Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zBot(Zeus) + various other spyware-What to do?


  • This topic is locked This topic is locked
20 replies to this topic

#1 Indecline1988

Indecline1988

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 09 May 2014 - 03:05 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:26:41 PM, on 5/2/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19518)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\amy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3239904&CUI=UN12870554981419524
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: ActiveMail - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Users\amy\Desktop\ActiveMailBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WNA1100 Genie.lnk = ?
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files\iSafe\iSafeSvc.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 9530 bytes

EDIT to add note below to member.
 
PM also sent to member: 
 

@Indecline 1988, 

 

Disconnect the machine from the Internet immediately, please. The zBot infection is known for installing ransomeware that encrypts your data. 

 

Someone should be along shortly to assist you further. 

 

Thank you, 

 

~Stolen


Edited by Stolen, 09 May 2014 - 04:06 PM.
request per zingo to contact member


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 10 May 2014 - 06:49 AM

Hello and Welcome on board Indecline1988 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

HJT is outdated, so we will use another tool.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 May 2014 - 03:10 PM

OTL.Txt

 

OTL logfile created on: 5/8/2014 5:28:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
957.76 Mb Total Physical Memory | 554.98 Mb Available Physical Memory | 57.95% Memory free
2.12 Gb Paging File | 1.87 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 212.32 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.09 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
 
Computer Name: AMY-PC | User Name: amy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/08 05:14:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/15 18:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2014/05/01 16:00:11 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/23 06:17:31 | 000,118,056 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Stopped] -- C:\Program Files\iSafe\iSafeSvc.exe -- (iSafeService)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2011/07/28 17:06:20 | 000,297,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/03/22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 12:22:36 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/04/23 06:20:11 | 000,052,056 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
DRV - [2014/04/23 06:20:10 | 000,059,392 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\iSafe\iSafeKrnlKit.sys -- (iSafeKrnlKit)
DRV - [2014/04/23 06:20:06 | 000,038,912 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys -- (iSafeKrnlBoot)
DRV - [2014/04/23 06:20:05 | 000,202,240 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | On_Demand | Stopped] -- C:\Program Files\iSafe\iSafeKrnl.sys -- (iSafeKrnl)
DRV - [2011/07/22 10:35:16 | 000,021,472 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/12/18 13:42:00 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/12/18 13:42:00 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/10/10 19:48:00 | 001,439,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/08/29 12:22:58 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2007/08/29 12:22:58 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2007/08/29 12:22:58 | 000,180,632 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2007/08/29 12:22:58 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2007/08/29 12:22:58 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007/08/29 12:22:58 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2007/08/29 12:22:58 | 000,024,184 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2007/08/29 12:22:57 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007/04/19 14:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/15 09:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1
IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGman000&ptb=FA2130C3-8CCC-4651-B69C-400F72BB8B96&ind=2012012912&ptnrS=RGman000&si=&n=77ece170&psa=&st=sb&searchfor={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/05 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
 
File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
File not found (No name found) -- C:\PROGRAM FILES\MEDIAVIEWV1\MEDIAVIEWV1ALPHA9210\FF
File not found (No name found) -- C:\PROGRAM FILES\MEDIAWATCHV1\MEDIAWATCHV1HOME6635\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=00564C2C-8211-4B07-B3FB-CFAE2BDE671D&apn_ptnrs=TV&apn_sauid=881C6827-63D2-4196-96E6-30B17855B179&apn_dtid=OSJ000YYUS&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\amy\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\amy\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\amy\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Retrogamer Installer Plugin Stub (Enabled) = C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\Retrogamer_4w\bar\1.bin\NP4wStub.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live? Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Google Update (Enabled) = C:\Users\amy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Advanced SystemCare Surfing Protection = \Users\amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = \Users\amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - No CLSID value found.
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Windows\System32\config\RegBack\COMPONENTS ()
O4 - Startup: C:\Windows\System32\config\RegBack\COMPONENTS.LOG1 ()
O4 - Startup: C:\Windows\System32\config\RegBack\COMPONENTS.LOG2 ()
O4 - Startup: C:\Windows\System32\config\RegBack\COMPONENTS.OLD ()
O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT ()
O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT.LOG1 ()
O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT.LOG2 ()
O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT.OLD ()
O4 - Startup: C:\Windows\System32\config\RegBack\SAM ()
O4 - Startup: C:\Windows\System32\config\RegBack\SAM.LOG1 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SAM.LOG2 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SAM.OLD ()
O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY ()
O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY.LOG1 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY.LOG2 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY.OLD ()
O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE ()
O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE.LOG1 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE.LOG2 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE.OLD ()
O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM ()
O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM.LOG1 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM.LOG2 ()
O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM.OLD ()
O4 - Startup: C:\Windows\System32\config\systemprofile\AppData [2006/11/02 09:01:48 | 000,000,000 | --SD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Application Data [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Contacts [2007/10/18 00:48:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Cookies [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Desktop [2014/05/08 05:14:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Documents [2014/05/06 02:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Downloads [2014/05/06 02:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Favorites [2014/05/08 05:05:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Links [2014/05/06 02:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Local Settings [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Music [2014/05/06 02:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\My Documents [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\NetHood [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat ()
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG ()
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 ()
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2 ()
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat{9ad3374f-70be-11db-ab36-806e6f6e6963}.TM.blf ()
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat{9ad3374f-70be-11db-ab36-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat{9ad3374f-70be-11db-ab36-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\systemprofile\Pictures [2014/05/06 02:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\PrintHood [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Recent [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Saved Games [2014/05/06 02:29:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Searches [2014/05/06 02:29:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\SendTo [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Start Menu [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Templates [2014/05/06 02:29:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Windows\System32\config\systemprofile\Videos [2014/05/06 02:29:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761df-b751-11e1-afbc-806e6f6e6963}.TxR.0.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761df-b751-11e1-afbc-806e6f6e6963}.TxR.1.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761df-b751-11e1-afbc-806e6f6e6963}.TxR.2.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761df-b751-11e1-afbc-806e6f6e6963}.TxR.blf ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761e0-b751-11e1-afbc-806e6f6e6963}.TM.blf ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761e0-b751-11e1-afbc-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\System32\config\TxR\{8d3761e0-b751-11e1-afbc-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.202.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3AB2DD-5167-42A6-94D2-80303E3724DB}: DhcpNameServer = 192.168.0.1 205.171.202.166
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
16.CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/08 04:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/05/06 02:29:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Saved Games
[2014/05/06 02:29:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Links
[2014/05/06 02:29:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Downloads
[2014/05/06 02:29:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Templates
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Start Menu
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\SendTo
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Recent
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\PrintHood
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\NetHood
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\My Documents
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Local Settings
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Cookies
[2014/05/06 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Application Data
[2014/05/06 02:29:21 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Videos
[2014/05/06 02:29:21 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Pictures
[2014/05/06 02:29:20 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Searches
[2014/05/02 21:52:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/02 21:39:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/05/02 21:24:52 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2014/05/02 21:23:21 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/05/02 21:23:11 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/05/02 21:23:11 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/05/02 21:23:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2014/05/02 21:23:02 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/05/02 21:23:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/05/02 21:22:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2014/05/02 21:20:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2014/05/02 21:18:17 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2014/05/02 21:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/05/02 18:03:34 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/05/02 18:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2014/05/02 17:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2014/05/02 17:59:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/05/01 18:18:01 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/01 17:39:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2014/05/01 17:39:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2014/05/01 17:39:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2014/05/01 17:39:22 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014/05/01 17:39:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2014/05/01 17:39:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2014/05/01 17:16:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/05/01 17:16:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/05/01 17:16:46 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/05/01 17:16:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/05/01 17:16:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/01 17:16:44 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/01 17:16:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/05/01 17:16:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/01 17:16:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/01 17:16:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/05/01 17:16:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/05/01 17:16:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2014/05/01 17:16:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/05/01 17:16:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/01 17:16:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/05/01 17:16:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2014/05/01 17:16:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/05/01 17:16:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/05/01 17:16:01 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2014/05/01 17:15:56 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/05/01 17:15:56 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/05/01 17:15:56 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/05/01 17:15:56 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/05/01 17:15:56 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/05/01 17:15:55 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/05/01 17:15:55 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/05/01 17:15:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/05/01 17:13:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/05/01 17:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/05/01 17:12:34 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/05/01 17:12:17 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/05/01 17:12:17 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/05/01 17:12:11 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/05/01 17:12:08 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2014/05/01 17:12:08 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2014/05/01 17:12:08 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/05/01 17:12:07 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/05/01 17:11:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/05/01 17:11:44 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/05/01 17:11:29 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2014/05/01 17:11:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2014/05/01 17:10:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/05/01 17:10:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2014/05/01 17:08:47 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2014/05/01 17:08:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2014/05/01 17:07:56 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2014/05/01 17:07:01 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2014/05/01 16:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/08 05:19:46 | 000,641,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/08 05:19:46 | 000,119,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/08 05:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/08 05:09:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 05:09:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 05:09:13 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/08 05:04:33 | 000,282,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/08 05:01:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/08 05:01:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/08 05:01:12 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000UA.job
[2014/05/07 20:32:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2014/05/07 15:16:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000Core.job
[2014/05/06 03:05:47 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/02 17:59:59 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2014/05/02 17:59:59 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2014/05/01 16:00:09 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/01 16:00:07 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 15:28:26 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/23 06:20:06 | 000,038,912 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/02 21:23:21 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/05/02 17:59:59 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2014/05/02 17:59:59 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2014/05/01 17:39:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/05/01 16:00:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2008/09/05 10:55:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/07/12 13:22:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/05/29 15:44:43 | 000,000,201 | ---- | C] () -- \extensions.ini
[2007/05/29 15:44:43 | 000,000,000 | ---- | C] () -- \extensions.sqlite
[2007/01/13 02:26:52 | 000,007,912 | ---- | C] () -- \{DAECB90F-470A-45A9-82A3-B806B1B5BBDB}
[2007/01/13 02:26:52 | 000,004,568 | ---- | C] () -- \{E359E21B-4E01-49C3-93DA-BF17F573D936}
[2007/01/13 02:26:52 | 000,004,566 | RH-- | C] () -- \dell.sdr
[2007/01/13 02:26:52 | 000,002,536 | ---- | C] () -- \{1FB12671-B255-4C3D-A1C6-E4B3A9A66132}
[2007/01/13 02:26:52 | 000,002,336 | ---- | C] () -- \{83B36465-3C0C-4F28-B082-266A29D28E58}
[2007/01/13 02:26:52 | 000,001,530 | ---- | C] () -- \user.js
[2007/01/13 02:26:52 | 000,000,353 | -H-- | C] () -- \IPH.PH
[2007/01/13 02:26:52 | 000,000,071 | ---- | C] () -- \SystemInfo.ini
[2007/01/13 02:26:52 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2007/01/13 02:26:52 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2006/11/10 09:22:24 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/10 09:22:23 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 06:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2006/11/02 09:01:48 | 000,000,000 | --SD | M] -- C:\Windows\system32\config\systemprofile\AppData
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\Application Data
[2007/10/18 00:48:32 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Contacts
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\Cookies
[2014/05/08 05:14:20 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Desktop
[2014/05/06 02:29:22 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Documents
[2014/05/06 02:29:22 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Downloads
[2014/05/08 05:05:18 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Favorites
[2014/05/06 02:29:22 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Links
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\Local Settings
[2014/05/06 02:29:22 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Music
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\My Documents
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\NetHood
[2014/05/06 02:29:22 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Pictures
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\PrintHood
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\Recent
[2014/05/06 02:29:22 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Saved Games
[2014/05/06 02:29:20 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Searches
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\SendTo
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\Start Menu
[2014/05/06 02:29:22 | 000,000,000 | -HSD | M] -- C:\Windows\system32\config\systemprofile\Templates
[2014/05/06 02:29:21 | 000,000,000 | R--D | M] -- C:\Windows\system32\config\systemprofile\Videos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< 3.%SYSTEMDRIVE%\*.exe >
[2006/11/02 09:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 09:01:49 | 000,032,594 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/15 18:48:54 | 000,000,848 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000Core.job
[2012/06/15 18:48:57 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000UA.job
[2012/06/19 20:32:24 | 000,000,252 | ---- | C] () -- C:\Windows\Tasks\ActiveMail Updater.job
[2012/08/22 12:33:47 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 12:33:52 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 16:00:18 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< 15.dir "%systemdrive%\*" /S /A:L /C >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B623B5B8

< End of report >

 

 

 

Extras.Txt -

 

OTL Extras logfile created on: 5/8/2014 5:28:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
957.76 Mb Total Physical Memory | 554.98 Mb Available Physical Memory | 57.95% Memory free
2.12 Gb Paging File | 1.87 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 212.32 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.09 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
 
Computer Name: AMY-PC | User Name: amy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"MediaWatchV1home6635" = Media Watch
"mefeediatest" = MeFeedia
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyWebSearch bar Uninstall" = My Web Search (Retrogamer)
"NVIDIA Drivers" = NVIDIA Drivers
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/12/2009 1:14:56 AM | Computer Name = amy-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
 0x4b077416, faulting module SHELL32.dll, version 6.0.6001.18167, time stamp 0x4912ecfb,
 exception code 0xc0000005, fault offset 0x00088518,  process id 0x16cc, application
 start time 0x01ca7aaa33423b40.
 
Error - 12/12/2009 10:17:39 AM | Computer Name = amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 8c0  Start Time: 01ca7b35ab628b85  Termination Time: 15
 
Error - 12/15/2009 9:49:21 PM | Computer Name = amy-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
 0x4b077416, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3,
 exception code 0xc0000005, fault offset 0x001500fc,  process id 0x348, application
 start time 0x01ca7dd354797d60.
 
Error - 12/24/2009 9:33:11 PM | Computer Name = amy-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
 0x4b077416, faulting module IEFRAME.dll, version 8.0.6001.18865, time stamp 0x4b078a21,
 exception code 0xc0000005, fault offset 0x000de727,  process id 0xa50, application
 start time 0x01ca85020e6212e9.
 
Error - 12/25/2009 3:05:58 PM | Computer Name = amy-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x3030302e,  process id 0x115c, application start time 0x01ca85953ebe3186.
 
Error - 12/30/2009 12:05:12 PM | Computer Name = amy-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
 faulting module MSVCR80.dll, version 8.0.50727.3053, time stamp 0x4889d619, exception
 code 0xc0000005, fault offset 0x00014a7f,  process id 0x15e8, application start time
 0x01ca8969bc03b760.
 
Error - 1/3/2010 10:52:05 PM | Computer Name = amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 1548  Start Time: 01ca8cde01cd41a8  Termination Time: 0
 
Error - 1/3/2010 10:52:48 PM | Computer Name = amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 590  Start Time: 01ca8ce8e5f2b2c8  Termination Time: 0
 
Error - 1/3/2010 10:54:15 PM | Computer Name = amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: afc  Start Time: 01ca8ce900c8f7d8  Termination Time: 78
 
Error - 1/3/2010 10:55:30 PM | Computer Name = amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 179c  Start Time: 01ca8ce934986558  Termination Time: 15
 
[ Media Center Events ]
Error - 10/30/2007 7:59:37 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 11/1/2007 7:50:29 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 11/19/2007 4:59:20 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 11/19/2007 6:45:04 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 12/6/2007 4:51:31 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 4/30/2008 7:55:50 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 8/28/2008 10:47:51 AM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 1/5/2009 8:03:34 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 6/9/2009 7:37:17 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 1/16/2010 6:36:21 PM | Computer Name = amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
[ System Events ]
Error - 5/8/2014 5:05:49 AM | Computer Name = amy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 5/8/2014 5:05:49 AM | Computer Name = amy-PC | Source = DCOM | ID = 10005
Description =
 
Error - 5/8/2014 5:05:49 AM | Computer Name = amy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 5/8/2014 5:05:59 AM | Computer Name = amy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 5/8/2014 5:11:15 AM | Computer Name = amy-PC | Source = DCOM | ID = 10005
Description =
 
Error - 5/8/2014 5:11:21 AM | Computer Name = amy-PC | Source = DCOM | ID = 10005
Description =
 
Error - 5/8/2014 5:11:22 AM | Computer Name = amy-PC | Source = DCOM | ID = 10005
Description =
 
Error - 5/8/2014 5:11:24 AM | Computer Name = amy-PC | Source = DCOM | ID = 10005
Description =
 
Error - 5/8/2014 5:11:25 AM | Computer Name = amy-PC | Source = DCOM | ID = 10005
Description =
 
Error - 5/8/2014 5:12:17 AM | Computer Name = amy-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
 


Edited by Indecline1988, 11 May 2014 - 03:12 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 11 May 2014 - 03:30 PM

Hello,
never saw such a weird log. I like to double check with FRST that OTL is working correctly.

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 May 2014 - 03:48 PM

You asked me to check the box for 64-bit systems.  There was no such box to check.  Did you perhaps send me an incorrect version of the tool? (3.2.69.0)

Would you be apposed to maybe taking remote access and save ourselves some time?   Or is that against some policy?



#6 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 May 2014 - 04:11 PM

FRST.Txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by amy (administrator) on AMY-PC on 08-05-2014 07:33:34
Running from C:\Windows\System32\config\systemprofile\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-25] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-15] (Realtek Semiconductor)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-13] (SupportSoft, Inc.)
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2007-08-29] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGman000&ptb=FA2130C3-8CCC-4651-B69C-400F72BB8B96&ind=2012012912&ptnrS=RGman000&si=&n=77ece170&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -  No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} -  No File
BHO: No Name - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -  No File
BHO: No Name - {6F45AEA2-9C81-4832-8390-7134102B8DE5} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: No Name - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO: No Name - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} -  No File
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @ei.Retrogamer_4w.com/Plugin - C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Extension: No Name - \Extensions\{6921B3CC-9935-4D28-9A83-B3D824210580} [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-05]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\2.bin

========================== Services (Whitelisted) =================

S2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2007-08-29] (AVAST Software)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
S2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda)
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

==================== Drivers (Whitelisted) ====================

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2007-08-29] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2007-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2007-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2007-08-29] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2007-08-29] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2007-08-29] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2007-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2007-08-29] ()
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
S3 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [202240 2014-04-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [38912 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\iSafe\iSafeKrnlKit.sys [59392 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [52056 2014-04-23] (Elex do Brasil Participações Ltda)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA))
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-08 07:33 - 2014-05-08 07:34 - 00011185 _____ () C:\Windows\System32\config\systemprofile\Desktop\FRST.txt
2014-05-08 07:33 - 2014-05-08 07:33 - 00000000 ____D () C:\FRST
2014-05-08 07:32 - 2014-05-08 07:33 - 01056256 _____ (Farbar) C:\Windows\System32\config\systemprofile\Desktop\FRST.exe
2014-05-08 06:31 - 2014-05-08 06:31 - 00000000 ____D () C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
2014-05-08 05:42 - 2014-05-08 05:42 - 00039642 _____ () C:\Windows\System32\config\systemprofile\Desktop\Extras.Txt
2014-05-08 05:40 - 2014-05-08 05:40 - 00108812 _____ () C:\Windows\System32\config\systemprofile\Desktop\OTL.Txt
2014-05-08 05:19 - 2014-05-08 05:19 - 00000000 ____D () C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
2014-05-08 05:14 - 2014-05-08 05:14 - 00602112 _____ (OldTimer Tools) C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
2014-05-08 05:05 - 2014-05-08 05:05 - 00000000 __SHD () C:\Windows\System32\config\systemprofile\Desktop\%APPDATA%
2014-05-08 05:03 - 2014-05-08 05:03 - 00000540 _____ () C:\Windows\PFRO.log
2014-05-08 05:03 - 2014-05-08 05:03 - 00000540 _____ () C:\Windows\PFRO.log
2014-05-08 04:55 - 2014-05-08 04:55 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-06 05:02 - 2014-05-06 05:02 - 47448064 _____ () C:\Windows\system32\config\software.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 44457984 _____ () C:\Windows\system32\config\components.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 00311296 _____ () C:\Windows\system32\config\default.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-05-02 21:52 - 2014-04-29 16:18 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 21:52 - 2014-04-29 15:28 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 21:39 - 2014-05-02 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-02 21:24 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-05-02 21:23 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-05-02 21:23 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-05-02 21:23 - 2013-10-10 20:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2014-05-02 21:23 - 2013-07-09 08:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-02 21:23 - 2013-07-08 00:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-02 21:23 - 2013-07-08 00:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-02 21:23 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-05-02 21:23 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-05-02 21:23 - 2013-03-08 23:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-02 21:23 - 2013-03-08 21:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-02 21:22 - 2013-04-17 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-05-02 21:21 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-05-02 21:21 - 2013-03-07 23:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-02 21:20 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-05-02 21:20 - 2013-02-11 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-05-02 21:19 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-02 21:19 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-05-02 21:18 - 2013-03-07 23:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-02 21:15 - 2014-05-02 21:15 - 00000000 ____D () C:\Program Files\Trend Micro
2014-05-02 18:03 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-02 17:59 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-05-02 17:56 - 2013-07-08 00:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-05-01 17:39 - 2012-07-25 23:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-05-01 17:39 - 2012-07-25 23:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-05-01 17:39 - 2012-07-25 23:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-05-01 17:39 - 2012-07-25 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-05-01 17:39 - 2012-07-25 23:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-05-01 17:39 - 2012-07-25 23:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-05-01 17:39 - 2012-07-25 22:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-05-01 17:39 - 2012-07-25 22:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-05-01 17:39 - 2012-07-25 22:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-05-01 17:39 - 2012-06-02 10:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-05-01 17:39 - 2009-07-14 08:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-05-01 17:16 - 2014-02-23 06:53 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-01 17:16 - 2014-02-23 06:52 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-01 17:16 - 2014-02-23 06:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-01 17:16 - 2014-02-23 06:50 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-01 17:16 - 2014-02-23 06:48 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-01 17:16 - 2014-02-23 06:48 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-05-01 17:16 - 2014-02-23 06:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 17:16 - 2014-02-23 06:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-01 17:16 - 2014-02-23 06:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-01 17:16 - 2014-02-23 06:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-01 17:16 - 2014-02-23 06:46 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-01 17:16 - 2014-02-23 06:46 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-01 17:16 - 2014-02-23 06:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-05-01 17:16 - 2014-02-23 05:12 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-01 17:16 - 2014-02-23 03:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-01 17:16 - 2014-02-23 03:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-01 17:16 - 2014-02-23 03:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-01 17:16 - 2012-09-25 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-05-01 17:15 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-05-01 17:15 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-05-01 17:15 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-05-01 17:15 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-05-01 17:15 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-01 17:15 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-05-01 17:15 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-01 17:15 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-05-01 17:15 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-05-01 17:13 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-01 17:13 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-05-01 17:13 - 2013-06-15 09:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-05-01 17:13 - 2013-06-15 07:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-05-01 17:13 - 2013-03-03 15:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-01 17:13 - 2012-11-20 00:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-05-01 17:13 - 2012-08-21 07:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-05-01 17:12 - 2014-02-07 06:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-01 17:12 - 2013-10-29 22:13 - 01304064 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2014-05-01 17:12 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-05-01 17:12 - 2013-10-29 21:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-01 17:12 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-01 17:12 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-01 17:12 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-05-01 17:12 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-05-01 17:12 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-05-01 17:12 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-05-01 17:12 - 2012-11-21 23:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-05-01 17:12 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-05-01 17:12 - 2011-05-05 09:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-05-01 17:11 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-01 17:11 - 2013-12-22 11:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-01 17:11 - 2013-12-04 22:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-01 17:11 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-05-01 17:11 - 2013-07-10 05:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-05-01 17:11 - 2013-07-08 00:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-05-01 17:11 - 2013-07-08 00:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-05-01 17:11 - 2013-07-05 00:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-01 17:11 - 2013-05-02 00:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-05-01 17:11 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2014-05-01 17:11 - 2012-11-02 06:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-05-01 17:11 - 2012-11-02 04:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-05-01 17:10 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-01 17:10 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-01 17:10 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-05-01 17:10 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-01 17:10 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-01 17:08 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-05-01 17:08 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-05-01 17:07 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-05-01 17:07 - 2012-11-07 23:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-05-01 16:57 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-01 16:56 - 2013-10-03 08:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-05-01 16:53 - 2012-11-02 06:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-05-01 16:00 - 2014-05-08 05:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified Files and Folders =======

2014-05-08 07:34 - 2014-05-08 07:33 - 00011185 _____ () C:\Windows\System32\config\systemprofile\Desktop\FRST.txt
2014-05-08 07:33 - 2014-05-08 07:33 - 00000000 ____D () C:\FRST
2014-05-08 07:33 - 2014-05-08 07:32 - 01056256 _____ (Farbar) C:\Windows\System32\config\systemprofile\Desktop\FRST.exe
2014-05-08 07:31 - 2007-10-18 00:48 - 00067536 _____ () C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-08 07:31 - 2006-11-02 09:02 - 00001356 _____ () C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
2014-05-08 06:31 - 2014-05-08 06:31 - 00000000 ____D () C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
2014-05-08 05:42 - 2014-05-08 05:42 - 00039642 _____ () C:\Windows\System32\config\systemprofile\Desktop\Extras.Txt
2014-05-08 05:40 - 2014-05-08 05:40 - 00108812 _____ () C:\Windows\System32\config\systemprofile\Desktop\OTL.Txt
2014-05-08 05:26 - 2006-11-02 08:47 - 47448064 _____ () C:\Windows\System32\config\RegBack\SOFTWARE
2014-05-08 05:26 - 2006-11-02 08:47 - 35299328 _____ () C:\Windows\System32\config\RegBack\SYSTEM
2014-05-08 05:26 - 2006-11-02 08:47 - 00442368 _____ () C:\Windows\System32\config\RegBack\DEFAULT
2014-05-08 05:26 - 2006-11-02 08:47 - 00057344 _____ () C:\Windows\System32\config\RegBack\SAM
2014-05-08 05:25 - 2006-11-02 08:47 - 00028672 _____ () C:\Windows\System32\config\RegBack\SECURITY
2014-05-08 05:19 - 2014-05-08 05:19 - 00000000 ____D () C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
2014-05-08 05:19 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 05:14 - 2014-05-08 05:14 - 00602112 _____ (OldTimer Tools) C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
2014-05-08 05:09 - 2012-08-22 12:33 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 05:09 - 2007-05-29 15:40 - 00000000 ____D () C:\Program Files\iSafe
2014-05-08 05:09 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 05:09 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 05:09 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 05:05 - 2014-05-08 05:05 - 00000000 __SHD () C:\Windows\System32\config\systemprofile\Desktop\%APPDATA%
2014-05-08 05:04 - 2006-11-02 08:47 - 00282864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-08 05:03 - 2014-05-08 05:03 - 00000540 _____ () C:\Windows\PFRO.log
2014-05-08 05:03 - 2014-05-08 05:03 - 00000540 _____ () C:\Windows\PFRO.log
2014-05-08 05:02 - 2007-10-15 10:21 - 01902162 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 05:02 - 2007-10-15 10:21 - 01902162 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 05:02 - 2006-11-02 09:01 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 05:01 - 2014-05-01 16:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 05:01 - 2012-08-22 12:33 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 05:01 - 2012-06-15 18:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000UA.job
2014-05-08 04:55 - 2014-05-08 04:55 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-07 20:32 - 2012-06-19 20:32 - 00000252 _____ () C:\Windows\Tasks\ActiveMail Updater.job
2014-05-07 15:16 - 2012-06-15 18:48 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000Core.job
2014-05-07 14:28 - 2006-11-02 08:47 - 44457984 _____ () C:\Windows\System32\config\RegBack\COMPONENTS.OLD
2014-05-07 14:28 - 2006-11-02 08:47 - 00057344 _____ () C:\Windows\System32\config\RegBack\SAM.OLD
2014-05-07 14:27 - 2006-11-02 08:47 - 35299328 _____ () C:\Windows\System32\config\RegBack\SYSTEM.OLD
2014-05-07 14:27 - 2006-11-02 08:47 - 00311296 _____ () C:\Windows\System32\config\RegBack\DEFAULT.OLD
2014-05-07 14:26 - 2006-11-02 08:47 - 47448064 _____ () C:\Windows\System32\config\RegBack\SOFTWARE.OLD
2014-05-07 14:26 - 2006-11-02 08:47 - 00028672 _____ () C:\Windows\System32\config\RegBack\SECURITY.OLD
2014-05-06 05:02 - 2014-05-06 05:02 - 47448064 _____ () C:\Windows\system32\config\software.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 44457984 _____ () C:\Windows\system32\config\components.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 00311296 _____ () C:\Windows\system32\config\default.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-05-06 05:02 - 2014-05-06 05:02 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-05-06 03:05 - 2007-08-29 14:12 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 03:04 - 2007-10-15 10:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-06 02:57 - 2007-10-15 10:46 - 00000000 ____D () C:\Program Files\Dell
2014-05-06 02:46 - 2009-05-18 15:40 - 00000000 ____D () C:\Program Files\sz8001
2014-05-06 02:36 - 2007-10-15 10:32 - 00000000 ____D () C:\Program Files\Common Files\Roxio Shared
2014-05-06 02:24 - 2007-10-15 17:57 - 00000000 ____D () C:\DELL
2014-05-06 02:22 - 2007-11-11 18:26 - 00000000 ____D () C:\Program Files\Yahoo!
2014-05-02 23:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-02 23:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-02 21:55 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-05-02 21:44 - 2014-05-02 21:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-02 21:34 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-02 21:15 - 2014-05-02 21:15 - 00000000 ____D () C:\Program Files\Trend Micro
2014-05-02 20:56 - 2012-06-15 21:23 - 00000000 ____D () C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit
2014-05-02 20:01 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-05-02 20:01 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-05-02 19:43 - 2012-08-22 12:33 - 00000000 ____D () C:\Program Files\Google
2014-05-02 17:59 - 2012-06-15 17:04 - 00000000 ____D () C:\Program Files\IObit
2014-05-02 17:53 - 2007-08-29 11:08 - 23785472 _____ () C:\Windows\system32\config\system.iobit
2014-05-01 18:49 - 2007-10-15 10:20 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-05-01 16:04 - 2010-06-02 12:31 - 00000000 ____D () C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps
2014-05-01 16:04 - 2007-10-15 10:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-01 16:00 - 2012-08-22 12:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-01 16:00 - 2012-08-22 12:33 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:18 - 2014-05-02 21:52 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:28 - 2014-05-02 21:52 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 06:20 - 2007-08-28 12:43 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys

Files to move or delete:
====================
C:\Windows\System32\config\systemprofile\AppData\Roaming\desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-08 05:26

==================== End Of Log ============================

 

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by amy at 2014-05-08 07:34:29
Running from C:\Windows\System32\config\systemprofile\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (HKLM\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced SystemCare 6 (HKLM\...\Advanced SystemCare 6_is1) (Version: 6.4 - IObit)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D1500 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
D1500_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (HKLM\...\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Media Watch (HKLM\...\MediaWatchV1home6635) (Version: 1.1 - Media Watch)
MeFeedia (HKLM\...\mefeediatest) (Version: 1.0.0.1 - )
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Web Search (Retrogamer) (HKLM\...\MyWebSearch bar Uninstall) (Version:  - My Web Search) <==== ATTENTION
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
ShopAtHome.com Toolbar (HKLM\...\SelectRebatesUninstall) (Version:  - )
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version:  - )
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - )

==================== Restore Points  =========================

08-01-2007 08:08:03 Installed Java 7 Update 9
29-08-2007 14:18:02 Removed Registry Dr
29-08-2007 14:24:48 Removed Ask Toolbar.
29-08-2007 16:19:10 avast! antivirus system restore point
30-08-2007 11:20:56 Removed Powered by Maestro Learning
30-08-2007 11:24:36 Removed Symantec Technical Support Web Controls
30-08-2007 11:31:13 Removed Windows Live Sync
30-08-2007 11:33:17 Removed Windows Live Mesh ActiveX Control for Remote Connections
30-08-2007 11:37:08 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
30-08-2007 11:40:21 Removed Modem Diagnostic Tool.
01-05-2014 19:57:15 Installed Java 7 Update 55
01-05-2014 21:20:07 Windows Update
02-05-2014 16:20:07 Windows Update
02-05-2014 21:12:01 Removed Dell System Customization Wizard.
02-05-2014 23:27:43 Windows Update
03-05-2014 01:12:39 Installed HiJackThis
03-05-2014 01:33:43 Windows Update
04-05-2014 23:25:50 Windows Update
06-05-2014 00:16:03 Scheduled Checkpoint
06-05-2014 06:18:54 Removed Browser Address Error Redirector.
06-05-2014 06:24:03 Removed QualxServ Service Agreement
06-05-2014 06:28:44 Removed Roxio MyDVD DE
06-05-2014 06:46:58 Removed Games, Music, & Photos Launcher.
06-05-2014 06:50:33 Removed Digital Line Detect
06-05-2014 06:52:23 Removed Digital Line Detect
06-05-2014 06:56:22 Removed Internet Service Offers Launcher.
06-05-2014 07:01:00 Removed NetWaiting
06-05-2014 07:02:57 Removed NetWaiting
07-05-2014 04:00:13 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12B2FD1E-FDB2-41C8-BE2A-3F37CF4BCA86} - System32\Tasks\ActiveMail Updater => UpdateClient.exe
Task: {16E15AA6-B156-47B3-B9FE-95427949207B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D03FEAE-35CA-4181-B012-B57DEFB6FB3C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01] (Adobe Systems Incorporated)
Task: {21B8978F-4DF7-4C68-B23A-2AA0584C04A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D88D9EB-5198-4C2E-99BC-58AE381D62C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000UA => C:\Users\amy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4BECB071-532F-463B-BE8B-3FCB95AD6065} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000Core => C:\Users\amy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {583AEB80-5F38-4EF1-8808-AB548C5D1517} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {6E78DC12-8328-4D75-A445-E099233EE9B6} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-10] (IObit)
Task: {7ABC8D1C-D7FC-4315-8983-DDDEE1CDF84C} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {886C1853-0CF5-499C-8C1C-3621E7116998} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {986710E3-9145-4BA9-91B3-4E14D9A13F7F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - amy => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {D4BF8740-C1CC-41DE-883B-11437A280957} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2007-08-29] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\ActiveMail Updater.job => ªFƒZ¸™F¾)NWÔ«y6F†<
 s€ €!Þ ƒUpdateClient.exeamy0Ü ¥Òqß¹8ífºþ艎èLÏûñܶô/WÕ
·> 1w½µ5âøÀÑ"ñ^ þ
¢»,tX‡'ì[Ö'nÖnx
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000Core.job => C:\Users\amy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448270800-3382982998-658231513-1000UA.job => C:\Users\amy\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-02 17:59 - 2013-01-15 18:47 - 00143168 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{BF398B2B-58FE-4F21-82EC-205F96B8363F}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: HL-DT-ST DVD+-RW GSA-H73N SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2014 05:11:21 AM) (Source: EventSystem) (User: ) (EventID: 4609)
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/08/2014 05:05:02 AM) (Source: EventSystem) (User: ) (EventID: 4609)
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/06/2014 03:02:56 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 03:00:59 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 02:52:20 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 02:50:33 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 02:20:00 AM) (Source: MsiInstaller) (User: amy-PC) (EventID: 11905)
Description: Product: Browser Address Error Redirector -- Error 1905.Module C:\Program Files\Dell\BAE\BAE.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.

Error: (05/02/2014 10:05:29 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program ASC.exe version 6.4.0.292 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 60c
Start Time: 01cf66740339445e
Termination Time: 5335

Error: (05/02/2014 09:02:42 PM) (Source: SupportSoft Agent) (User: ) (EventID: 0)
Description: No provider ID specified.

Error: (05/02/2014 09:02:40 PM) (Source: SupportSoft Agent) (User: ) (EventID: 0)
Description: No provider ID specified.

System errors:
=============
Error: (05/08/2014 05:12:17 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
cdrom
PxHelp20
spldr
Wanarpv6

Error: (05/08/2014 05:11:25 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/08/2014 05:11:24 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/08/2014 05:11:22 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (05/08/2014 05:11:21 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/08/2014 05:11:15 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/08/2014 05:05:59 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (05/08/2014 05:05:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (05/08/2014 05:05:49 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/08/2014 05:05:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Network List ServiceNetwork Location Awareness%%1068

Microsoft Office Sessions:
=========================
Error: (05/08/2014 05:11:21 AM) (Source: EventSystem) (User: ) (EventID: 4609)
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/08/2014 05:05:02 AM) (Source: EventSystem) (User: ) (EventID: 4609)
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/06/2014 03:02:56 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 03:00:59 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 02:52:20 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 02:50:33 AM) (Source: VSS) (User: ) (EventID: 8194)
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d600ec1e-ec29-402e-b73e-7830b5e67d66}

Error: (05/06/2014 02:20:00 AM) (Source: MsiInstaller) (User: amy-PC) (EventID: 11905)
Description: Product: Browser Address Error Redirector -- Error 1905.Module C:\Program Files\Dell\BAE\BAE.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.(NULL)(NULL)(NULL)(NULL)

Error: (05/02/2014 10:05:29 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: ASC.exe6.4.0.29260c01cf66740339445e5335

Error: (05/02/2014 09:02:42 PM) (Source: SupportSoft Agent) (User: ) (EventID: 0)
Description: No provider ID specified.

Error: (05/02/2014 09:02:40 PM) (Source: SupportSoft Agent) (User: ) (EventID: 0)
Description: No provider ID specified.

CodeIntegrity Errors:
===================================
  Date: 2014-05-08 07:34:23.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\iSafeKrnlBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:34:22.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\iSafeKrnlBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:34:21.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\iSafeKrnlBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:34:20.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\iSafeKrnlBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:33:57.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\iSafe\iSafeKrnlKit.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:33:56.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\iSafe\iSafeKrnlKit.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:33:55.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\iSafe\iSafeKrnlKit.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:33:54.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\iSafe\iSafeKrnlKit.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:33:53.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\iSafeKrnlBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 07:33:52.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\iSafeKrnlBoot.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 957.76 MB
Available physical RAM: 313.37 MB
Total Pagefile: 2178.06 MB
Available Pagefile: 1717.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:212.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 12 May 2014 - 09:25 AM

Hi,

You asked me to check the box for 64-bit systems. There was no such box to check.

There is no such box because you are running 32 bit. ;)
 
Step 1: Uninstalls
 
Please uninstall following program(s):
  • My Web Search
Step 2: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of the log into your next post please.
Step 5: Question
 
How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 12 May 2014 - 04:58 PM

Which logs are you looking for me to post? As nothing popped up upon reboot.    There are logs under a file named "Quarantine". And also 2 txt files under "AdwCleaner[RO]" and "AdwCleaner[SO]". 


Edited by Indecline1988, 12 May 2014 - 04:59 PM.


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 12 May 2014 - 05:19 PM

Please post all these logs , then I can see which one is the correct one. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 12 May 2014 - 07:01 PM

 
 
 
 
(The logs were too big for the server to support/Restricted?)


#11 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 12 May 2014 - 08:05 PM

I noted that you informed me to be patient while waiting on JRT. But i ran the executable and it brought up CMD, but has done nothing in over 5 minutes.   I assumed the "Be patient" was directed towards the length of the scan.  So i feel as if something is wrong.   I also would like to inform you i am doing all this in Safe Mode w/ Networking.



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 13 May 2014 - 12:11 AM

Why are you doing this in SafeMode? JRT needs some time. Let it run for 20 Minutes and inform me if it worked.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Indecline1988

Indecline1988
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 14 May 2014 - 10:38 AM

Sorry i havent responded in a day or 2 as i have been busy.   Give me a little time and i will try once more.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 14 May 2014 - 10:43 AM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:36 PM

Posted 17 May 2014 - 04:40 AM

Still with me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users