Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUP.Optional-Installlq [Solved]


  • This topic is locked This topic is locked

#16
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Something has happened. I think we have angered the computer :rolleyes:

Here is how I proceeded with your advice.

Windows Sidebar Advice.

Ran this.

Received box with message:

"This Microsoft Fix It has been processed."

Did not re-start computer as I knew it would be restarting after running the OTL Script again.

Next, ran Custom OTL Script with the following Notepad (.txt file) generated. After it re-started, I went to open in Normal Mode again. Got the Welcome Screen (blue) (it took quite a while) and then the black screen again. The computer stopped and would not go any further. Could see the mouse pointer again but nothing else.

I did not run the Malware program or adwcleaner yet. I stopped after I could not get into the computer in the Normal Mode again.

I am actually in Safe Mode with Networking at the moment.

I will attach the OTL log next.

Edited by DianneH2014, 05 December 2013 - 04:28 PM.

  • 0

Advertisements


#17
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b798088b-13ad-11e2-967f-842b2b93a010}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b798088b-13ad-11e2-967f-842b2b93a010}\ not found.
File I:\Autorun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DIANNE\Desktop\cmd.bat deleted successfully.
C:\Users\DIANNE\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\DIANNE\Desktop\cmd.bat deleted successfully.
C:\Users\DIANNE\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\DIANNE\Desktop\cmd.bat deleted successfully.
C:\Users\DIANNE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DIANNE
->Temp folder emptied: 831001303 bytes
->Temporary Internet Files folder emptied: 250728343 bytes
->Java cache emptied: 92243 bytes
->FireFox cache emptied: 125463682 bytes
->Google Chrome cache emptied: 256398833 bytes
->Flash cache emptied: 58872 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 59392 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 418042027 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37180 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42260172 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,835.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12052013_170157
  • 0

#18
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Something has happened. I think we have angered the computer :rolleyes:

Oh dear, not to worry these things can occur and we should be able to rectify that. After running the Fixit and receiving this prompt below:-

WSDRA.gif

A reboot would have been required and hence the problem now. In normal circumstances leaving the reboot to later should not have caused any issues but since a custom OTL script was immediately ran afterwards basically your machine did not like that and refused to play nice for us...

As I mentioned prior, no need to worry and we will perform a roll-back as in invoke the system restore point that should have been created by the aforementioned Fixit as follows...

Invoke a System Restore Point:

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select System Restore >> Next >
  • Now select the option Choose a different restore point >> Next >
  • Locate the below(DD/D/DD TT:TT:TT, denotes date and time etc) and click once on it to highlight:-
DD/D/DD TT:TT:TT --------- Installed Microsoft Fix it 50906 --------- Installed

  • Once highlighted click on Next > >> follow the prompts.
  • When the System Restore process has completed your machine should automatically reboot back into Normal Mode.
  • A prompt should now appear denoting the System Restore completed successfully >> click on Close and your desktop should now load up/appear.
Next:

Let myself know when completed the above, if any problems encountered and if your machine is now able to boot up into Normal Mode. If so all good and merely inform myself but make no other changes and we will then go from there, thank you.
  • 0

#19
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi

I completed the Restore Point as you requested.

Computer rebooted into Normal Mode.

Entered my password and waited...went to black screen again.

:help:

LOL
  • 0

#20
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Try rebooting again and let myself know what occurs this time please. :)
  • 0

#21
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Still a black screen with arrow mouse...

I also noticed (and I don't think they were there before) two desktop.ini icons on the desktop.

Edited by DianneH2014, 06 December 2013 - 07:56 AM.

  • 0

#22
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I also noticed (and I don't think they were there before) two desktop.ini icons on the desktop.


Not a cause for concern, merely denotes hidden system files are now visible and easy enough to reset back to default later on.

Still a black screen with arrow mouse...

I'm beginning to suspect the registry and or the whole Operating System itself may be damaged...

Check please if your machine is able to boot into SafeMode with Networking or not and let myself know the outcome in your next reply.

Then follow the instructions again here in post #2(Scan with Farbar Recovery Scan Tool)please, then post the log so I in turn can try and ascertain what the problem is this time.
  • 0

#23
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Able to Boot in Safe Mode with Networking? Yes

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013
Ran by SYSTEM on MININT-GKJOP9V on 06-12-2013 07:29:10
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [StatusAlerts] - C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [309120 2012-02-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKU\DIANNE\...\Run: [DellSystemDetect] - C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-12-03] ()

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S4 dlcj_device; C:\Windows\SysWOW64\dlcjcoms.exe [491520 2005-07-12] ()
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 07:20 - 2013-12-06 07:20 - 01925820 _____ (Farbar) C:\Users\DIANNE\Downloads\FRST64 (1).exe
2013-12-06 07:15 - 2013-12-06 07:15 - 01925820 _____ (Farbar) C:\Users\DIANNE\Downloads\FRST64.exe
2013-12-06 07:15 - 2013-12-06 07:15 - 00665608 _____ ( ) C:\Users\DIANNE\Downloads\ZipExtractorSetup.exe
2013-12-05 16:01 - 2013-12-05 16:01 - 00000000 ____D C:\_OTL
2013-12-05 15:58 - 2013-12-05 15:58 - 00984576 _____ C:\Users\DIANNE\Downloads\MicrosoftFixit50906 (2).msi
2013-12-05 15:51 - 2013-12-05 15:51 - 00984576 _____ C:\Users\DIANNE\Downloads\MicrosoftFixit50906.msi
2013-12-05 15:51 - 2013-12-05 15:51 - 00984576 _____ C:\Users\DIANNE\Downloads\MicrosoftFixit50906 (1).msi
2013-12-05 09:48 - 2013-12-05 16:01 - 00011285 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2013-12-05 09:48 - 2013-12-05 16:01 - 00011285 _____ C:\ProgramData\Desktop\Carbonite Setup.log
2013-12-05 09:48 - 2013-12-05 09:48 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-12-05 09:48 - 2013-12-05 09:48 - 00002134 _____ C:\ProgramData\Desktop\Carbonite InfoCenter.lnk
2013-12-05 08:11 - 2013-12-05 08:12 - 00002282 _____ C:\Users\DIANNE\Desktop\Rkill.txt
2013-12-05 08:11 - 2013-12-05 08:11 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\DIANNE\Downloads\rkill.exe
2013-12-05 08:11 - 2013-12-05 08:11 - 00000000 ____D C:\Users\DIANNE\Desktop\rkill
2013-12-05 04:15 - 2013-12-05 04:15 - 00000041 _____ C:\Users\DIANNE\Downloads\fixlist.txt
2013-12-05 03:47 - 2013-12-05 03:47 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-12-05 03:18 - 2013-12-05 03:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 03:18 - 2013-12-05 03:18 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 03:18 - 2013-12-05 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-05 03:18 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-05 03:14 - 2013-12-05 03:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer (2).exe
2013-12-05 03:14 - 2013-12-05 03:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer (1).exe
2013-12-04 06:41 - 2013-12-04 06:41 - 00000000 ____D C:\FRST
2013-12-03 14:12 - 2013-12-05 08:30 - 00070818 _____ C:\Users\DIANNE\Desktop\Extras.Txt
2013-12-03 14:11 - 2013-12-05 08:28 - 00089232 _____ C:\Users\DIANNE\Desktop\OTL.Txt
2013-12-03 14:08 - 2013-12-03 14:08 - 00602112 _____ (OldTimer Tools) C:\Users\DIANNE\Desktop\OTL.exe
2013-12-03 12:47 - 2013-12-03 12:47 - 22791896 _____ (Microsoft Corporation) C:\Users\DIANNE\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 11:28 - 2013-12-03 11:28 - 00010595 _____ C:\Users\DIANNE\Downloads\dellsystemdetect.application
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Malwarebytes
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 09:29 - 2013-12-03 09:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer.exe
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\ProgramData\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\ProgramData\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 14:14 - 2013-11-15 13:58 - 00000000 ____D C:\Users\DIANNE\Documents\Freelance Ghostwring
2013-11-14 10:59 - 2013-11-14 10:59 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\MarketSamurai
2013-11-14 10:54 - 2013-11-14 10:54 - 03685385 _____ C:\Users\DIANNE\Downloads\MarketSamurai.0.92.95.air
2013-11-13 09:09 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 09:09 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 09:09 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 09:09 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 09:09 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 09:09 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 09:09 - 2013-10-12 00:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 09:09 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 09:09 - 2013-10-11 23:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 09:09 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 09:08 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-11-13 09:08 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 09:08 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 09:08 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-11-13 09:08 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-11-13 09:08 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-11-13 09:08 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-11-13 09:08 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2013-11-13 09:08 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-13 09:08 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-13 09:08 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-11-13 09:08 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-11-13 09:08 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-13 09:08 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-11-13 09:08 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-13 09:08 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-13 09:08 - 2013-10-01 14:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-11-13 09:08 - 2013-10-01 14:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-13 08:52 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2013-11-13 08:52 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 08:51 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 08:51 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 08:50 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 08:50 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 08:50 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 08:50 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 08:50 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 08:50 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 08:50 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 08:50 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 08:50 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 08:50 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 08:50 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 08:50 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 08:50 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 08:50 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 08:50 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 08:50 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 08:50 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 08:50 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 08:50 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 08:50 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-13 08:49 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 08:47 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 08:47 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 08:47 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 08:47 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 08:47 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 08:46 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 08:46 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 08:45 - 2013-11-13 08:47 - 28455920 _____ (SUPERAntiSpyware) C:\Users\DIANNE\Downloads\SUPERAntiSpyware.exe
2013-11-10 09:52 - 2013-11-10 09:54 - 00000000 ____D C:\Users\DIANNE\Documents\Amazon
2013-11-09 08:07 - 2013-11-09 08:07 - 01065431 _____ C:\Users\DIANNE\Downloads\simple-press.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226211 _____ C:\Users\DIANNE\Downloads\stacked.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226190 _____ C:\Users\DIANNE\Downloads\default.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00216013 _____ C:\Users\DIANNE\Downloads\iForum.zip
2013-11-08 15:35 - 2013-11-08 15:35 - 18080872 _____ (Adobe Systems Inc.) C:\Users\DIANNE\Downloads\AdobeAIRInstaller.exe
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-11-06 10:48 - 2013-09-04 06:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-06 09:24 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

2013-12-06 07:20 - 2013-12-06 07:20 - 01925820 _____ (Farbar) C:\Users\DIANNE\Downloads\FRST64 (1).exe
2013-12-06 07:17 - 2011-09-23 07:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-06 07:17 - 2011-09-23 07:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-06 07:17 - 2011-09-12 06:08 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Mozilla
2013-12-06 07:17 - 2011-09-10 18:58 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Macromedia
2013-12-06 07:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-06 07:15 - 2013-12-06 07:15 - 01925820 _____ (Farbar) C:\Users\DIANNE\Downloads\FRST64.exe
2013-12-06 07:15 - 2013-12-06 07:15 - 00665608 _____ ( ) C:\Users\DIANNE\Downloads\ZipExtractorSetup.exe
2013-12-06 07:03 - 2009-07-13 23:10 - 01351542 _____ C:\Windows\WindowsUpdate.log
2013-12-06 06:47 - 2013-02-26 08:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 06:46 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 06:46 - 2009-07-13 22:51 - 00028705 _____ C:\Windows\setupact.log
2013-12-06 06:19 - 2011-09-10 18:55 - 00000000 ____D C:\users\DIANNE
2013-12-06 06:18 - 2011-12-26 10:56 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-05 16:01 - 2013-12-05 16:01 - 00000000 ____D C:\_OTL
2013-12-05 16:01 - 2013-12-05 09:48 - 00011285 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2013-12-05 16:01 - 2013-12-05 09:48 - 00011285 _____ C:\ProgramData\Desktop\Carbonite Setup.log
2013-12-05 15:58 - 2013-12-05 15:58 - 00984576 _____ C:\Users\DIANNE\Downloads\MicrosoftFixit50906 (2).msi
2013-12-05 15:56 - 2012-04-05 09:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 15:55 - 2013-02-26 08:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 15:51 - 2013-12-05 15:51 - 00984576 _____ C:\Users\DIANNE\Downloads\MicrosoftFixit50906.msi
2013-12-05 15:51 - 2013-12-05 15:51 - 00984576 _____ C:\Users\DIANNE\Downloads\MicrosoftFixit50906 (1).msi
2013-12-05 09:48 - 2013-12-05 09:48 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-12-05 09:48 - 2013-12-05 09:48 - 00002134 _____ C:\ProgramData\Desktop\Carbonite InfoCenter.lnk
2013-12-05 09:48 - 2013-02-25 12:59 - 00004142 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-12-05 08:30 - 2013-12-03 14:12 - 00070818 _____ C:\Users\DIANNE\Desktop\Extras.Txt
2013-12-05 08:28 - 2013-12-03 14:11 - 00089232 _____ C:\Users\DIANNE\Desktop\OTL.Txt
2013-12-05 08:12 - 2013-12-05 08:11 - 00002282 _____ C:\Users\DIANNE\Desktop\Rkill.txt
2013-12-05 08:11 - 2013-12-05 08:11 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\DIANNE\Downloads\rkill.exe
2013-12-05 08:11 - 2013-12-05 08:11 - 00000000 ____D C:\Users\DIANNE\Desktop\rkill
2013-12-05 04:15 - 2013-12-05 04:15 - 00000041 _____ C:\Users\DIANNE\Downloads\fixlist.txt
2013-12-05 03:47 - 2013-12-05 03:47 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-12-05 03:18 - 2013-12-05 03:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 03:18 - 2013-12-05 03:18 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 03:18 - 2013-12-05 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-05 03:14 - 2013-12-05 03:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer (2).exe
2013-12-05 03:14 - 2013-12-05 03:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer (1).exe
2013-12-05 03:14 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 03:14 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 02:49 - 2011-05-06 02:06 - 00095736 _____ C:\Windows\PFRO.log
2013-12-04 06:41 - 2013-12-04 06:41 - 00000000 ____D C:\FRST
2013-12-03 14:08 - 2013-12-03 14:08 - 00602112 _____ (OldTimer Tools) C:\Users\DIANNE\Desktop\OTL.exe
2013-12-03 12:47 - 2013-12-03 12:47 - 22791896 _____ (Microsoft Corporation) C:\Users\DIANNE\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 11:29 - 2011-10-03 16:02 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Deployment
2013-12-03 11:28 - 2013-12-03 11:28 - 00010595 _____ C:\Users\DIANNE\Downloads\dellsystemdetect.application
2013-12-03 10:41 - 2012-05-03 12:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-03 10:41 - 2011-12-26 10:56 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-03 10:38 - 2013-10-15 08:41 - 00000000 ____D C:\Users\DIANNE\Documents\Personal
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Malwarebytes
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 09:29 - 2013-12-03 09:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer.exe
2013-12-02 11:00 - 2011-12-26 10:56 - 00003530 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-12-02 11:00 - 2011-12-26 10:56 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-11-29 23:00 - 2011-12-26 10:56 - 00004266 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-29 09:50 - 2013-02-26 08:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 09:50 - 2013-02-26 08:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-23 09:57 - 2013-10-09 08:22 - 00000000 ____D C:\Users\DIANNE\Documents\PreppersParadice
2013-11-22 11:09 - 2013-10-28 08:45 - 00000000 ____D C:\Users\DIANNE\Documents\eLance
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\ProgramData\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-20 16:01 - 2011-09-12 11:58 - 00000000 ____D C:\Users\DIANNE\Documents\Market Samurai
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\ProgramData\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-20 11:03 - 2013-11-06 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-11-19 09:50 - 2013-10-09 07:42 - 00000000 ____D C:\Users\DIANNE\Documents\Affiliate Sites
2013-11-19 04:21 - 2011-10-04 14:16 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-15 14:02 - 2011-09-12 12:12 - 00000000 ____D C:\Users\DIANNE\Documents\Tiffany Dow
2013-11-15 13:58 - 2013-11-14 14:14 - 00000000 ____D C:\Users\DIANNE\Documents\Freelance Ghostwring
2013-11-14 10:59 - 2013-11-14 10:59 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\MarketSamurai
2013-11-14 10:54 - 2013-11-14 10:54 - 03685385 _____ C:\Users\DIANNE\Downloads\MarketSamurai.0.92.95.air
2013-11-13 13:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 09:10 - 2011-09-11 12:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 09:06 - 2012-07-06 13:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-13 09:06 - 2011-10-04 14:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-13 09:06 - 2011-10-04 14:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-13 09:03 - 2013-02-26 08:59 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Google
2013-11-13 09:03 - 2013-02-26 08:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 09:02 - 2013-07-23 10:13 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-13 08:48 - 2013-11-01 12:36 - 00000000 ____D C:\Users\DIANNE\Documents\Copywriting
2013-11-13 08:47 - 2013-11-13 08:45 - 28455920 _____ (SUPERAntiSpyware) C:\Users\DIANNE\Downloads\SUPERAntiSpyware.exe
2013-11-12 15:25 - 2011-05-06 00:17 - 00000000 ____D C:\ProgramData\Adobe
2013-11-12 14:20 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-10 09:54 - 2013-11-10 09:52 - 00000000 ____D C:\Users\DIANNE\Documents\Amazon
2013-11-09 08:07 - 2013-11-09 08:07 - 01065431 _____ C:\Users\DIANNE\Downloads\simple-press.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226211 _____ C:\Users\DIANNE\Downloads\stacked.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226190 _____ C:\Users\DIANNE\Downloads\default.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00216013 _____ C:\Users\DIANNE\Downloads\iForum.zip
2013-11-08 15:35 - 2013-11-08 15:35 - 18080872 _____ (Adobe Systems Inc.) C:\Users\DIANNE\Downloads\AdobeAIRInstaller.exe
2013-11-07 15:00 - 2011-09-12 06:32 - 82896128 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-07 14:28 - 2011-09-10 18:58 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Adobe
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-11-06 11:45 - 2011-09-12 07:12 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Adobe
2013-11-06 11:45 - 2011-05-06 00:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-06 11:20 - 2013-11-04 13:56 - 00000000 ____D C:\Users\DIANNE\AppData\Local\xheader-data

Some content of TEMP:
====================
C:\Users\DIANNE\AppData\Local\Temp\AutoRun.exe
C:\Users\DIANNE\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-952adaa.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-df887640.exe
C:\Users\DIANNE\AppData\Local\Temp\MSNAB1F.exe
C:\Users\DIANNE\AppData\Local\Temp\ose00000.exe
C:\Users\DIANNE\AppData\Local\Temp\ose00001.exe
C:\Users\DIANNE\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DIANNE\AppData\Local\Temp\vcredist_x86.exe
C:\Users\DIANNE\AppData\Local\Temp\WDAutoUpdate.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

18
Restore point made on: 2013-11-19 23:22:59
Restore point made on: 2013-11-20 13:31:56
Restore point made on: 2013-11-20 13:36:05
Restore point made on: 2013-11-22 23:57:02
Restore point made on: 2013-11-23 13:32:59
Restore point made on: 2013-11-23 13:33:02
Restore point made on: 2013-11-23 13:39:04
Restore point made on: 2013-11-26 23:13:59
Restore point made on: 2013-11-27 13:32:57
Restore point made on: 2013-11-27 13:33:06
Restore point made on: 2013-11-30 04:07:48
Restore point made on: 2013-11-30 14:59:02
Restore point made on: 2013-12-02 13:32:50
Restore point made on: 2013-12-04 06:07:31
Restore point made on: 2013-12-05 03:08:41
Restore point made on: 2013-12-05 15:54:08
Restore point made on: 2013-12-05 15:58:53
Restore point made on: 2013-12-05 16:02:12

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3838.98 MB
Available physical RAM: 3253.41 MB
Total Pagefile: 3837.13 MB
Available Pagefile: 3241.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:370.8 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70A43E7E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-29 23:15

==================== End Of Log ============================
  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Able to Boot in Safe Mode with Networking? Yes

Good.

Now it appears we can still invoke\restore the registry the same as last time. Then afterwards I think a different approach is in order which I will give some further thought about...

In the meantime follow the instructions again in post #4(Custom FRST Script).

As before when completed, post the requested Fix Log and let myself know if your machine is now able to boot up into Normal Mode successfully.

Make no other changes to your machine after completing the above please until I advise otherwise, thank you.
  • 0

#25
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I am in Normal mode again.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2013
Ran by SYSTEM at 2013-12-06 12:44:17 Run:3
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
LastRegBack: 2013-11-29 23:15
End
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I am in Normal mode again.

Good.

Do you have a Windows 7 64 Bit Installation DVD at all ? If not please follow the advice in this tutorial of mine here and create a Windows 7 Startup Repair Disk.

Scan with Farbar Recovery Scan Tool:

There appear to be some copies of FRST64 in your downloads folder, might as well delete them as the software is updated regularly...

Then download and save a new copy of the Farbar Recovery Scan Tool 64-Bit to your Desktop.

  • Right-click on FRST.exe and select Run as Administrator to start FRST >> >> follow the prompt/click on Yes
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

  • 0

#27
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013
Ran by DIANNE (administrator) on DH-INC on 06-12-2013 13:46:00
Running from C:\Users\DIANNE\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [DellSystemDetect] - C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-12-03] ()
MountPoints2: {b798088b-13ad-11e2-967f-842b2b93a010} - I:\Autorun.exe
HKLM-x32\...\Run: [StatusAlerts] - C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [309120 2012-02-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default
FF Homepage: hxxp://www.altavista.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\searchplugins\altavista.xml
FF Extension: Yahoo! Toolbar - C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pinterest - C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\Extensions\[email protected]
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S4 dlcj_device; C:\Windows\SysWOW64\dlcjcoms.exe [491520 2005-07-12] ()
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 60216B0E704584DE6D5A9F59E9C34C47
C:\Windows\System32\DRIVERS\atikmpag.sys 6B4E9261B613B047A9A145F328889968
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys 352476C98EF3952563A14F767491BBA9
C:\Windows\System32\DRIVERS\amd_xata.sys F4805C309FE48D6939147FE5CCDB1AD4
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys FB7602C5C508BE281368AAE0B61B51C6
C:\Windows\System32\DRIVERS\atikmdag.sys 60216B0E704584DE6D5A9F59E9C34C47
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 9526F32B8A76F8DC25A1587400E30084
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys D85F3F18E44F7447B5F1BA5C85BAEB7C
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\system32\drivers\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\System32\DRIVERS\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 13:46 - 2013-12-06 13:46 - 00027012 _____ C:\Users\DIANNE\Desktop\FRST.txt
2013-12-06 13:44 - 2013-12-06 13:44 - 01925820 _____ (Farbar) C:\Users\DIANNE\Desktop\FRST64.exe
2013-12-05 17:01 - 2013-12-05 17:01 - 00000000 ____D C:\_OTL
2013-12-05 10:48 - 2013-12-05 17:01 - 00011285 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2013-12-05 10:48 - 2013-12-05 10:48 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-12-05 09:11 - 2013-12-05 09:12 - 00002282 _____ C:\Users\DIANNE\Desktop\Rkill.txt
2013-12-05 09:11 - 2013-12-05 09:11 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\DIANNE\Downloads\rkill.exe
2013-12-05 09:11 - 2013-12-05 09:11 - 00000000 ____D C:\Users\DIANNE\Desktop\rkill
2013-12-05 04:47 - 2013-12-06 13:44 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2013-12-05 04:18 - 2013-12-05 04:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 04:18 - 2013-12-05 04:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-05 04:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-04 07:41 - 2013-12-04 07:41 - 00000000 ____D C:\FRST
2013-12-03 15:12 - 2013-12-05 09:30 - 00070818 _____ C:\Users\DIANNE\Desktop\Extras.Txt
2013-12-03 15:11 - 2013-12-05 09:28 - 00089232 _____ C:\Users\DIANNE\Desktop\OTL.Txt
2013-12-03 15:08 - 2013-12-03 15:08 - 00602112 _____ (OldTimer Tools) C:\Users\DIANNE\Desktop\OTL.exe
2013-12-03 13:47 - 2013-12-03 13:47 - 22791896 _____ (Microsoft Corporation) C:\Users\DIANNE\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 12:29 - 2013-12-03 12:29 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-12-03 12:28 - 2013-12-03 12:28 - 00010595 _____ C:\Users\DIANNE\Downloads\dellsystemdetect.application
2013-12-03 10:30 - 2013-12-03 10:30 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Malwarebytes
2013-12-03 10:30 - 2013-12-03 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 10:29 - 2013-12-03 10:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer.exe
2013-11-21 15:07 - 2013-11-21 15:07 - 00000019 _____ C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-20 14:53 - 2013-11-20 14:53 - 00000933 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-11-20 14:53 - 2013-11-20 14:53 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-11-20 12:03 - 2013-11-20 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 15:14 - 2013-11-15 14:58 - 00000000 ____D C:\Users\DIANNE\Documents\Freelance Ghostwring
2013-11-14 11:59 - 2013-11-14 11:59 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\MarketSamurai
2013-11-14 11:54 - 2013-11-14 11:54 - 03685385 _____ C:\Users\DIANNE\Downloads\MarketSamurai.0.92.95.air
2013-11-13 10:09 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 10:09 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 10:09 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 10:09 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 10:09 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 10:09 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 10:09 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 10:09 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 10:09 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 10:09 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 10:09 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 10:09 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 10:08 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-13 10:08 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 10:08 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 10:08 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-13 10:08 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-13 10:08 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-13 10:08 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-13 10:08 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-13 10:08 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-13 10:08 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-13 10:08 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-13 10:08 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-13 10:08 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-13 10:08 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-13 10:08 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-13 10:08 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-13 10:08 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-13 10:08 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-13 09:55 - 2013-11-13 09:55 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 09:55 - 2013-11-13 09:55 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
2013-11-13 09:55 - 2013-11-13 09:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 09:55 - 2013-11-13 09:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-13 09:52 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-13 09:52 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 09:51 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:51 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 09:50 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:50 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:50 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:50 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 09:50 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 09:50 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 09:50 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:50 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:50 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:50 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:50 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:50 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:50 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:50 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:50 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 09:50 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 09:50 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 09:50 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 09:50 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:50 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 09:49 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 09:47 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:47 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:47 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:47 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 09:47 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 09:46 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:46 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 09:45 - 2013-11-13 09:47 - 28455920 _____ (SUPERAntiSpyware) C:\Users\DIANNE\Downloads\SUPERAntiSpyware.exe
2013-11-10 10:52 - 2013-11-10 10:54 - 00000000 ____D C:\Users\DIANNE\Documents\Amazon
2013-11-09 09:07 - 2013-11-09 09:07 - 01065431 _____ C:\Users\DIANNE\Downloads\simple-press.zip
2013-11-09 09:07 - 2013-11-09 09:07 - 00226211 _____ C:\Users\DIANNE\Downloads\stacked.zip
2013-11-09 09:07 - 2013-11-09 09:07 - 00226190 _____ C:\Users\DIANNE\Downloads\default.zip
2013-11-09 09:07 - 2013-11-09 09:07 - 00216013 _____ C:\Users\DIANNE\Downloads\iForum.zip
2013-11-08 16:35 - 2013-11-08 16:35 - 18080872 _____ (Adobe Systems Inc.) C:\Users\DIANNE\Downloads\AdobeAIRInstaller.exe
2013-11-06 12:45 - 2013-11-06 12:45 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-06 11:48 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-06 11:48 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-06 11:48 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-06 11:48 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-06 11:48 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-06 11:48 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-06 11:48 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-06 10:24 - 2013-11-20 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

2013-12-06 13:46 - 2013-12-06 13:46 - 00027012 _____ C:\Users\DIANNE\Desktop\FRST.txt
2013-12-06 13:44 - 2013-12-06 13:44 - 01925820 _____ (Farbar) C:\Users\DIANNE\Desktop\FRST64.exe
2013-12-06 13:44 - 2013-12-05 04:47 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2013-12-06 13:36 - 2011-12-26 11:56 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-06 13:12 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 13:12 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 13:08 - 2013-02-26 09:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-06 13:07 - 2009-07-14 00:10 - 01389360 _____ C:\Windows\WindowsUpdate.log
2013-12-06 13:03 - 2012-04-05 10:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-06 12:48 - 2013-02-26 09:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 12:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 12:47 - 2009-07-13 23:51 - 00028817 _____ C:\Windows\setupact.log
2013-12-06 12:45 - 2011-05-06 03:06 - 00097066 _____ C:\Windows\PFRO.log
2013-12-06 08:17 - 2011-09-23 08:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-06 08:17 - 2011-09-23 08:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-06 08:17 - 2011-09-12 07:08 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Mozilla
2013-12-06 08:17 - 2011-09-10 19:58 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Macromedia
2013-12-06 08:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-12-06 07:19 - 2011-09-10 19:55 - 00000000 ____D C:\Users\DIANNE
2013-12-05 17:01 - 2013-12-05 17:01 - 00000000 ____D C:\_OTL
2013-12-05 17:01 - 2013-12-05 10:48 - 00011285 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2013-12-05 10:48 - 2013-12-05 10:48 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-12-05 10:48 - 2013-02-25 13:59 - 00004142 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-12-05 09:30 - 2013-12-03 15:12 - 00070818 _____ C:\Users\DIANNE\Desktop\Extras.Txt
2013-12-05 09:28 - 2013-12-03 15:11 - 00089232 _____ C:\Users\DIANNE\Desktop\OTL.Txt
2013-12-05 09:12 - 2013-12-05 09:11 - 00002282 _____ C:\Users\DIANNE\Desktop\Rkill.txt
2013-12-05 09:11 - 2013-12-05 09:11 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\DIANNE\Downloads\rkill.exe
2013-12-05 09:11 - 2013-12-05 09:11 - 00000000 ____D C:\Users\DIANNE\Desktop\rkill
2013-12-05 04:18 - 2013-12-05 04:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 04:18 - 2013-12-05 04:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-04 07:41 - 2013-12-04 07:41 - 00000000 ____D C:\FRST
2013-12-03 15:08 - 2013-12-03 15:08 - 00602112 _____ (OldTimer Tools) C:\Users\DIANNE\Desktop\OTL.exe
2013-12-03 13:47 - 2013-12-03 13:47 - 22791896 _____ (Microsoft Corporation) C:\Users\DIANNE\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 12:29 - 2013-12-03 12:29 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-12-03 12:29 - 2011-10-03 17:02 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Deployment
2013-12-03 12:28 - 2013-12-03 12:28 - 00010595 _____ C:\Users\DIANNE\Downloads\dellsystemdetect.application
2013-12-03 11:41 - 2012-05-03 13:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-03 11:41 - 2011-12-26 11:56 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-03 11:38 - 2013-10-15 09:41 - 00000000 ____D C:\Users\DIANNE\Documents\Personal
2013-12-03 10:30 - 2013-12-03 10:30 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Malwarebytes
2013-12-03 10:30 - 2013-12-03 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 10:29 - 2013-12-03 10:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer.exe
2013-12-02 12:00 - 2011-12-26 11:56 - 00003530 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-12-02 12:00 - 2011-12-26 11:56 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-11-30 00:00 - 2011-12-26 11:56 - 00004266 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-29 10:50 - 2013-02-26 09:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 10:50 - 2013-02-26 09:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-23 10:57 - 2013-10-09 09:22 - 00000000 ____D C:\Users\DIANNE\Documents\PreppersParadice
2013-11-22 12:09 - 2013-10-28 09:45 - 00000000 ____D C:\Users\DIANNE\Documents\eLance
2013-11-21 15:07 - 2013-11-21 15:07 - 00000019 _____ C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-20 17:01 - 2011-09-12 12:58 - 00000000 ____D C:\Users\DIANNE\Documents\Market Samurai
2013-11-20 14:53 - 2013-11-20 14:53 - 00000933 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-11-20 14:53 - 2013-11-20 14:53 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-11-20 12:03 - 2013-11-20 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-20 12:03 - 2013-11-06 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-11-19 10:50 - 2013-10-09 08:42 - 00000000 ____D C:\Users\DIANNE\Documents\Affiliate Sites
2013-11-19 05:21 - 2011-10-04 15:16 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-15 15:02 - 2011-09-12 13:12 - 00000000 ____D C:\Users\DIANNE\Documents\Tiffany Dow
2013-11-15 14:58 - 2013-11-14 15:14 - 00000000 ____D C:\Users\DIANNE\Documents\Freelance Ghostwring
2013-11-14 11:59 - 2013-11-14 11:59 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\MarketSamurai
2013-11-14 11:54 - 2013-11-14 11:54 - 03685385 _____ C:\Users\DIANNE\Downloads\MarketSamurai.0.92.95.air
2013-11-13 14:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 10:10 - 2011-09-11 13:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 10:06 - 2012-07-06 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-13 10:06 - 2011-10-04 15:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-13 10:06 - 2011-10-04 15:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-13 10:03 - 2013-02-26 09:59 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Google
2013-11-13 10:03 - 2013-02-26 09:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 10:02 - 2013-07-23 11:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 09:55 - 2013-11-13 09:55 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 09:55 - 2013-11-13 09:55 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
2013-11-13 09:55 - 2013-11-13 09:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 09:55 - 2013-11-13 09:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-13 09:48 - 2013-11-01 13:36 - 00000000 ____D C:\Users\DIANNE\Documents\Copywriting
2013-11-13 09:47 - 2013-11-13 09:45 - 28455920 _____ (SUPERAntiSpyware) C:\Users\DIANNE\Downloads\SUPERAntiSpyware.exe
2013-11-12 16:25 - 2011-05-06 01:17 - 00000000 ____D C:\ProgramData\Adobe
2013-11-12 15:20 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 10:54 - 2013-11-10 10:52 - 00000000 ____D C:\Users\DIANNE\Documents\Amazon
2013-11-09 09:07 - 2013-11-09 09:07 - 01065431 _____ C:\Users\DIANNE\Downloads\simple-press.zip
2013-11-09 09:07 - 2013-11-09 09:07 - 00226211 _____ C:\Users\DIANNE\Downloads\stacked.zip
2013-11-09 09:07 - 2013-11-09 09:07 - 00226190 _____ C:\Users\DIANNE\Downloads\default.zip
2013-11-09 09:07 - 2013-11-09 09:07 - 00216013 _____ C:\Users\DIANNE\Downloads\iForum.zip
2013-11-08 16:35 - 2013-11-08 16:35 - 18080872 _____ (Adobe Systems Inc.) C:\Users\DIANNE\Downloads\AdobeAIRInstaller.exe
2013-11-07 16:00 - 2011-09-12 07:32 - 82896128 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-07 15:28 - 2011-09-10 19:58 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Adobe
2013-11-06 12:45 - 2013-11-06 12:45 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-06 12:45 - 2011-09-12 08:12 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Adobe
2013-11-06 12:45 - 2011-05-06 01:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-06 12:20 - 2013-11-04 14:56 - 00000000 ____D C:\Users\DIANNE\AppData\Local\xheader-data

Some content of TEMP:
====================
C:\Users\DIANNE\AppData\Local\Temp\AutoRun.exe
C:\Users\DIANNE\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-952adaa.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-df887640.exe
C:\Users\DIANNE\AppData\Local\Temp\MSNAB1F.exe
C:\Users\DIANNE\AppData\Local\Temp\ose00000.exe
C:\Users\DIANNE\AppData\Local\Temp\ose00001.exe
C:\Users\DIANNE\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DIANNE\AppData\Local\Temp\vcredist_x86.exe
C:\Users\DIANNE\AppData\Local\Temp\WDAutoUpdate.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 00:15

==================== End Of Log ============================
  • 0

#28
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2013
Ran by DIANNE at 2013-12-06 13:46:44
Running from C:\Users\DIANNE\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.1)
Adobe AIR (x32 Version: 3.9.0.1210)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7)
Bing Desktop (x32 Version: 1.3.174.0)
Carbonite (x32 Version: 5.5.0 build 3621 (Oct-10-2013))
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Light (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center InstallProxy (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Localization All (x32 Version: 2009.0714.2132.36830)
CCC Help Chinese Standard (x32 Version: 2009.0714.2131.36830)
CCC Help Chinese Traditional (x32 Version: 2009.0714.2131.36830)
CCC Help Czech (x32 Version: 2009.0714.2131.36830)
CCC Help Danish (x32 Version: 2009.0714.2131.36830)
CCC Help Dutch (x32 Version: 2009.0714.2131.36830)
CCC Help English (x32 Version: 2009.0714.2131.36830)
CCC Help Finnish (x32 Version: 2009.0714.2131.36830)
CCC Help French (x32 Version: 2009.0714.2131.36830)
CCC Help German (x32 Version: 2009.0714.2131.36830)
CCC Help Greek (x32 Version: 2009.0714.2131.36830)
CCC Help Hungarian (x32 Version: 2009.0714.2131.36830)
CCC Help Italian (x32 Version: 2009.0714.2131.36830)
CCC Help Japanese (x32 Version: 2009.0714.2131.36830)
CCC Help Korean (x32 Version: 2009.0714.2131.36830)
CCC Help Norwegian (x32 Version: 2009.0714.2131.36830)
CCC Help Polish (x32 Version: 2009.0714.2131.36830)
CCC Help Portuguese (x32 Version: 2009.0714.2131.36830)
CCC Help Russian (x32 Version: 2009.0714.2131.36830)
CCC Help Spanish (x32 Version: 2009.0714.2131.36830)
CCC Help Swedish (x32 Version: 2009.0714.2131.36830)
CCC Help Thai (x32 Version: 2009.0714.2131.36830)
CCC Help Turkish (x32 Version: 2009.0714.2131.36830)
ccc-core-static (x32 Version: 2009.0714.2132.36830)
ccc-utility64 (Version: 2009.0714.2132.36830)
Click to Call with Skype (x32 Version: 5.6.8153)
CM-Uploader (Version: 2.0.4601)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
Creative Memories Memory Manager 3 (x32 Version: 3.0)
Creative Memories StoryBook Creator Plus 3 (x32 Version: 3.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Marketplace Webslice IE8 (x32 Version: 8.0)
Dell MusicStage (x32 Version: 1.4.162.0)
Dell Photo AIO Printer 964
Dell PhotoStage (x32 Version: 1.5.0.30)
Dell Stage (x32 Version: 1.5.420.0)
Dell Support Center (Version: 3.1.5907.16)
Dell System Detect (HKCU Version: 5.3.2.10)
Dell VideoStage (x32 Version: 1.1.1.1408)
DirectX 9 Runtime (x32 Version: 1.00.0000)
eBay (x32 Version: 1.4.0)
FileZilla Client 3.5.1 (x32 Version: 3.5.1)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
GoToAssist 8.0.0.514 (x32)
HP LJ300-400 color MFP M375-M475 (x32)
HP LJ300-400 color MFP M375-M475 Fax (x32 Version: 26.0.162.0)
HP LJ300-400 M375-M475 HP Scan (x32 Version: 1.0.302.0)
HP Product FWUpdater (x32 Version: 4.0.0.6579)
HP Unified IO (Version: 1.0.1.94)
HP Unified IO (x32 Version: 1.0.1.94)
HP Update (x32 Version: 5.005.000.002)
hpbDSService (x32 Version: 002.002.07399)
hpbM375M475DSService (x32 Version: 001.001.05164)
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (x32 Version: 1.01.0000)
HPLJDXPHelper (x32 Version: 020.021.004)
HPLJUTCore (x32 Version: 3.00.0003)
HPLJUTM375-M475 (x32 Version: 1.02.0013)
hppFaxDrvM375M475 (x32 Version: 003.000.00003)
hppLaserJetService (x32 Version: 009.022.00813)
hppM375_M475LaserJetService (x32 Version: 005.021.00132)
hppSendFaxM375M475 (x32 Version: 003.000.00003)
hppToolboxProxyM375 (x32 Version: 035.024.006)
hpStatusAlerts (x32 Version: 035.039.0004)
hpStatusAlertsM375_M475 (x32 Version: 035.026.0004)
InstanceFinder (x32 Version: 020.021.004)
Internet Explorer (x32 Version: 8)
join.me (HKCU Version: 1.6.0.170)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LJDXPHelperUI (x32 Version: 020.021.004)
Magic Article Rewriter (x32 Version: 1.8.4)
Magic Article Submitter (x32 Version: 1.5.0)
Market Samurai (x32 Version: 0.92.96)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Money 2005 (x32 Version: 14)
Microsoft Money 2005 System Pack (x32 Version: 14.0.150)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office FrontPage 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My BidPro Plus (x32)
PhotoShowExpress (x32 Version: 2.0.063)
Pro Diem Data Widget (x32 Version: 3.0.115)
Quicken 2011 (x32 Version: 20.1.8.6)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5977)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skins (x32 Version: 2009.0714.2132.36830)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
StoryBook Creator 4.0 (Version: 4.0.4279)
SUPERAntiSpyware (Version: 5.6.1042)
ToolboxProxy (x32 Version: 035.024.006)
TrustedID (x32 Version: 5.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
WildTangent Games (x32 Version: 1.0.0.71)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 16.0 (Version: 16.0.9691)
XHeader (x32 Version: 1.215)

==================== Restore Points =========================

23-11-2013 05:56:40 Windows Update
27-11-2013 05:13:39 Windows Update
30-11-2013 10:07:27 Windows Update
04-12-2013 12:07:12 Windows Update
05-12-2013 09:08:06 Windows Update
05-12-2013 21:53:53 Installed Microsoft Fix it 50906
05-12-2013 21:58:49 Installed Microsoft Fix it 50906
05-12-2013 22:02:08 OTL Restore Point - 12/5/2013 17:02:08
06-12-2013 18:05:07 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2EB00B15-98B1-4F25-AD73-039A38454C5A} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {4D6053D2-2473-4A61-ADD2-5ABBF50E8868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26] (Google Inc.)
Task: {6BA9970D-39DA-41AA-81FE-3236CB4D4D1C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {78891069-4FDC-4518-8AAC-D4812EE36358} - System32\Tasks\{BF527FB5-5993-4FE5-9A77-91C4936E7A73} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2013-10-10] (Carbonite, Inc.)
Task: {82FD2205-B361-46DE-B379-F0B34391A23F} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {87AE7F2F-3B4A-4B22-9922-692FF9645308} - System32\Tasks\{2A74C526-1994-47C7-81D5-233C00C029D5} => Firefox.exe http://www.skype.com...LastError=12002
Task: {A05DB018-0ABB-472A-84BE-02A5DDEF9522} - System32\Tasks\{D8028B0E-3003-4368-8702-AEAE51E301C5} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2013-10-10] (Carbonite, Inc.)
Task: {A5A6A055-A0C0-49A3-B8C5-5BB630429870} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {D553C0A9-3EF5-4180-859D-DCC11F7C41E7} - System32\Tasks\{2E5C04B9-BAC8-471E-A97E-0B79CB3D94F5} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2013-10-10] (Carbonite, Inc.)
Task: {DBD8F4B5-003F-47D5-82C9-D594A9643841} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26] (Google Inc.)
Task: {F2B079EF-C582-4584-936B-2EF0BC0690EA} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-09-16] (Hewlett Packard)
Task: {FEDFCE73-3F41-429B-9F23-6D5FAABDD2A8} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe [2013-11-13] (Carbonite, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-28 16:19 - 2011-08-28 16:19 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-11-14 16:50 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-14 16:50 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-14 16:50 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-14 16:50 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-14 16:50 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2013 01:41:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (12/06/2013 02:17:37 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (11/23/2013 00:25:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: msseces.exe, version: 4.4.304.0, time stamp: 0x5268660b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x768
Faulting application start time: 0xmsseces.exe0
Faulting application path: msseces.exe1
Faulting module path: msseces.exe2
Report Id: msseces.exe3

Error: (11/20/2013 02:52:34 PM) (Source: MsiInstaller) (User: DH-INC)
Description: Product: Market Samurai -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (11/20/2013 10:17:24 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800705aa, Insufficient system resources exist to complete the requested service.
]

Error: (11/20/2013 10:16:16 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 25.0.0.5046 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 96c

Start Time: 01cee08bcaede9d2

Termination Time: 5287

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 9673c747-51f6-11e3-b397-842b2b93a010

Error: (11/19/2013 01:31:16 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Word because of this error.

Program: Microsoft Word
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/19/2013 01:31:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7109.5000, time stamp: 0x522a4027
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0x16fc
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (11/19/2013 00:44:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: Market Samurai.exe, version: 0.0.0.0, time stamp: 0x52450b4e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1798
Faulting application start time: 0xMarket Samurai.exe0
Faulting application path: Market Samurai.exe1
Faulting module path: Market Samurai.exe2
Report Id: Market Samurai.exe3

Error: (11/14/2013 05:56:26 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Market Samurai.exe because of this error.

Program: Market Samurai.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0


System errors:
=============
Error: (12/06/2013 01:10:02 PM) (Source: Service Control Manager) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2013 01:07:53 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service hung on starting.

Error: (12/06/2013 01:04:53 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (12/06/2013 01:03:53 PM) (Source: Service Control Manager) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2013 01:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.

Error: (12/06/2013 00:46:02 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (12/06/2013 00:46:02 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/06/2013 00:46:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/06/2013 00:46:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/06/2013 00:46:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/06/2013 01:41:20 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (12/06/2013 02:17:37 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (11/23/2013 00:25:14 AM) (Source: Application Error)(User: )
Description: msseces.exe4.4.304.05268660bunknown0.0.0.000000000c0000005000000000000000076801cee603d025a327C:\Program Files\Microsoft Security Client\msseces.exeunknowna0d63dba-53ff-11e3-9122-842b2b93a010

Error: (11/20/2013 02:52:34 PM) (Source: MsiInstaller)(User: DH-INC)
Description: Product: Market Samurai -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/20/2013 10:17:24 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800705aa, Insufficient system resources exist to complete the requested service.

Error: (11/20/2013 10:16:16 AM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.0.504696c01cee08bcaede9d25287C:\Program Files (x86)\Mozilla Firefox\firefox.exe9673c747-51f6-11e3-b397-842b2b93a010

Error: (11/19/2013 01:31:16 AM) (Source: Application Error)(User: )
Description: Microsoft Word000000000

Error: (11/19/2013 01:31:16 AM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.7109.5000522a4027ole32.dll6.1.7601.175144ce7b96fc00000960004866516fc01cee498fa4801a5C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\syswow64\ole32.dll30d78eff-50e4-11e3-b397-842b2b93a010

Error: (11/19/2013 00:44:09 AM) (Source: Application Error)(User: )
Description: Market Samurai.exe0.0.0.052450b4eunknown0.0.0.000000000c000000500000000179801cee485d36e3bd4C:\Program Files (x86)\Market Samurai\Market Samurai.exeunknown9bceec70-50dd-11e3-b397-842b2b93a010

Error: (11/14/2013 05:56:26 PM) (Source: Application Error)(User: )
Description: Market Samurai.exe000000000


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3838.98 MB
Available physical RAM: 2075.39 MB
Total Pagefile: 7676.13 MB
Available Pagefile: 5722.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:370.91 GB) NTFS
Drive i: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70A43E7E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Edited by DianneH2014, 06 December 2013 - 02:51 PM.

  • 0

#29
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
"Do you have a Windows 7 64 Bit Installation DVD at all ? If not please follow the advice in this tutorial of mine here and create a Windows 7 Startup Repair Disk."

No. I do not have a Windows 7 64 Bit Installation DVD.

I followed the advice but could not get the disc to cooperate on this computer. I have an HP laptop PC with the Windows 7 operating system. Can I make a repair disc from that computer following your advice here?

As mentioned in my first inquiry, when all of this funny business was taking place on my computer, I noticed that Firefox (my browser of choice) was acting extremely funny. It would pop in and out of a white screen right in the middle of when I was working. I usually keep a few windows open with several tabs in each window. All of a sudden, the screen would go white and then come back to its normal state. It was doing this quite often toward the end.

I didn't know if I should remove Firefox and re-install? If so, should I save my Favorites? I think I have saved them once somehow (don't remember how I did it) but I could probably figure it out again.

Since working with you I have been using Chrome.

Thanks,

Dianne

Edited by DianneH2014, 07 December 2013 - 06:36 AM.

  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I followed the advice but could not get the disc to cooperate on this computer.

Do you mean unable to boot up the machine with the disk upon a restart and or initial boot depressing the F12 key >> select CD/DVD/CD-RW Drive >> Press any key to Boot from CD or DVD ?

I have an HP laptop PC with the Windows 7 operating system. Can I make a repair disc from that computer following your advice here?

Indeed you can as long as the Operating System is the 64 Bit version, the 32 Bit will not be compatible.

As mentioned in my first inquiry, when all of this funny business was taking place on my computer, I noticed that Firefox (my browser of choice) was acting extremely funny. It would pop in and out of a white screen right in the middle of when I was working. I usually keep a few windows open with several tabs in each window. All of a sudden, the screen would go white and then come back to its normal state. It was doing this quite often toward the end.

I didn't know if I should remove Firefox and re-install? If so, should I save my Favorites? I think I have saved them once somehow (don't remember how I did it) but I could probably figure it out again.

Since working with you I have been using Chrome.

Acknowledged, we will address this next time round I think but by all means do save your favourites now if you so wish.

Next:

Is you machine a either a Dell or HP modal ?

Download/run a Batch File:

Download the attached multi.bat below and save to your Desktop:-



Now right-click on the desktop multi.bat and select Run as Administrator to run the batch file(A blank command window will open on your desktop, then close in a few minutes. This is normal). It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to your Desktop.



  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • A log will now open named Fixlog and it will also be on the desktop >> close FRST.
  • Post the contents of the aforementioned Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Flush Temp' Files:

  • Click Start(Windows 7 Orb) >> Run..(or the Windows key and R together) to bring up the Run box.
  • Cut and paste in cleanmgr into the Run box and press OK >> OK
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Delete Files.
  • Now Reboot(restart) your computer.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my computer modal query.
  • The contents of checkhd.txt
  • Custom FRST Script Log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP