Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mysearchdial.com problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 10 May 2014 - 03:59 PM

I have mysearchdial.com issues.

 

Below are the two files generated by FTST / Addition.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by Dell (administrator) on DELL-9200 on 10-05-2014 14:30:31
Running from C:\Documents and Settings\Dell\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
Startup: C:\Documents and Settings\Dell\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - DefaultScope {C77E496B-534A-4D3D-9E9B-F3D551718E22} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - _tmp URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {C77E496B-534A-4D3D-9E9B-F3D551718E22} URL = https://duckduckgo.com/?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1374339359189
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default
FF user.js: detected! => C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\user.js
FF DefaultSearchEngine: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dsites05_14_19_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCyEtAyC0B0BtByDzz0AtBzyzztN0D0Tzu0SzzyDzztN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0DyEyEtBtDtCtAtG0EyC0F0CtG0BzytByEtGyCyDtA0FtGtD0FyCyE0B0DtBtCyC0FtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzz0DtBtD0AyDyEtG0EzztB0BtGyDtAyD0AtGyD0EyBzytGyE0FyBtAyByD0DtB0BzytAtA2Q&cr=1756359492&ir=
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\searchplugins\Mysearchdial.xml
FF Extension: No Name - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\staged [2014-05-10]
FF Extension: MySearchDial NewTab - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-05-10]
FF Extension: Evernote Web Clipper - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-05-07]
FF Extension: Google Docs Viewer - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\adonis.cuhk@gmail.com.xpi [2013-07-20]
FF Extension: FacebookBlocker - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\facebookBlocker@webgraph.com.xpi [2013-07-20]
FF Extension: Clearly - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\readable@evernote.com.xpi [2013-07-18]
FF Extension: OpenURL Referrer - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\c8idy6jj.default\Extensions\{6949DC66-E5E4-4bf0-B364-84F23ED81319}.xpi [2013-07-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-04-01]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-01]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-04-01]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-04-01]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-04-01]

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-04-02] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [593504 2013-11-11] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2013-07-27] (Acronis)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-11-11] (Kaspersky Lab ZAO)
U3 TlntSvr;
U4 vsserv;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-10 14:30 - 2014-05-10 14:30 - 00014297 _____ () C:\Documents and Settings\Dell\Desktop\FRST.txt
2014-05-10 14:30 - 2014-05-10 14:30 - 00000000 ____D () C:\FRST
2014-05-10 14:28 - 2014-05-10 14:29 - 01054720 _____ (Farbar) C:\Documents and Settings\Dell\Desktop\FRST.exe
2014-05-07 22:58 - 2014-05-07 22:58 - 00001022 _____ () C:\Documents and Settings\Dell\Desktop\Shortcut to RCleaner.exe.lnk
2014-05-07 22:49 - 2014-05-07 22:49 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-07 22:36 - 2014-05-07 22:46 - 00003058 _____ () C:\Documents and Settings\Dell\Desktop\Rkill.txt
2014-05-07 22:12 - 2014-05-07 22:13 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\DivX
2014-05-07 22:10 - 2014-05-07 23:31 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-05-07 22:02 - 2014-05-07 23:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-05-07 22:02 - 2014-05-07 23:28 - 00000000 ____D () C:\Program Files\DSP-worx
2014-05-07 22:02 - 2014-05-07 22:03 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\LavFilters
2014-05-07 22:02 - 2014-05-07 22:03 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\CDXReader
2014-05-07 22:01 - 2014-05-07 22:01 - 00000000 ____D () C:\Program Files\OpenSource Flash Video Splitter
2014-05-07 21:56 - 2014-05-10 13:56 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-07 21:55 - 2014-05-07 21:55 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\DigitalSites
2014-05-07 01:38 - 2014-05-10 14:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 00:27 - 2014-05-07 00:27 - 00000954 _____ () C:\Documents and Settings\Dell\Desktop\KEYS.txt
2014-05-06 23:50 - 2014-05-06 23:50 - 00000596 _____ () C:\Documents and Settings\Dell\Desktop\firmware.txt
2014-05-06 23:41 - 2014-05-06 23:56 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-05-06 23:41 - 2014-05-06 23:41 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-06 23:02 - 2014-05-06 23:02 - 00170040 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-05-06 22:38 - 2014-05-06 22:49 - 00000000 ____D () C:\Documents and Settings\Dell\Desktop\Export to Research
2014-05-06 21:50 - 2014-05-06 21:51 - 00000298 _____ () C:\WINDOWS\Tasks\Auslogics DiskDefrag.job
2014-05-06 21:05 - 2014-05-06 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Auslogics
2014-05-06 21:04 - 2014-05-06 21:04 - 00000822 _____ () C:\Documents and Settings\Dell\Desktop\Auslogics DiskDefrag.lnk
2014-05-06 21:04 - 2014-05-06 21:04 - 00000000 ____D () C:\Program Files\Auslogics
2014-05-06 21:04 - 2014-05-06 21:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2014-05-06 20:55 - 2014-05-10 14:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-06 09:34 - 2014-05-06 09:36 - 00005549 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-06 09:03 - 2014-05-06 09:03 - 00001857 _____ () C:\Documents and Settings\Dell\Desktop\Safe Money.lnk
2014-04-16 19:03 - 2014-05-06 20:55 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-16 19:03 - 2014-05-06 20:55 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-16 18:16 - 2014-05-10 14:30 - 03122277 _____ () C:\WINDOWS\pfirewall.log
2014-04-16 17:50 - 2014-04-16 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-04-16 17:50 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-04-16 17:50 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-04-16 17:50 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-04-16 17:50 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-04-16 17:50 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-04-16 17:46 - 2014-04-16 17:50 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-04-10 01:26 - 2014-04-10 01:27 - 00001950 _____ () C:\WINDOWS\wmsetup.log
2014-04-10 00:27 - 2014-04-10 00:28 - 00012606 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 00:22 - 2014-04-10 00:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 00:19 - 2014-04-10 00:19 - 00004015 _____ () C:\WINDOWS\KB2934207.log
2014-04-10 00:19 - 2014-04-10 00:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-04-10 00:13 - 2014-04-10 00:22 - 00008794 _____ () C:\WINDOWS\KB2922229.log
2014-04-10 00:09 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-04-10 00:09 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe

==================== One Month Modified Files and Folders =======

2014-05-10 14:31 - 2014-05-06 20:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-10 14:30 - 2014-05-10 14:30 - 00014297 _____ () C:\Documents and Settings\Dell\Desktop\FRST.txt
2014-05-10 14:30 - 2014-05-10 14:30 - 00000000 ____D () C:\FRST
2014-05-10 14:30 - 2014-04-16 18:16 - 03122277 _____ () C:\WINDOWS\pfirewall.log
2014-05-10 14:29 - 2014-05-10 14:28 - 01054720 _____ (Farbar) C:\Documents and Settings\Dell\Desktop\FRST.exe
2014-05-10 14:18 - 2014-04-01 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2014-05-10 14:03 - 2014-05-07 01:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 13:56 - 2014-05-07 21:56 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-10 13:32 - 2013-12-05 14:29 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2014-05-10 13:29 - 2013-12-05 14:29 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-10 13:29 - 2012-10-26 18:56 - 01174113 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-10 13:25 - 2012-10-26 19:03 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-10 13:25 - 2004-08-04 01:00 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl
2014-05-08 06:37 - 2012-10-26 19:04 - 00000178 ___SH () C:\Documents and Settings\Dell\ntuser.ini
2014-05-08 06:37 - 2012-10-26 19:03 - 00032614 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-08 06:17 - 2013-08-02 06:45 - 00000000 ____D () C:\Documents and Settings\Dell\Desktop\SSA-TtW-PASS
2014-05-08 06:11 - 2013-07-29 23:46 - 00002501 _____ () C:\Documents and Settings\Dell\Desktop\Word.lnk
2014-05-07 23:35 - 2013-12-06 03:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-05-07 23:31 - 2014-05-07 22:10 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-05-07 23:31 - 2014-05-07 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-05-07 23:28 - 2014-05-07 22:02 - 00000000 ____D () C:\Program Files\DSP-worx
2014-05-07 23:01 - 2013-08-01 02:47 - 00672258 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-484763869-688789844-839522115-1004-0.dat
2014-05-07 23:01 - 2013-08-01 02:47 - 00336266 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-05-07 22:58 - 2014-05-07 22:58 - 00001022 _____ () C:\Documents and Settings\Dell\Desktop\Shortcut to RCleaner.exe.lnk
2014-05-07 22:49 - 2014-05-07 22:49 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-07 22:46 - 2014-05-07 22:36 - 00003058 _____ () C:\Documents and Settings\Dell\Desktop\Rkill.txt
2014-05-07 22:44 - 2013-08-04 02:19 - 00167936 ____H (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2014-05-07 22:25 - 2013-07-20 11:24 - 00000000 ____D () C:\Documents and Settings\Dell\Local Settings\Application Data\Deployment
2014-05-07 22:13 - 2014-05-07 22:12 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\DivX
2014-05-07 22:03 - 2014-05-07 22:02 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\LavFilters
2014-05-07 22:03 - 2014-05-07 22:02 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\CDXReader
2014-05-07 22:01 - 2014-05-07 22:01 - 00000000 ____D () C:\Program Files\OpenSource Flash Video Splitter
2014-05-07 21:55 - 2014-05-07 21:55 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\DigitalSites
2014-05-07 21:40 - 2013-12-05 11:36 - 00105970 _____ () C:\WINDOWS\setupapi.log
2014-05-07 21:38 - 2013-07-14 12:43 - 00001486 _____ () C:\Documents and Settings\Dell\Desktop\Calculator.lnk
2014-05-07 21:38 - 2013-07-12 11:12 - 00001507 _____ () C:\Documents and Settings\Dell\Desktop\Notepad.lnk
2014-05-07 21:35 - 2013-12-05 11:36 - 00001922 _____ () C:\WINDOWS\setupact.log
2014-05-07 21:28 - 2013-07-18 15:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-07 00:27 - 2014-05-07 00:27 - 00000954 _____ () C:\Documents and Settings\Dell\Desktop\KEYS.txt
2014-05-07 00:08 - 2013-07-29 22:19 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-05-07 00:07 - 2014-04-01 07:54 - 00000000 ____D () C:\Documents and Settings\Dell\Application Data\Zeon
2014-05-07 00:07 - 2013-12-09 06:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nuance
2014-05-07 00:07 - 2013-12-09 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\zeon
2014-05-06 23:56 - 2014-05-06 23:41 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-05-06 23:56 - 2013-08-01 02:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-05-06 23:56 - 2013-08-01 01:58 - 00000000 ____D () C:\Program Files\My Dell
2014-05-06 23:50 - 2014-05-06 23:50 - 00000596 _____ () C:\Documents and Settings\Dell\Desktop\firmware.txt
2014-05-06 23:41 - 2014-05-06 23:41 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-06 23:02 - 2014-05-06 23:02 - 00170040 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-05-06 23:01 - 2014-04-09 21:16 - 00000000 ____D () C:\AdwCleaner
2014-05-06 22:55 - 2012-10-26 19:19 - 00000000 ____D () C:\Documents and Settings\Dell\Local Settings\Application Data\Adobe
2014-05-06 22:49 - 2014-05-06 22:38 - 00000000 ____D () C:\Documents and Settings\Dell\Desktop\Export to Research
2014-05-06 22:49 - 2013-07-24 17:17 - 00000000 ____D () C:\Documents and Settings\Dell\Desktop\Others
2014-05-06 22:28 - 2012-10-26 19:03 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-06 22:28 - 2012-10-26 19:03 - 00000000 ____D () C:\Documents and Settings\Dell
2014-05-06 22:28 - 2012-10-26 19:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-05-06 22:08 - 2013-12-05 11:36 - 00130454 _____ () C:\WINDOWS\FaxSetup.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00064889 _____ () C:\WINDOWS\ocgen.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00051106 _____ () C:\WINDOWS\tsoc.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00043250 _____ () C:\WINDOWS\comsetup.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00026449 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00019974 _____ () C:\WINDOWS\iis6.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00007309 _____ () C:\WINDOWS\ocmsn.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00006659 _____ () C:\WINDOWS\msgsocm.log
2014-05-06 22:08 - 2013-12-05 11:36 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-05-06 22:06 - 2012-10-26 19:16 - 00000000 ____D () C:\Documents and Settings\Dell\Local Settings\Application Data\Google
2014-05-06 21:51 - 2014-05-06 21:50 - 00000298 _____ () C:\WINDOWS\Tasks\Auslogics DiskDefrag.job
2014-05-06 21:05 - 2014-05-06 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Auslogics
2014-05-06 21:04 - 2014-05-06 21:04 - 00000822 _____ () C:\Documents and Settings\Dell\Desktop\Auslogics DiskDefrag.lnk
2014-05-06 21:04 - 2014-05-06 21:04 - 00000000 ____D () C:\Program Files\Auslogics
2014-05-06 21:04 - 2014-05-06 21:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2014-05-06 20:55 - 2014-04-16 19:03 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-06 20:55 - 2014-04-16 19:03 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-06 09:36 - 2014-05-06 09:34 - 00005549 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-06 09:36 - 2014-04-02 17:03 - 00058119 _____ () C:\WINDOWS\updspapi.log
2014-05-06 09:36 - 2013-08-07 22:26 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-05-06 09:03 - 2014-05-06 09:03 - 00001857 _____ () C:\Documents and Settings\Dell\Desktop\Safe Money.lnk
2014-04-30 04:13 - 2008-04-14 06:42 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2008-04-14 06:42 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-16 17:50 - 2014-04-16 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-04-16 17:50 - 2014-04-16 17:46 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-04-16 17:50 - 2013-07-10 16:38 - 00000000 ____D () C:\Program Files\Java
2014-04-14 20:13 - 2014-04-16 17:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-16 17:50 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-04-14 20:05 - 2014-04-16 17:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-04-14 20:04 - 2014-04-16 17:50 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-04-14 19:47 - 2014-04-16 17:50 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-04-10 01:27 - 2014-04-10 01:26 - 00001950 _____ () C:\WINDOWS\wmsetup.log
2014-04-10 00:28 - 2014-04-10 00:27 - 00012606 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 00:27 - 2013-07-11 00:10 - 00000000 ___HD () C:\WINDOWS\system32\MRT
2014-04-10 00:24 - 2012-10-26 20:19 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-10 00:23 - 2013-07-29 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-10 00:22 - 2014-04-10 00:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 00:22 - 2014-04-10 00:13 - 00008794 _____ () C:\WINDOWS\KB2922229.log
2014-04-10 00:19 - 2014-04-10 00:19 - 00004015 _____ () C:\WINDOWS\KB2934207.log
2014-04-10 00:19 - 2014-04-10 00:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$

Files to move or delete:
====================
C:\Windows\Tasks\At2.job

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

----------------------- ADDITION --------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-05-2014
Ran by Dell at 2014-05-10 14:32:08
Running from C:\Documents and Settings\Dell\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 3.0 (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025875C-Dell - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
AVS Audio Converter 7 (HKLM\...\AVS Audio Converter_is1) (Version: 7.0.6.519 - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM\...\AVS Audio Editor_is1) (Version: 7.1.6.484 - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM\...\AVS Audio Recorder_is1) (Version: 4.0.1.21 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM\...\AVS Disc Creator_is1) (Version: 5.0.7.521 - Online Media Technologies Ltd.)
AVS Document Converter 2.2.6 (HKLM\...\AVS Document Converter_is1) (Version: 2.2.6.220 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 2.3.3.249 (HKLM\...\AVS Image Converter_is1) (Version: 2.3.3.249 - Online Media Technologies Ltd.)
AVS Media Player 4.1.11.100 (HKLM\...\AVS Media Player_is1) (Version: 4.1.11.100 - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM\...\AVS Photo Editor_is1) (Version: 2.0.9.129 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.2.3.237 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.2.3.237 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.3.535 - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version: 6.3.3.235 - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM\...\AVS Video Recorder_is1) (Version: 2.5.4.84 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.1.4.150 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.1.4.150 - Online Media Technologies Ltd.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{B652DD9C-F162-4B40-B38F-A1D0F866CAFA}) (Version: 0.9.41 - Kovid Goyal)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.0.2.57 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EndNote X5 (HKLM\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.1.5774 - Thomson Reuters)
Evernote v. 4.6.7 (HKLM\...\{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}) (Version: 4.6.7.8409 - Evernote Corp.)
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C3013E88-B772-4446-A0AE-A7F37180B9F1}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

03-04-2014 06:06:15 Installed Windows Internet Explorer 8.
03-04-2014 06:17:49 Installed Windows XP KB2909210.
03-04-2014 06:19:56 Installed Windows XP KB2510531.
03-04-2014 06:34:05 Installed Windows XP KB2925418.
03-04-2014 06:47:24 Installed Windows XP KB2898785.
03-04-2014 08:45:31 Installed Compatibility Pack for the 2007 Office system
10-04-2014 01:32:21 ComboFix created restore point
10-04-2014 04:17:51 Software Distribution Service 3.0
10-04-2014 04:38:33 Software Distribution Service 3.0
16-04-2014 21:45:37 Installed Java 7 Update 55
06-05-2014 13:33:43 Software Distribution Service 3.0
07-05-2014 04:07:05 Removed Nuance PDF Converter Professional 7.
08-05-2014 03:35:19 Removed Skype™ 6.14
08-05-2014 03:36:55 Removed Windows Defender
08-05-2014 04:03:59 Backup_2014_05_07

==================== Hosts content: ==========================

2004-08-04 01:00 - 2004-08-04 01:00 - 00000734 ___AH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Dell\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Auslogics DiskDefrag.job => C:\PROGRA~1\AUSLOG~1\DISKDE~1\DISKDE~1.EXE
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\My Dell\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-07 01:38 - 2014-05-07 01:38 - 03845232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\LegitCheckControl.DLL:BDU
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D95ACC7D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2014 06:24:07 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Hanging application divD.tmp, version 2.6.1.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/08/2014 06:22:52 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (05/08/2014 06:22:36 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application divd.tmp, version 2.6.1.8, faulting module divd.tmp, version 2.6.1.8, fault address 0x0005724a.
Processing media-specific event for [divd.tmp!ws!]

Error: (05/07/2014 11:31:53 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application div1f.tmp, version 2.6.1.8, faulting module div1f.tmp, version 2.6.1.8, fault address 0x0003271d.
Processing media-specific event for [div1f.tmp!ws!]

Error: (05/07/2014 11:01:01 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Hanging application avp.exe, version 13.0.2.628, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (05/10/2014 01:56:00 PM) (Source: Schedule) (User: ) (EventID: 7901)
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (05/07/2014 11:39:56 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (05/08/2014 06:24:07 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: divD.tmp2.6.1.8hungapp0.0.0.000000000

Error: (05/08/2014 06:22:52 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (05/08/2014 06:22:36 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: divd.tmp2.6.1.8divd.tmp2.6.1.80005724a

Error: (05/07/2014 11:31:53 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: div1f.tmp2.6.1.8div1f.tmp2.6.1.80003271d

Error: (05/07/2014 11:01:01 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: avp.exe13.0.2.628hungapp0.0.0.000000000

 

 

thanks



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:30 AM

Posted 11 May 2014 - 09:44 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi shley,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:30 AM

Posted 15 May 2014 - 02:17 PM

User has resolved the issue on their own, therefore I am closing this topic as resolved.


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users