file specified.
4/11/2014 3:28:07 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/11/2014 3:28:06 AM, Error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2014 3:28:06 AM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
4/11/2014 3:28:06 AM, Error: Service Control Manager [7034] - The HP Quick Synchronization Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2014 3:02:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2901110).
4/11/2014 3:01:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2837615).
4/11/2014 3:01:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2817641).
4/11/2014 3:01:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2898855).
4/11/2014 3:01:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office Word 2007 (KB2837617).
4/11/2014 3:01:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2850022).
4/11/2014 3:01:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2932677).
4/11/2014 3:01:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by ALR4life at 6:06:54 on 2014-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1575 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\ALR4life\Desktop\FRST64.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
dRunOnce: [osk.exe] osk.exe
StartupFolder: C:\Users\ALR4life\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ALR4life\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7D71D341-D373-44E5-8A85-CE6B6CDDFD85} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7D71D341-D373-44E5-8A85-CE6B6CDDFD85}\144545431373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7D71D341-D373-44E5-8A85-CE6B6CDDFD85}\D43634F697D27657563747 : DHCPNameServer = 192.168.33.1 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-4-11 771096]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-12-23 44744]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-6-12 98208]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-28 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-28 857912]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-4-11 177680]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-5 144896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-28 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-28 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-12 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2013-6-12 1088544]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe --> C:\Program Files\HitmanPro\hmpsched.exe [?]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" --> C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2013-8-21 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2013-8-21 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2013-8-21 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2013-8-21 34304]
S3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner;C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys [2014-4-10 156360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2014-4-11 106112]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-6-12 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2013-10-24 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-15 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-04-11 08:59:34 -------- d-----w- C:\FRST
2014-04-11 08:52:44 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BD685BD-51D5-4D08-A462-739094B2CDCD}\offreg.dll
2014-04-11 08:30:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2014-04-11 08:30:29 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-04-11 08:30:28 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2014-04-11 08:24:32 -------- d-----w- C:\Program Files\stinger
2014-04-11 08:19:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-04-11 08:01:20 -------- d-----w- C:\a80bed0a8bfd706fde
2014-04-10 17:09:43 156360 ----a-w- C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys
2014-04-10 16:49:47 -------- d-----w- C:\Program Files (x86)\ESET
2014-04-09 08:00:45 -------- d-----w- C:\e6848fbf2fbf17eff48cf2f759c141
2014-04-08 12:18:23 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BD685BD-51D5-4D08-A462-739094B2CDCD}\mpengine.dll
2014-04-04 06:35:19 -------- d-----w- C:\NewFolder
2014-04-04 05:42:00 -------- d-----w- C:\Users\ALR4life\New folder (2)
2014-04-03 16:11:35 -------- d-----w- C:\Users\ALR4life\AppData\Roaming\DropboxMaster
2014-03-31 03:38:42 -------- d-----w- C:\Program Files (x86)\iCare Data Recovery Free
2014-03-30 07:53:13 -------- d-----w- C:\Program Files (x86)\EaseUS
2014-03-30 07:49:45 -------- d-----w- C:\Users\ALR4life\AppData\Local\Wondershare
2014-03-30 07:49:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2014-03-30 07:49:36 -------- d-----w- C:\Program Files (x86)\Wondershare
2014-03-30 06:34:31 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity
2014-03-29 05:10:38 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-28 20:19:28 -------- d-s---w- C:\ComboFix
2014-03-28 20:18:37 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-28 20:13:44 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-28 20:13:42 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-28 20:13:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-28 20:13:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-21 05:48:44 -------- d-----w- C:\ProgramData\LightScribe
2014-03-17 05:24:34 -------- d-----w- C:\Users\ALR4life\doc from hp
2014-03-17 04:27:30 98816 ----a-w- C:\Windows\sed.exe
2014-03-17 04:27:30 256000 ----a-w- C:\Windows\PEV.exe
2014-03-17 04:27:30 208896 ----a-w- C:\Windows\MBR.exe
2014-03-15 15:47:01 67272 ----a-w- C:\Windows\System32\drivers\360AvFlt.sys
2014-03-15 15:46:15 -------- d-sh--w- C:\360SANDBOX
.
==================== Find3M ====================
.
2014-03-19 11:22:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-19 11:22:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 6:07:40.80 ===============
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am
Advertisement
Register to Remove

Re: please help my computer

Unread postby askey127 » April 15th, 2014, 4:53 pm

Hi amandarutledge,
You don't seem to have an Antivirus program on there.
That's a problem we need to address right away.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Java 7 Update 25 (64-bit)

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Choose "Save As" and Save it to your desktop.
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.
---------------------------------------------
We need to run a scanner that can remove identified items.
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: please help my computer

Unread postby amandarutledge » April 16th, 2014, 8:52 am

I went to control panel and went to Java 7 update 25 and chose uninstall and received the popup message " windows installer could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personal for assistance." Do I continue on with the download of Security Essentials?
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby askey127 » April 16th, 2014, 9:27 am

Yes, please do.
We will remove Java another way.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: please help my computer

Unread postby amandarutledge » April 16th, 2014, 10:35 am

I was able to download Microsoft Security Essentials but when I tried to install it I got an error "cannot complete Security Essentials installation". And under that in the same window "an error prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again." On the bottom of window has error code 0x8004FF01.
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby askey127 » April 16th, 2014, 11:31 am

amandarutledge,
We need to find out why that won't install.
-----------------------------------------------------------
Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the program.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the Notepad log you just made into your next reply please.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when some text appears in the box, click Save List To File.
A message box will verify the file saved. It is important that you run the program just once..
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

So we are looking for the log from the MGA Diagnostic tool, and the content of CKFiles.txt
Use separate replies if it's more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: please help my computer

Unread postby amandarutledge » April 16th, 2014, 12:50 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {D74AB07D-3FBB-4F74-B318-8BF4D5552360}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D74AB07D-3FBB-4F74-B318-8BF4D5552360}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-2427678878-1752133602-3761299853</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP G72 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.15</Version><SMBIOSVersion major="2" minor="6"/><Date>20100426000000.000000+000</Date></BIOS><HWID>64243C07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7600.0000-1632013
Installation ID: 011105564653894243336413674900151432771344632722171013
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 4/16/2014 11:45:42 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEA6GFoF84PSnBy6/5xvPZkLPRJAsdeWUbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HPQOEM SLIC-MPC
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
ASF! HPQOEM SLIC-MPC
SLIC HPQOEM SLIC-MPC
SSDT PmRef CpuPm



CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.DMAPEZ
----- EOF -----
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby askey127 » April 17th, 2014, 5:40 am

amandarutledge,
It's critical that we get an antivirus on there before we proceed.
-------------------------------------------------------------
Download the online setup installer for Avast from here:
http://files.avast.com/iavs9x/avast_fre ... online.exe
Save it to your desktop or somewhere you can find it.

Right click the installer icon and "Run as administrator.
OK the authorization.
When the installer starts, It says Welcome to Avast;
Be sure to UNCHECK the two small checkboxes at the bottom for installing Google programs.
Then click Regular Installation and allow it to install itself.
It will take a while to install and update itself.
Allow it to finish, then have it run a scan.

Let me know how it goes. If successful, we can proceed.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: please help my computer

Unread postby amandarutledge » April 17th, 2014, 7:52 am

I was able to download and install Avast. I ran the scan and it found no threats.
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby askey127 » April 17th, 2014, 8:00 am

Amanda,
OK. Good work. Now we can go ahead.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: please help my computer

Unread postby amandarutledge » April 17th, 2014, 8:08 am

Avast did report that some files could not be scanned. Do you want me to still continue with the OTL Scanner?
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby amandarutledge » April 17th, 2014, 8:38 am

OTL Extras logfile created on: 4/17/2014 7:21:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALR4life\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 70.33% Memory free
7.81 Gb Paging File | 6.34 Gb Available in Paging File | 81.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.81 Gb Total Space | 187.16 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
Drive D: | 13.99 Gb Total Space | 2.28 Gb Free Space | 16.31% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: ALR4LIFE-PC | User Name: ALR4life | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088ED596-DF6B-48A3-87DB-7B7D73E328FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0EB2C61B-BF0B-4D03-B4D9-30D9B88AF845}" = rport=138 | protocol=17 | dir=out | app=system |
"{12B00F78-68BD-432E-8CDD-75CA35BF63FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F509854-093C-4326-8739-7A71626E196C}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FB376DD-D63C-4EAC-B5FA-DE273DDE1B51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40201179-FBFD-4B43-BCC3-BD54A694429D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{41224902-08F3-4A4B-B5C4-421562AEAF83}" = rport=137 | protocol=17 | dir=out | app=system |
"{427D0FBE-A959-4ADA-8EEF-54BE8F9BA498}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B1F00C7-9911-4788-969D-9A00A25ECE7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A481E71-D7B8-42F1-A4C9-FD48414CD9AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6199F2DC-2D76-4450-B23A-F9790B730C73}" = lport=445 | protocol=6 | dir=in | app=system |
"{64D5904F-71A1-436C-9382-17A8B2F69A3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{67E61FBA-F08E-4026-ACE4-A49483613B7D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A3FABEA-43B7-4449-A947-AAE34BB2FB30}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CF968BE-AC74-4AEF-AB75-AECA918400FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75F77005-4250-4DEC-8C44-72C5EDA634C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81B3FE71-D656-4ED6-85D7-37429A7E6C1D}" = lport=137 | protocol=17 | dir=in | app=system |
"{844C893A-2A7A-49BE-B37B-5F1F4F1144F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{890980DC-D4F8-4C55-B1F8-CDFCABE013D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{9312B35A-830A-4F50-A22E-7ECF803018FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{947ECE3F-833C-4A21-8789-ECBDEA5418F6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9C8A9720-144E-4128-ACC9-8543FAE4969D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A4A85B81-2801-475D-BD3C-A72DA854E3D7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B069149C-8A19-4784-A81D-91E6AF6B1823}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3E40564-5A13-44EA-AA71-26809533773E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B6B3F9BD-D71E-48D4-9809-BC384F710A99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7704C9D-7EA7-413B-B922-499CEE83543E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7874884-939C-4AFD-9D86-E58AD3660829}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BCF148B9-D9A0-4EEF-A362-0A00F526969C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BEB25070-1C4F-486D-A6FE-41ECD2D9D045}" = lport=138 | protocol=17 | dir=in | app=system |
"{C56F6074-923D-4950-8A49-2814223D5567}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB895B08-B053-4A2D-B326-A9A6C437A452}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CDA2371B-D5EE-43AA-9E37-AB133896DE06}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2462532-7BD0-4143-A8A8-65E683A55C77}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E77AAEC6-60C2-4A46-9522-8B713E5DC6B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECC1253C-D39E-40C5-9C71-1E787112CB9F}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDF7DA09-26D1-4801-9A92-865F1F6862E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6103752-6FE0-437F-A956-E4B851CAB545}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6BAAD98-0BEA-411A-BE4D-4070B1373C5B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F729BDB0-1B8B-4774-8647-5916496F131D}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01581367-0321-4017-B6CA-7B0D11E27746}" = protocol=17 | dir=in | app=c:\users\alr4life\appdata\roaming\dropbox\bin\dropbox.exe |
"{035E9711-11D1-4180-AF08-DC9FFB60DC19}" = protocol=6 | dir=in | app=c:\users\alr4life\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{08D90035-06EB-4FCD-BB80-E00090EB1881}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B74EB65-09A7-4D51-83EC-220653FCAD2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F14C84C-E832-4F78-82AA-41C130B73E4C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{136C918C-B7B3-4DD1-801A-12C9BB30D54D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24522C52-3263-462C-9140-856FD4B6ABCA}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{2EA09819-A7A8-45D1-A54D-6BAA7680C6D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2FA6615C-980A-4F8C-8FDA-3521C5FA0717}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{3CBFE8A7-90B3-48EB-9A91-2DE2504FF475}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{41456DAD-7CFD-4761-AAE2-0966BE62DC7B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{469DA688-B997-4288-B527-356174983ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B8283BC-CB6F-4877-B68A-E2837EB5C4EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{52587961-D468-4E51-A5FD-69D604FF0E51}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5B7F3BE4-396A-4D93-89A7-E1E6C5DF4C65}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{5D9BD74D-6796-4FFE-B6F5-E35909950614}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{682A3591-80F6-4CA8-91D7-DB46FCF25BF5}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{6B091EFD-B1D7-41EF-B20F-09A26E466EAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{708DA87A-8791-461F-9A60-643066B96B15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75806AD3-2BF5-4EE0-B8B8-D5667CB2D6A6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{80ECD327-37FD-4B49-B748-5780F3D0DAD1}" = protocol=6 | dir=in | app=c:\program files\360\360 internet security\safemon\360tray.exe |
"{8101FA32-9E43-4B61-A0F0-9690F3C5B788}" = protocol=17 | dir=in | app=c:\program files\360\360 internet security\safemon\360tray.exe |
"{8643B737-5202-4A0A-B9E3-5F3B7B15D84B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8EE00F13-6E7F-43FD-AEDA-8C1EC5319483}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{8F4BA3AB-D8D3-42B0-96C0-D3C14A71EE4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{95298AAC-0747-4671-AB7D-4AB267DF5412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9782530F-CC46-4CCE-A70E-9A2910CEAC53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A85873F0-AABD-41C8-8E42-768950DB8ABA}" = protocol=6 | dir=in | app=c:\users\alr4life\appdata\roaming\dropbox\bin\dropbox.exe |
"{ABB6966B-0949-4E32-ADAF-AB9116EC0F45}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B14A5BEA-53CF-4A5E-A45F-FA3897062349}" = protocol=17 | dir=in | app=c:\users\alr4life\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BB6208AE-FBED-4AA3-ACB6-1FB3A25ECBB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0051AEC-01AB-4E22-BDFB-06F061FF9A35}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C21AEC5F-6218-444C-9041-22040479FF4F}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{C278F638-7DBE-4233-A269-A8CCE6B5E3CF}" = protocol=6 | dir=in | app=c:\users\alr4life\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CB60C0B0-5B0F-48A1-8F12-853405910DEA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF11F889-F083-41C0-B16C-F28824E7003C}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{D04D0441-51F3-4CED-82FD-A134318EC26A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0533A3F-6CE7-4006-985A-4ED0EEC5ADFF}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{D15B00FC-9821-4136-8D1A-4FA44B35C97C}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{D1F01944-F19D-4CAD-A64A-277D1411DCC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D354AFFC-E31C-43E3-87D0-38AFE8776560}" = protocol=17 | dir=in | app=c:\users\alr4life\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D7CCC4E4-B0A9-4264-AA56-C501D3043B24}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{E1D7F330-06B0-48B3-B680-B446C58A124C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ECDD56CD-5922-4874-8FF5-5401F58164CA}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{EF795EE0-7E0D-4FB7-82F2-9864C030E099}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EFD4EEE5-9500-4FB8-BBD8-BEDB4E6B8496}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{F77C5411-C537-4FF4-B737-B2577EAB80DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{B13AEA2E-61BF-4C9C-B6BD-D06A40BA04A0}C:\users\alr4life\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alr4life\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2B75D635-6535-448C-8609-993E3526E091}C:\users\alr4life\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alr4life\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E108C69-1E6C-4623-98AF-A57F797C082C}_is1" = Youtube To MP3 5.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1726A855-4764-4439-9576-CE845A4088CE}" = iDump Classic 2013
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8C0FCCB4-F0E2-4585-8166-EB7488CD1E88}" = LeapFrog Connect
"{8DDC435C-29CA-483C-A396-98BE8D4EFC2C}" = LeapFrog Leapster Explorer Plugin
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.5
"Avast" = avast! Free Antivirus
"EaseUS Data Recovery Wizard 7.5_is1" = EaseUS Data Recovery Wizard 7.5
"ESET Online Scanner" = ESET Online Scanner v3
"Everyone's Legal Forms Professional Edition_is1" = Everyone's Legal Forms 2007
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"iCare Data Recovery Free_is1" = iCare Data Recovery Free 5.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"Mozilla Thunderbird 24.3.0 (x86 en-US)" = Mozilla Thunderbird 24.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"Picasa 3" = Picasa 3
"Quiknowledge" = Quiknowledge
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"TelevisionFanaticbar Uninstall Internet Explorer" = TelevisionFanatic Internet Explorer Toolbar
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 2.1.3
"WildTangent hp Master Uninstall" = HP Games
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2014 12:41:15 AM | Computer Name = ALR4life-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RealPlay.exe, version: 16.0.3.51, time
stamp: 0x520c1e46 Faulting module name: dmp4.dll, version: 16.0.3.51, time stamp:
0x520c1daf Exception code: 0xc0000005 Fault offset: 0x000118ff Faulting process id:
0xc40 Faulting application start time: 0x01cf56d23a9d1d68 Faulting application path:
c:\program files (x86)\real\realplayer\RealPlay.exe Faulting module path: c:\program
files (x86)\real\realplayer\codecs\dmp4.dll Report Id: d875e36b-c2c5-11e3-92be-c80aa9c96983

Error - 4/13/2014 12:58:32 AM | Computer Name = ALR4life-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RealPlay.exe, version: 16.0.3.51, time
stamp: 0x520c1e46 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6a82cc49 Faulting process id: 0xfd8 Faulting application
start time: 0x01cf56d2a8d02411 Faulting application path: c:\program files (x86)\real\realplayer\RealPlay.exe
Faulting
module path: unknown Report Id: 42575cfa-c2c8-11e3-92be-c80aa9c96983

Error - 4/13/2014 1:31:28 AM | Computer Name = ALR4life-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/14/2014 1:31:59 AM | Computer Name = ALR4life-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/15/2014 1:43:15 AM | Computer Name = ALR4life-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/16/2014 1:32:19 AM | Computer Name = ALR4life-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/16/2014 10:34:55 AM | Computer Name = ALR4life-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF01 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x8004FF01.

Error - 4/16/2014 10:39:49 AM | Computer Name = ALR4life-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RealPlay.exe, version: 16.0.3.51, time
stamp: 0x520c1e46 Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0,
time stamp: 0x5180f322 Exception code: 0xc0000005 Fault offset: 0x68cfcc49 Faulting
process id: 0x788 Faulting application start time: 0x01cf5981af5b03a2 Faulting application
path: c:\program files (x86)\real\realplayer\RealPlay.exe Faulting module path:
QuickTime.qts Report Id: f62a775a-c574-11e3-bbca-c80aa9c96983

Error - 4/17/2014 1:32:35 AM | Computer Name = ALR4life-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/17/2014 1:34:09 AM | Computer Name = ALR4life-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\ALR4life\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Hewlett-Packard Events ]
Error - 4/11/2014 10:23:23 PM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 20 TargetSite: System.String get_HealthCheckPath()

Error - 4/11/2014 10:23:23 PM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 20 TargetSite: System.String get_HealthCheckPath()

Error - 4/11/2014 10:23:23 PM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 20 TargetSite: System.String get_HealthCheckPath()

Error - 4/11/2014 10:23:23 PM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 20 TargetSite: System.String get_HealthCheckPath()

Error - 4/11/2014 10:23:23 PM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 20 TargetSite: System.String get_HealthCheckPath()

Error - 4/15/2014 12:15:54 AM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 40 TargetSite: System.String get_HealthCheckPath()

Error - 4/15/2014 12:15:55 AM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 40 TargetSite: System.String get_HealthCheckPath()

Error - 4/15/2014 12:15:55 AM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 40 TargetSite: System.String get_HealthCheckPath()

Error - 4/15/2014 12:15:55 AM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 40 TargetSite: System.String get_HealthCheckPath()

Error - 4/15/2014 12:15:56 AM | Computer Name = ALR4life-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()

at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckPath()
at HP.SupportFramework.Common.AppProperties.ACLMCommon.get_HealthCheckGuidPath()

at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Common Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: 40 TargetSite: System.String get_HealthCheckPath()

[ Media Center Events ]
Error - 4/13/2014 8:50:47 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 7:50:46 AM - Error connecting to the internet. 7:50:46 AM - Unable
to contact server..

Error - 4/13/2014 5:48:07 PM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 4:48:07 PM - Error connecting to the internet. 4:48:07 PM - Unable
to contact server..

Error - 4/13/2014 5:48:13 PM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 4:48:12 PM - Error connecting to the internet. 4:48:12 PM - Unable
to contact server..

Error - 4/15/2014 4:05:03 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 3:05:00 AM - Error connecting to the internet. 3:05:00 AM - Unable
to contact server..

Error - 4/15/2014 5:05:08 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 4:05:08 AM - Error connecting to the internet. 4:05:08 AM - Unable
to contact server..

Error - 4/15/2014 5:05:14 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 4:05:13 AM - Error connecting to the internet. 4:05:13 AM - Unable
to contact server..

Error - 4/15/2014 6:05:19 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 5:05:19 AM - Error connecting to the internet. 5:05:19 AM - Unable
to contact server..

Error - 4/15/2014 6:05:25 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 5:05:24 AM - Error connecting to the internet. 5:05:24 AM - Unable
to contact server..

Error - 4/15/2014 7:05:30 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 6:05:30 AM - Error connecting to the internet. 6:05:30 AM - Unable
to contact server..

Error - 4/15/2014 7:05:36 AM | Computer Name = ALR4life-PC | Source = MCUpdate | ID = 0
Description = 6:05:35 AM - Error connecting to the internet. 6:05:35 AM - Unable
to contact server..

[ System Events ]
Error - 4/17/2014 4:02:52 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:52 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:52 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:52 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:52 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:52 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:53 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 4:02:54 AM | Computer Name = ALR4life-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2901110).

Error - 4/17/2014 4:23:20 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 4/17/2014 7:19:09 AM | Computer Name = ALR4life-PC | Source = Service Control Manager | ID = 7000
Description = The cxmfvzox service failed to start due to the following error: %%2


< End of report >
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby amandarutledge » April 17th, 2014, 8:39 am

OTL logfile created on: 4/17/2014 7:21:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALR4life\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 70.33% Memory free
7.81 Gb Paging File | 6.34 Gb Available in Paging File | 81.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.81 Gb Total Space | 187.16 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
Drive D: | 13.99 Gb Total Space | 2.28 Gb Free Space | 16.31% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: ALR4LIFE-PC | User Name: ALR4life | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/17 07:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ALR4life\Desktop\OTL.exe
PRC - [2014/04/17 06:26:06 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/17 06:26:06 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/17 18:55:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/01 12:35:30 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/17 06:26:06 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2010/02/22 13:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 13:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 13:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/04/17 06:26:06 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/11 03:30:27 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/03/31 03:16:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/19 06:22:29 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/01 12:35:30 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/17 06:26:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/17 06:26:07 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/17 06:26:07 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/17 06:26:07 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/17 06:26:07 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/04/17 06:26:07 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/17 06:26:07 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/11 03:30:27 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/04/11 03:30:27 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2014/04/10 12:09:43 | 000,156,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESETOlmarikOlmascoCleaner.sys -- (ESETOlmarikOlmascoCleaner)
DRV:64bit: - [2013/11/27 10:38:44 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/11/13 05:51:44 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/11/13 05:49:06 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/05/06 09:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/02 16:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2012/03/02 16:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2012/03/02 16:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2012/03/02 16:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/03/05 14:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ED829130-90CE-420F-9CC8-0AEBEB4D9E0E}
IE:64bit: - HKLM\..\SearchScopes\{0ED85345-D725-4656-A14B-DD1874755282}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{ED829130-90CE-420F-9CC8-0AEBEB4D9E0E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0ED85345-D725-4656-A14B-DD1874755282}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{ED829130-90CE-420F-9CC8-0AEBEB4D9E0E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD AD F3 1D D3 FE CE 01 [binary data]
IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\..\SearchScopes,DefaultScope = {ED829130-90CE-420F-9CC8-0AEBEB4D9E0E}
IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/19 21:50:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/29 14:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/29 14:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/17 06:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/12 11:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Extensions
[2014/03/31 03:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\extensions
[2014/03/20 11:01:14 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\extensions\artur.dubovoy@gmail.com
[2014/03/19 06:28:00 | 000,170,819 | ---- | M] () (No name found) -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi
[2014/03/04 17:55:37 | 000,001,449 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\100-search-engines.xml
[2013/07/26 08:01:09 | 000,001,793 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\Bing.xml
[2014/03/04 17:56:05 | 000,001,614 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\dogpile.xml
[2014/03/04 17:54:33 | 000,001,874 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\duckduckgo.xml
[2014/03/07 21:30:21 | 000,001,752 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\eccellio-science.xml
[2014/03/04 17:55:56 | 000,000,816 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\facebook-search.xml
[2014/03/04 17:55:06 | 000,004,855 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\google-images.xml
[2014/03/07 21:31:37 | 000,002,070 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\privatelee-https.xml
[2014/03/07 21:30:34 | 000,002,123 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\qrobeit.xml
[2014/03/07 21:32:36 | 000,003,790 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\radio-online.xml
[2014/03/07 21:32:48 | 000,001,539 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\thesaurus---referencecom.xml
[2014/03/31 03:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/31 03:16:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/31 03:16:15 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language},
CHR - homepage: http://mysearch.avg.com/?cid={8102C2BB-329F-4293-A103-9E55508ED1EF}&mid=dee5d48ec81d47d38a0a1943ef2d8070-9477b8438277e65baceeef65ebf6b167ed5b373a&lang=en&ds=dn011&pr=sa&d=2013-06-15 16:57:50&v=15.2.0.5&pid=safeguard&sg=0&sap=hp
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: The Beauty Book = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiehabhniopmmjabhidpigmfncnfnche\1.0.0.1_0\
CHR - Extension: TV = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: Strawberry Pal Menstrual Calendar = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmeafmbadejchdjffdbdjdkcgfmlhjmh\0.9.2_0\
CHR - Extension: CashControl = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmlemijlafnipidpkcdfopieocaadjji\1.8_0\
CHR - Extension: HelloFax: 50 Free Fax Pages = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.20_0\
CHR - Extension: Fight Depression! = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpcanhncamomjgapncfnedcimpcmlbnf\1.0.0.1_0\
CHR - Extension: Cash Organizer = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppdehaogjdmkkiaiokmjdjmjnjicddk\2.0.0.77_0\
CHR - Extension: WEEK PLAN = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\caggnmlckgjpgpgpgjeobdcfgbkefioo\2.3_0\
CHR - Extension: SlickTasks = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\cilfofbacaplmfmfbdgfdphmfdljnioc\1.0.0.0_0\
CHR - Extension: Timout - Time Management = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekpabfaimofbinkbjlgdkkecodejmbf\0.3_0\
CHR - Extension: Video Downloader professional = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.43_0\
CHR - Extension: Wunderlist - To-do and Task list = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\2.3.7.0_0\
CHR - Extension: Wunderlist - To-do and Task list = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\2.3.7.3_0\
CHR - Extension: Court Records = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldmpfhmlhlbbbmgpononlchkmgnjmii\2.5_0\
CHR - Extension: Beauty and anti-aging secrets = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbjpdbmnfpbcplagojnpoeikmalaemi\1.0.0.1_0\
CHR - Extension: avast! Online Security = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: GoAnimate for Schools = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpaebfogajhndljeplcmjicfjcdddf\1.0.2_0\
CHR - Extension: Zillow = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh\1.2_0\
CHR - Extension: Personal Trainer - Yoga = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjigbeknhpeholihfbnpmofgfnobdllk\1.0_0\
CHR - Extension: Surveyjury.com = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkffdnlpdklagcijcdapjdhjhpbdnnac\0.1_0\
CHR - Extension: KIDO'Z TV = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0\
CHR - Extension: Success Quotes = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\jolndiondpgkiadiddddhoghgcalmeop\1.0.0.0_0\
CHR - Extension: CashBase = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\klehkbljbmijfgbokipcjeialaonhjlc\2.0.0_0\
CHR - Extension: FVD Downloader = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.7.7_0\
CHR - Extension: Manage your life now = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpjljkmnlofkkieakmjpgbmgppdfldj\0.0.0.1_0\
CHR - Extension: Home Remedies = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfickcipmookfdkloejeolilefhjmaje\0.1_0\
CHR - Extension: Finance41 Personal Finance Manager = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbgkhncobohkmgdjdiijlbgjidpnnkcd\2.0.0.5_0\
CHR - Extension: Google Wallet = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Transcribe: transcribe audio/interviews fast! = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\2.0.4_0\
CHR - Extension: Foreclosure and RTO Homes (Rent To Own) = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpbcdmhelgenakfbfanbebkdahokioc\1.0.1_0\
CHR - Extension: Birdhouse for Autism = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\omehdhccbjjobcofeeloidmnmilefdhp\2.0_0\
CHR - Extension: Moosti = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdkkfpnoobbihpjbophkgcibemmmidhk\1.0.4_0\
CHR - Extension: Simply Recipes = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkkbopifpbfgacfpbemlgpeimkfdnok\0.2_0\
CHR - Extension: Learn Alphabet and Numbers = C:\Users\ALR4life\AppData\Local\Google\Chrome\User Data\Default\Extensions\podikmghblokmmdgoilcnnpgogaocoal\1.0.1_0\

O1 HOSTS File: ([2014/03/16 23:37:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave File not found
O4 - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\.DEFAULT..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ALR4life\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ALR4life\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D71D341-D373-44E5-8A85-CE6B6CDDFD85}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/17 07:16:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ALR4life\Desktop\OTL.exe
[2014/04/17 06:44:37 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\AppData\Roaming\AVAST Software
[2014/04/17 06:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/17 06:26:10 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/17 06:26:10 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/17 06:26:10 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/17 06:26:09 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/17 06:26:09 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/17 06:26:09 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/17 06:26:07 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/17 06:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/17 06:18:28 | 004,732,664 | ---- | C] (AVAST Software) -- C:\Users\ALR4life\Desktop\avast_free_antivirus_setup_online (1).exe
[2014/04/17 03:01:59 | 000,000,000 | ---D | C] -- C:\93549df98a605d65f3e63aef
[2014/04/17 03:01:09 | 000,000,000 | ---D | C] -- C:\dffa4099759fedf1bac43b46fc034a0c
[2014/04/17 03:00:58 | 000,000,000 | ---D | C] -- C:\4aa361896ba96695f8a823
[2014/04/16 11:46:02 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/04/16 11:45:19 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\ALR4life\Desktop\MGADiag (1).exe
[2014/04/16 09:35:03 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\Desktop\cleanup of desktop
[2014/04/16 09:27:02 | 000,000,000 | ---D | C] -- C:\87d06219c22e7211f9d0328502e5d19f
[2014/04/16 09:25:58 | 013,829,304 | ---- | C] (Microsoft Corporation) -- C:\Users\ALR4life\Desktop\mseinstall.exe
[2014/04/16 03:00:47 | 000,000,000 | ---D | C] -- C:\1f0bd696a929dcaa88361d44154641b0
[2014/04/16 03:00:37 | 000,000,000 | ---D | C] -- C:\510c2a71af061c3b25d8
[2014/04/15 03:00:48 | 000,000,000 | ---D | C] -- C:\fd268336ab19b1396ecd8fc1bc34
[2014/04/11 03:59:34 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/11 03:58:57 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\ALR4life\Desktop\FRST64.exe
[2014/04/11 03:30:30 | 000,106,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2014/04/11 03:30:29 | 000,771,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2014/04/11 03:30:28 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2014/04/11 03:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/04/11 03:23:24 | 012,763,168 | ---- | C] (McAfee Inc) -- C:\Users\ALR4life\Desktop\stinger64.exe
[2014/04/11 03:20:45 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\AppData\Roaming\vlc
[2014/04/11 03:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/04/11 03:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/04/11 03:01:20 | 000,000,000 | ---D | C] -- C:\a80bed0a8bfd706fde
[2014/04/10 11:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/10 11:49:33 | 002,347,384 | ---- | C] (ESET) -- C:\Users\ALR4life\Desktop\esetsmartinstaller_enu.exe
[2014/04/09 03:00:45 | 000,000,000 | ---D | C] -- C:\e6848fbf2fbf17eff48cf2f759c141
[2014/04/04 01:35:19 | 000,000,000 | ---D | C] -- C:\NewFolder
[2014/04/04 00:42:00 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\New folder (2)
[2014/04/03 11:11:35 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\AppData\Roaming\DropboxMaster
[2014/04/02 09:57:08 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\ALR4life\Desktop\JRT_NEW.exe
[2014/03/31 03:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/30 22:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCare Data Recovery Free
[2014/03/30 22:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iCare Data Recovery Free
[2014/03/30 02:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.5
[2014/03/30 02:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2014/03/30 02:49:56 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\Documents\My Data Files
[2014/03/30 02:49:45 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\AppData\Local\Wondershare
[2014/03/30 02:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2014/03/30 02:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2014/03/30 01:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ffmpeg For Audacity
[2014/03/29 00:10:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/28 15:19:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/28 15:18:37 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/28 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/28 15:13:44 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/28 15:13:42 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/28 15:13:42 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/28 15:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/03/28 15:12:13 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALR4life\Desktop\mbam-setup-2.0.0.1000.exe
[2014/03/26 21:45:57 | 137,699,152 | ---- | C] (Apple Inc.) -- C:\Users\ALR4life\Desktop\iTunesSetup.exe
[2014/03/21 00:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe

========== Files - Modified Within 30 Days ==========

[2014/04/17 07:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ALR4life\Desktop\OTL.exe
[2014/04/17 06:46:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_ALR4life.job
[2014/04/17 06:26:42 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/17 06:26:07 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/17 06:26:07 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/17 06:26:07 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/17 06:26:07 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/17 06:26:07 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/17 06:26:07 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/17 06:26:07 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/17 06:26:07 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/17 06:26:07 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/17 06:18:57 | 004,732,664 | ---- | M] (AVAST Software) -- C:\Users\ALR4life\Desktop\avast_free_antivirus_setup_online (1).exe
[2014/04/16 12:18:51 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 12:18:51 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/16 11:47:10 | 000,468,480 | ---- | M] () -- C:\Users\ALR4life\Desktop\CKScanner.exe
[2014/04/16 11:45:24 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\ALR4life\Desktop\MGADiag (1).exe
[2014/04/16 09:34:55 | 000,002,115 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/16 09:26:58 | 013,829,304 | ---- | M] (Microsoft Corporation) -- C:\Users\ALR4life\Desktop\mseinstall.exe
[2014/04/16 07:46:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_ALR4life.job
[2014/04/15 14:25:03 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALR4life.job
[2014/04/14 23:16:02 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/14 23:16:02 | 000,662,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/14 23:16:02 | 000,122,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/14 23:10:55 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_ALR4life.job
[2014/04/14 23:10:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/14 23:10:21 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/11 14:47:48 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/11 03:59:07 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\ALR4life\Desktop\FRST64.exe
[2014/04/11 03:30:27 | 000,771,096 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2014/04/11 03:30:27 | 000,177,680 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2014/04/11 03:30:27 | 000,106,112 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2014/04/11 03:25:20 | 000,000,116 | RH-- | M] () -- C:\Users\ALR4life\Desktop\Stinger.opt
[2014/04/11 03:24:26 | 012,763,168 | ---- | M] (McAfee Inc) -- C:\Users\ALR4life\Desktop\stinger64.exe
[2014/04/11 03:19:30 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/11 03:18:53 | 024,677,393 | ---- | M] () -- C:\Users\ALR4life\Desktop\vlc-2.1.3-win32.exe
[2014/04/10 12:09:43 | 000,156,360 | ---- | M] () -- C:\Windows\SysNative\drivers\ESETOlmarikOlmascoCleaner.sys
[2014/04/10 11:49:41 | 002,347,384 | ---- | M] (ESET) -- C:\Users\ALR4life\Desktop\esetsmartinstaller_enu.exe
[2014/04/06 01:36:06 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\ALR4life\Desktop\JRT_NEW.exe
[2014/04/05 23:59:49 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 11:11:37 | 000,001,057 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/02 09:51:12 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/30 22:38:44 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\iCare Data Recovery Software.lnk
[2014/03/30 19:24:35 | 002,469,824 | ---- | M] () -- C:\Users\ALR4life\Desktop\AdobeDownloadAssistant.exe
[2014/03/30 02:53:16 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 7.5.lnk
[2014/03/28 15:13:20 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALR4life\Desktop\mbam-setup-2.0.0.1000.exe
[2014/03/26 21:54:51 | 137,699,152 | ---- | M] (Apple Inc.) -- C:\Users\ALR4life\Desktop\iTunesSetup.exe
[2014/03/26 08:36:06 | 000,003,216 | ---- | M] () -- C:\Users\ALR4life\Documents\-6356180677049974192_256.cache
[2014/03/21 04:45:18 | 356,088,312 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/19 13:14:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/19 11:19:52 | 000,006,918 | ---- | M] () -- C:\Users\ALR4life\Desktop\w7-msiserver.reg
[2014/03/19 06:22:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/19 06:22:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/19 05:44:29 | 000,003,591 | ---- | M] () -- C:\Users\ALR4life\Desktop\Msirepair.reg

========== Files Created - No Company Name ==========

[2014/04/17 06:26:42 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/17 06:26:10 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/17 06:26:09 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/16 11:47:09 | 000,468,480 | ---- | C] () -- C:\Users\ALR4life\Desktop\CKScanner.exe
[2014/04/16 09:01:46 | 000,444,471 | ---- | C] () -- C:\Users\ALR4life\Desktop\IMG434.jpg
[2014/04/11 03:24:32 | 000,000,116 | RH-- | C] () -- C:\Users\ALR4life\Desktop\Stinger.opt
[2014/04/11 03:19:30 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/04/11 03:16:52 | 024,677,393 | ---- | C] () -- C:\Users\ALR4life\Desktop\vlc-2.1.3-win32.exe
[2014/04/10 12:09:43 | 000,156,360 | ---- | C] () -- C:\Windows\SysNative\drivers\ESETOlmarikOlmascoCleaner.sys
[2014/03/30 22:38:44 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\iCare Data Recovery Software.lnk
[2014/03/30 19:24:23 | 002,469,824 | ---- | C] () -- C:\Users\ALR4life\Desktop\AdobeDownloadAssistant.exe
[2014/03/30 02:53:16 | 000,001,228 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 7.5.lnk
[2014/03/28 15:13:51 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/26 16:22:02 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_ALR4life.job
[2014/03/26 16:22:02 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_ALR4life.job
[2014/03/26 16:22:02 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_ALR4life.job
[2014/03/26 08:36:06 | 000,003,216 | ---- | C] () -- C:\Users\ALR4life\Documents\-6356180677049974192_256.cache
[2014/03/21 04:45:17 | 356,088,312 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/03/16 23:56:06 | 029,873,626 | ---- | C] () -- C:\Users\ALR4life\Cute Hot Babe Whore Gets 2 - Porn Video.mp4
[2014/03/16 23:55:15 | 000,001,043 | ---- | C] () -- C:\Users\ALR4life\Burgler_s_Enjoying_Young_Girls_2035936 - Shortcut.lnk
[2014/03/16 23:55:11 | 000,000,988 | ---- | C] () -- C:\Users\ALR4life\Cherry_Busters_1985_2048385 - Shortcut.lnk
[2014/03/16 23:27:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/16 23:27:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/16 23:27:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/16 23:27:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/16 23:27:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/05 21:39:04 | 000,007,599 | ---- | C] () -- C:\Users\ALR4life\AppData\Local\Resmon.ResmonCfg
[2014/03/03 06:38:34 | 000,001,097 | ---- | C] () -- C:\Users\ALR4life\Documents - Shortcut.lnk
[2013/12/02 14:07:12 | 000,000,218 | ---- | C] () -- C:\Users\ALR4life\AppData\Local\recently-used.xbel
[2013/11/14 20:21:44 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/08 05:07:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/03 14:55:28 | 000,000,790 | ---- | C] () -- C:\Users\ALR4life\AppData\Roaming\wklnhst.dat
[2013/08/26 07:35:37 | 000,253,952 | ---- | C] () -- C:\Windows\msfxinfz.dat
[2013/06/18 22:58:51 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/18 22:41:25 | 000,000,632 | RHS- | C] () -- C:\Users\ALR4life\ntuser.pol
[2013/06/18 13:38:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/06/18 13:38:02 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/06/12 07:31:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/06/12 07:27:38 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2013/06/12 07:27:38 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/15 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\aaaaaaa\AppData\Roaming\360safe
[2014/03/15 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\aaaaaaa\AppData\Roaming\360SD
[2013/06/18 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\.minecraft
[2014/03/31 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Audacity
[2014/04/17 06:44:37 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\AVAST Software
[2013/06/15 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Dextronet
[2014/04/15 02:30:17 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Dropbox
[2014/04/03 11:11:35 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\DropboxMaster
[2013/11/24 10:38:01 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Eendsoft
[2013/07/18 09:23:39 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\EscSoft
[2013/06/15 17:28:43 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\FreePriceAlerts
[2013/08/10 11:42:40 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\muvee Technologies
[2014/02/16 03:16:11 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Opera Software
[2013/07/15 11:11:36 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Oracle
[2013/06/12 07:00:20 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\PictureMover
[2013/07/28 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Python-Eggs
[2013/10/24 00:18:41 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Samsung
[2013/06/18 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\SketchUp
[2013/10/03 14:55:30 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Template
[2014/02/16 03:16:13 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Thunderbird
[2013/06/27 09:00:04 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\Tific
[2013/11/14 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\VSRevoGroup
[2013/07/18 09:49:09 | 000,000,000 | ---D | M] -- C:\Users\ALR4life\AppData\Roaming\WindSolutions

========== Purity Check ==========



< End of report >
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am

Re: please help my computer

Unread postby askey127 » April 17th, 2014, 10:17 am

Amanda,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the words "Code"or "Select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    DRV:64bit: - [2013/11/13 05:51:44 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
    DRV:64bit: - [2013/11/13 05:49:06 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
    SRV:64bit: - [2014/04/11 03:30:27 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    IE:64bit: - HKLM\..\SearchScopes\{0ED85345-D725-4656-A14B-DD1874755282}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{0ED85345-D725-4656-A14B-DD1874755282}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
    FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found
    [2014/03/04 17:56:05 | 000,001,614 | ---- | M] () -- C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\dogpile.xml
    [2014/03/31 03:16:15 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
    [2014/04/11 03:30:30 | 000,106,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2014/04/11 03:30:29 | 000,771,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
    [2014/04/11 03:30:28 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2014/04/11 03:23:24 | 012,763,168 | ---- | C] (McAfee Inc) -- C:\Users\ALR4life\Desktop\stinger64.exe
    [2014/03/30 02:49:45 | 000,000,000 | ---D | C] -- C:\Users\ALR4life\AppData\Local\Wondershare
    [2014/03/30 02:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
    [2014/03/30 02:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    
    :Files
    C:\Program Files (x86)\TelevisionFanatic
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • That is the FIX log file. Copy the contents of that file and post it in your next reply.
    It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: please help my computer

Unread postby amandarutledge » April 17th, 2014, 12:50 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: Unable to stop service taphss6!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\taphss6 deleted successfully.
C:\Windows\SysNative\drivers\taphss6.sys moved successfully.
Service HssDRV6 stopped successfully!
Service HssDRV6 deleted successfully!
C:\Windows\SysNative\drivers\hssdrv6.sys moved successfully.
Error: No service named mfevtp was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfevtp deleted successfully.
C:\Windows\SysNative\mfevtps.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ED85345-D725-4656-A14B-DD1874755282}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED85345-D725-4656-A14B-DD1874755282}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ED85345-D725-4656-A14B-DD1874755282}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED85345-D725-4656-A14B-DD1874755282}\ not found.
HKU\S-1-5-21-2427678878-1752133602-3761299853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin\ deleted successfully.
C:\Users\ALR4life\AppData\Roaming\Mozilla\Firefox\Profiles\1mrkiljb.default\searchplugins\dogpile.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\skin folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com folder moved successfully.
C:\Windows\SysNative\drivers\mferkdet.sys moved successfully.
C:\Windows\SysNative\drivers\mfehidk.sys moved successfully.
File C:\Windows\SysNative\mfevtps.exe not found.
C:\Users\ALR4life\Desktop\stinger64.exe moved successfully.
C:\Users\ALR4life\AppData\Local\Wondershare\WSHelper folder moved successfully.
C:\Users\ALR4life\AppData\Local\Wondershare folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\log\Data\Room\829\4.5.0\data folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\log\Data\Room\829\4.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\log\Data\Room\829 folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\log\Data\Room folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\log\Data folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\log folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact folder moved successfully.
C:\Program Files (x86)\Common Files\Wondershare folder moved successfully.
C:\Program Files (x86)\Wondershare folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\TelevisionFanatic not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALR4life\Desktop\cmd.bat deleted successfully.
C:\Users\ALR4life\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: aaaaaaa

User: Administrator

User: All Users

User: ALR4life
->Java cache emptied: 339657 bytes

User: Amanda Rutledge

User: Default

User: Default User

User: Guest

User: NICK

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: aaaaaaa
->Flash cache emptied: 1025 bytes

User: Administrator

User: All Users

User: ALR4life
->Flash cache emptied: 48858 bytes

User: Amanda Rutledge

User: Default

User: Default User

User: Guest
->Flash cache emptied: 11803 bytes

User: NICK

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: aaaaaaa
->Temp folder emptied: 200737 bytes
->Temporary Internet Files folder emptied: 10472161 bytes
->FireFox cache emptied: 17776026 bytes
->Google Chrome cache emptied: 23069002 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: ALR4life
->Temp folder emptied: 100568383 bytes
->Temporary Internet Files folder emptied: 96498132 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 343796418 bytes
->Google Chrome cache emptied: 367743316 bytes
->Flash cache emptied: 0 bytes

User: Amanda Rutledge

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 54272 bytes
->FireFox cache emptied: 381816151 bytes
->Google Chrome cache emptied: 7008598 bytes
->Flash cache emptied: 0 bytes

User: NICK
->Temp folder emptied: 3116452 bytes
->Temporary Internet Files folder emptied: 15146530 bytes
->Google Chrome cache emptied: 190371229 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73045822 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52643613 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,605.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04172014_094822

Files\Folders moved on Reboot...
C:\Users\ALR4life\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ALR4life\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
amandarutledge
Regular Member
 
Posts: 21
Joined: April 11th, 2014, 7:02 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 124 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware