Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Missing imagehlp.dll file [Closed]

Started by ltunagur , Jan 02 2014 02:05 AM

This topic is locked

#1
ltunagur

Posted 02 January 2014 - 02:05 AM

Member

Member
35 posts

I am running Windows Vista 32 bit. I installed the most recent Windows update and now my computer is missing imagehlp.dll file. Any program I try to run I receive an error. I tried to run OTL but get the same error.

OTL.exe - Unable to Locate Component.

This application has failed to start because imagehlp.dll was not found. Re-installing the application may fix this problem.

Thank you in advance for all your help.

#2
ltunagur

Posted 03 January 2014 - 08:04 AM

Member

Topic Starter
Member
35 posts

Since my original post I have remembered/tried a few things.

I had just run a virus scan and was restarting my computer when Windows updated, this is why I believe my problem is virus related. From what I have read the missing imagehlp.dll file is usually related to deleting a program or a virus/malware. I am running Avast on my computer and it will not run. I receive the same error about the missing imagehlp.dll file.
I have tried to run sfc /scannow and receive the error Window resource protection could not start the repair service.
My computer is a Dell computer and I have tried to run a REPAIR COMPUTER. It runs a long time and no errors are found but still getting the logonui.exe error and all error.
Malwarebytes is installed but will not run.
Windows defender will not run.

Again, I thank you for any help you can give me.

#3
Machiavelli

Posted 03 January 2014 - 10:44 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Welcome to GeeksToGo, ltunagur

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

It runs a long time and no errors are found but still getting the logonui.exe error and all error.

Which errors do you get exactly?

I will come back with instructions later.

#4
ltunagur

Posted 03 January 2014 - 11:41 AM

Member

Topic Starter
Member
35 posts

On startup I receive the following error

LogonUI.exe - Unable to Locate Component
This application has failed to start because imagehlp.dll was not found. Re-installing the application may fix this problem.

I have been able to load windows and get on the internet using Safari after closing all the error messages, all saying imagehlp.dll was not found. I got on in safe mode and regular mode probably around 10 times. Each time getting the above error and many more but trying different programs sfc /scannow or trying to REPAIR the computer. However, now for some reason after the error I wrote above appears the computer sits with a black screen and will not give me the log in screen. Not sure what has changed.

I read the article about malware and started by downloading OTL. The program downloaded but it will not run as I stated in my original post.

Edited by ltunagur, 03 January 2014 - 11:47 AM.

#5
Machiavelli

Posted 03 January 2014 - 01:56 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Please don't edit your post(s).

We are here in big trouble being honest, but I'll give my best to fix it.

However, now for some reason after the error I wrote above appears the computer sits with a black screen and will not give me the log in screen. Not sure what has changed.

Does this problem exist in Safe Mode?

Step 1: Boot into Safe Mode

Please start your infected computer and start tapping F8 repeatedly
If this was successful, you will see the Advanced Boot Options screen with the following three options:

Safe Mode
Safe Mode with Networking
Safe Mode with Command prompt

Please try to start in Safe Mode with Networking (1.), if this doesn't work please try to start in Safe Mode (2.)

Tell me which option worked! (if no option worked please also let me know)

#6
ltunagur

Posted 03 January 2014 - 03:37 PM

Member

Topic Starter
Member
35 posts

I was able to login using Safe Mode with Networking

#7
Machiavelli

Posted 04 January 2014 - 02:09 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Try this in Safe Mode.

Step 1: Farbar Recovery Scan Tool (FRST)

I personally believe that this will come back with the same error, but let's give it a try.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
Double-click FRST.exe to run it. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the FRST icon and select Run as Administrator)
When the disclaimer appears, click Yes.
Click Scan to start FRST.
When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

#8
ltunagur

Posted 04 January 2014 - 02:29 PM

Member

Topic Starter
Member
35 posts

Here are the results of the scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Amy (administrator) on AMY-PC on 04-01-2014 14:20:47
Running from C:\Users\Amy\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Safari\Safari.exe
(Apple Inc.) C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4767304 2013-02-28] (AVAST Software)
HKLM\...\RunOnce: [20131224] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\51362f8f-a53a-4873-9655-436f3d5c3105.exe /check [181136 2014-01-02] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {10bd4da7-b0a4-11e0-92b0-001d095f5de3} - F:\TL_Bootstrap.exe
MountPoints2: {b1fc9daf-649f-11e2-b784-001d095f5de3} - F:\TL_Bootstrap.exe
MountPoints2: {d3f971df-171b-11df-b2c9-001d095f5de3} - F:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2008-06-26] (Google)

==================== Internet (Whitelisted) ====================

URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {6169170a-f4d7-44a1-881f-f7ff71c52670} - No File
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2320606
SearchScopes: HKCU - DefaultScope {7F13559B-02AF-4A6D-8B5C-466B0A5A03F6} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {3F04061B-20C6-42B4-9CE9-3237BF72FDE3} URL = http://websearch.ask...86-AB598F5FAC06
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKCU - {7F13559B-02AF-4A6D-8B5C-466B0A5A03F6} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2320606
BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {6169170A-F4D7-44A1-881F-F7FF71C52670} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default
FF user.js: detected! => C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\user.js
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: npDisplayEngine - C:\Program Files\LivingPlay Games\nplplaypop.dll ( )
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Amy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Amy\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LivingPlay TextLinks - C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
FF Extension: Installl Converter - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}(54)
FF Extension: Address Bar Search - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch",
"hxxp://www.google.com/"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
CHR Extension: (Domain Error Assistant) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (Skype Click to Call) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (We-Care Reminder Lite) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0
CHR Extension: (LivingPlay) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh
CHR Extension: (Slick Savings) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx

========================== Services (Whitelisted) =================

S4 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
S4 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-11-27] (Spigot, Inc.)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [45248 2013-02-28] (AVAST Software)
S4 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
S4 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-26] (Google)
S4 gupdate1c9bbda2d1a3f60; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-12] (Google Inc.)
S4 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-12] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29880 2013-02-28] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66408 2013-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49832 2013-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49320 2013-02-28] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765808 2013-02-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368248 2013-02-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62448 2013-02-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [163784 2013-02-28] ()
S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [26672 2009-07-07] (Cisco Systems, Inc.)
S2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [27696 2009-07-07] (Cisco Systems, Inc.)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RimUsb; System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-04 14:20 - 2014-01-04 14:20 - 01064761 _____ (Farbar) C:\Users\Amy\Downloads\FRST.exe
2014-01-04 14:20 - 2014-01-04 14:20 - 00000000 ____D C:\Users\Amy\Desktop\FRST-OlderVersion
2014-01-03 17:04 - 2014-01-03 17:04 - 00001812 _____ C:\Users\Amy\Desktop\readme.txt
2014-01-03 17:04 - 2014-01-03 17:04 - 00000000 ____D C:\Users\Amy\AppData\Roaming\f-secure
2014-01-03 17:04 - 2014-01-03 17:04 - 00000000 ____D C:\ProgramData\F-Secure
2014-01-03 17:03 - 2014-01-03 17:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-03 17:01 - 2014-01-03 17:01 - 00000352 ____H C:\Windows\Tasks\avast! Emergency Update.job
2014-01-03 16:57 - 2014-01-03 16:57 - 02049128 _____ (Trend Micro Inc.) C:\Users\Amy\Downloads\HousecallLauncher.exe
2014-01-03 07:57 - 2014-01-03 07:57 - 00000000 __SHD C:\found.013
2014-01-02 19:19 - 2014-01-02 19:19 - 00000000 __SHD C:\found.012
2014-01-02 18:57 - 2014-01-02 18:58 - 00143728 _____ C:\Windows\Minidump\Mini010214-04.dmp
2014-01-02 17:39 - 2014-01-02 17:39 - 00143728 _____ C:\Windows\Minidump\Mini010214-03.dmp
2014-01-02 13:59 - 2014-01-02 13:59 - 00143728 _____ C:\Windows\Minidump\Mini010214-02.dmp
2014-01-02 13:55 - 2014-01-02 13:55 - 00000000 __SHD C:\found.011
2014-01-02 11:02 - 2014-01-02 11:02 - 00143728 _____ C:\Windows\Minidump\Mini010214-01.dmp
2014-01-02 01:57 - 2014-01-02 01:57 - 00602112 _____ (OldTimer Tools) C:\Users\Amy\Desktop\OTL.exe
2014-01-02 01:45 - 2014-01-02 01:46 - 00033484 _____ C:\Users\Amy\Desktop\Addition.txt
2014-01-02 01:44 - 2014-01-04 14:20 - 00000540 _____ C:\Users\Amy\Desktop\FRST.txt
2014-01-02 01:44 - 2014-01-04 14:20 - 00000000 ____D C:\FRST
2014-01-02 01:43 - 2014-01-04 14:20 - 01064761 _____ (Farbar) C:\Users\Amy\Desktop\FRST.exe
2014-01-02 00:52 - 2014-01-02 00:52 - 00000000 ____D C:\Program Files\MSECache
2014-01-02 00:40 - 2014-01-02 00:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 00:40 - 2014-01-02 00:40 - 00000000 _____ C:\Windows\setupact.log
2014-01-01 23:50 - 2014-01-01 23:50 - 00000824 _____ C:\Users\Amy\Desktop\Eusing Free Registry Cleaner.lnk
2014-01-01 23:50 - 2014-01-01 23:50 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2014-01-01 23:50 - 2014-01-01 23:50 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Eusing
2014-01-01 23:50 - 2014-01-01 23:50 - 00000000 ____D C:\Program Files\Eusing Free Registry Cleaner
2014-01-01 23:45 - 2014-01-01 23:45 - 00185534 _____ C:\Users\Amy\Documents\easy clean save 010114.htm
2014-01-01 23:33 - 2014-01-01 23:33 - 02861613 _____ (InstallShield Software Corporation) C:\Users\Amy\Desktop\EClea2_0.exe
2014-01-01 23:33 - 2014-01-01 23:33 - 00000000 ____D C:\Program Files\ToniArts
2014-01-01 23:27 - 2014-01-01 23:27 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-01 23:27 - 2014-01-01 23:27 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 22:01 - 2014-01-02 17:39 - 00003990 _____ C:\Windows\PFRO.log
2014-01-01 21:35 - 2014-01-01 21:35 - 04379048 _____ (Piriform Ltd) C:\Users\Amy\Downloads\ccsetup407.exe
2014-01-01 15:55 - 2014-01-01 15:55 - 00172444 ____H C:\Windows\system32\mlfcache.dat
2014-01-01 15:45 - 2014-01-01 17:44 - 00000055 _____ C:\Users\Amy\AppData\Roaming\mbam.context.scan
2013-12-30 19:27 - 2013-12-30 19:27 - 00000000 __SHD C:\found.010
2013-12-30 17:33 - 2013-12-30 17:33 - 00138024 _____ C:\Windows\Minidump\Mini123013-01.dmp
2013-12-30 17:32 - 2014-01-02 18:57 - 267242094 _____ C:\Windows\MEMORY.DMP
2013-12-30 15:17 - 2013-12-30 15:17 - 00000000 __SHD C:\found.009
2013-12-29 23:38 - 2013-10-29 20:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-29 23:38 - 2013-10-29 19:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-29 23:38 - 2013-10-29 18:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-29 14:58 - 2013-12-29 14:58 - 00000162 _____ C:\Users\Amy\Documents\cc_20131229_145837.reg
2013-12-29 13:26 - 2013-12-29 13:26 - 00022584 _____ C:\Users\Amy\Documents\cc_20131229_132626.reg
2013-12-29 13:12 - 2014-01-01 20:58 - 00335308 _____ C:\Windows\WindowsUpdate.log
2013-12-22 18:52 - 2013-12-22 18:52 - 00000000 __SHD C:\found.008
2013-12-22 18:11 - 2013-12-22 18:11 - 00000000 __SHD C:\found.007
2013-12-19 04:22 - 2014-01-01 21:30 - 04645232 _____ (Piriform Ltd) C:\Users\Amy\Downloads\ccsetup409.exe
2013-12-10 20:19 - 2013-12-10 20:19 - 00000000 __SHD C:\found.006
2013-12-10 20:08 - 2014-01-02 02:12 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Apple Computer

==================== One Month Modified Files and Folders =======

2014-01-04 14:20 - 2014-01-04 14:20 - 01064761 _____ (Farbar) C:\Users\Amy\Downloads\FRST.exe
2014-01-04 14:20 - 2014-01-04 14:20 - 00000000 ____D C:\Users\Amy\Desktop\FRST-OlderVersion
2014-01-04 14:20 - 2014-01-02 01:44 - 00000540 _____ C:\Users\Amy\Desktop\FRST.txt
2014-01-04 14:20 - 2014-01-02 01:44 - 00000000 ____D C:\FRST
2014-01-04 14:20 - 2014-01-02 01:43 - 01064761 _____ (Farbar) C:\Users\Amy\Desktop\FRST.exe
2014-01-04 14:19 - 2006-11-02 04:33 - 00005530 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 14:17 - 2008-09-01 11:05 - 00001356 _____ C:\Users\Amy\AppData\Local\d3d9caps.dat
2014-01-04 14:14 - 2006-11-02 06:47 - 00366880 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 17:04 - 2014-01-03 17:04 - 00001812 _____ C:\Users\Amy\Desktop\readme.txt
2014-01-03 17:04 - 2014-01-03 17:04 - 00000000 ____D C:\Users\Amy\AppData\Roaming\f-secure
2014-01-03 17:04 - 2014-01-03 17:04 - 00000000 ____D C:\ProgramData\F-Secure
2014-01-03 17:03 - 2014-01-03 17:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-03 17:01 - 2014-01-03 17:01 - 00000352 ____H C:\Windows\Tasks\avast! Emergency Update.job
2014-01-03 17:01 - 2011-01-08 19:27 - 00001802 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-03 17:01 - 2006-11-02 04:23 - 00002577 _____ C:\Windows\system32\config.nt
2014-01-03 16:57 - 2014-01-03 16:57 - 02049128 _____ (Trend Micro Inc.) C:\Users\Amy\Downloads\HousecallLauncher.exe
2014-01-03 11:30 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 11:30 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:30 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 07:57 - 2014-01-03 07:57 - 00000000 __SHD C:\found.013
2014-01-02 19:19 - 2014-01-02 19:19 - 00000000 __SHD C:\found.012
2014-01-02 19:01 - 2006-11-02 07:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-02 18:58 - 2014-01-02 18:57 - 00143728 _____ C:\Windows\Minidump\Mini010214-04.dmp
2014-01-02 18:57 - 2013-12-30 17:32 - 267242094 _____ C:\Windows\MEMORY.DMP
2014-01-02 18:57 - 2008-07-10 18:13 - 00000000 ____D C:\Windows\Minidump
2014-01-02 18:10 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-02 17:39 - 2014-01-02 17:39 - 00143728 _____ C:\Windows\Minidump\Mini010214-03.dmp
2014-01-02 17:39 - 2014-01-01 22:01 - 00003990 _____ C:\Windows\PFRO.log
2014-01-02 14:03 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\spool
2014-01-02 13:59 - 2014-01-02 13:59 - 00143728 _____ C:\Windows\Minidump\Mini010214-02.dmp
2014-01-02 13:55 - 2014-01-02 13:55 - 00000000 __SHD C:\found.011
2014-01-02 11:02 - 2014-01-02 11:02 - 00143728 _____ C:\Windows\Minidump\Mini010214-01.dmp
2014-01-02 02:12 - 2013-12-10 20:08 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Apple Computer
2014-01-02 01:57 - 2014-01-02 01:57 - 00602112 _____ (OldTimer Tools) C:\Users\Amy\Desktop\OTL.exe
2014-01-02 01:52 - 2009-06-29 20:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 01:46 - 2014-01-02 01:45 - 00033484 _____ C:\Users\Amy\Desktop\Addition.txt
2014-01-02 01:19 - 2013-02-07 18:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 01:13 - 2012-10-06 23:44 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605760776-3286238575-773632184-1000UA.job
2014-01-02 00:52 - 2014-01-02 00:52 - 00000000 ____D C:\Program Files\MSECache
2014-01-02 00:40 - 2014-01-02 00:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 00:40 - 2014-01-02 00:40 - 00000000 _____ C:\Windows\setupact.log
2014-01-02 00:28 - 2009-06-29 20:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 23:50 - 2014-01-01 23:50 - 00000824 _____ C:\Users\Amy\Desktop\Eusing Free Registry Cleaner.lnk
2014-01-01 23:50 - 2014-01-01 23:50 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2014-01-01 23:50 - 2014-01-01 23:50 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Eusing
2014-01-01 23:50 - 2014-01-01 23:50 - 00000000 ____D C:\Program Files\Eusing Free Registry Cleaner
2014-01-01 23:45 - 2014-01-01 23:45 - 00185534 _____ C:\Users\Amy\Documents\easy clean save 010114.htm
2014-01-01 23:33 - 2014-01-01 23:33 - 02861613 _____ (InstallShield Software Corporation) C:\Users\Amy\Desktop\EClea2_0.exe
2014-01-01 23:33 - 2014-01-01 23:33 - 00000000 ____D C:\Program Files\ToniArts
2014-01-01 23:33 - 2008-06-26 07:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-01 23:32 - 2006-11-02 05:18 - 00000000 ___RD C:\Users\Public
2014-01-01 23:27 - 2014-01-01 23:27 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-01 23:27 - 2014-01-01 23:27 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 23:20 - 2011-09-05 09:29 - 00000000 ____D C:\Windows\pss
2014-01-01 21:35 - 2014-01-01 21:35 - 04379048 _____ (Piriform Ltd) C:\Users\Amy\Downloads\ccsetup407.exe
2014-01-01 21:30 - 2013-12-19 04:22 - 04645232 _____ (Piriform Ltd) C:\Users\Amy\Downloads\ccsetup409.exe
2014-01-01 20:58 - 2013-12-29 13:12 - 00335308 _____ C:\Windows\WindowsUpdate.log
2014-01-01 17:44 - 2014-01-01 15:45 - 00000055 _____ C:\Users\Amy\AppData\Roaming\mbam.context.scan
2014-01-01 17:04 - 2013-08-27 10:34 - 00002241 _____ C:\Users\Amy\Desktop\Safari.lnk
2014-01-01 15:55 - 2014-01-01 15:55 - 00172444 ____H C:\Windows\system32\mlfcache.dat
2013-12-30 19:27 - 2013-12-30 19:27 - 00000000 __SHD C:\found.010
2013-12-30 17:33 - 2013-12-30 17:33 - 00138024 _____ C:\Windows\Minidump\Mini123013-01.dmp
2013-12-30 15:17 - 2013-12-30 15:17 - 00000000 __SHD C:\found.009
2013-12-29 23:53 - 2008-09-05 18:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-29 14:58 - 2013-12-29 14:58 - 00000162 _____ C:\Users\Amy\Documents\cc_20131229_145837.reg
2013-12-29 14:52 - 2011-08-28 19:34 - 00000000 ____D C:\ProgramData\WeCareReminder
2013-12-29 13:26 - 2013-12-29 13:26 - 00022584 _____ C:\Users\Amy\Documents\cc_20131229_132626.reg
2013-12-22 18:52 - 2013-12-22 18:52 - 00000000 __SHD C:\found.008
2013-12-22 18:11 - 2013-12-22 18:11 - 00000000 __SHD C:\found.007
2013-12-12 07:18 - 2008-07-07 18:23 - 00000000 ____D C:\Users\Amy
2013-12-10 20:19 - 2013-12-10 20:19 - 00000000 __SHD C:\found.006
2013-12-10 13:20 - 2013-02-07 18:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 13:20 - 2011-11-19 06:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 13:10 - 2011-02-22 11:40 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-12-10 12:13 - 2012-10-06 23:44 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605760776-3286238575-773632184-1000Core.job

Some content of TEMP:
====================
C:\Users\Amy\AppData\Local\Temp\fs_health_check.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-03 15:48

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2014 01
Ran by Amy at 2014-01-02 01:45:29
Running from C:\Users\Amy\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
6200 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6200_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6200Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (Version: - )
Advanced SystemCare 6 (Version: 6.1 - IObit)
Advanced Video FX Engine (Version: - )
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASPCA TriMini Reminder by We-Care.com v5.0.0.1 (Version: 5.0.0.1 - We-Care.com)
ATT-PRT22 (Version: - )
avast! Free Antivirus (Version: 8.0.1489.0 - AVAST Software)
Bing Bar (Version: 7.2.241.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (Version: 1.00.0000 - Dell)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCleaner (Version: 4.09 - Piriform)
Cisco EAP-FAST Module (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco Network Magic (Version: 5.5.09195.0 - Pure Networks) Hidden
Cisco PEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Citrix Presentation Server Client - Web Only (Version: 10.150.58643 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (Version: - )
Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Getting Started Guide (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (Version: 2.2.09085 - Dell)
Dell Touchpad (Version: 7.1.103.4 - Alps Electric)
Dell Webcam Center (Version: - )
Dell Webcam Manager (Version: - )
Dell Wireless WLAN Card (Version: 4.170.25.12 - Dell Inc.)
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Line Detect (Version: 1.21 - BVRP Software, Inc)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EasyCleaner (Version: 2.0.6.380 - )
EDocs (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eusing Free Registry Cleaner (Version: - Eusing Software)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Desktop (Version: - - Google)
Google Earth (Version: 7.1.1.1888 - Google)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4601.54 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google Updater (Version: 2.4.2432.1652 - Google Inc.)
GoToAssist 8.0.0.514 (Version: - )
HP Customer Participation Program 8.0 (Version: 8.0 - HP)
HP FWUpdateEDO2 (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (Version: 8.0 - HP)
HP OCR Software 8.0 (Version: 8.0 - HP)
HP Photo Creations (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Essential (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 8.0 (Version: 8.0 - HP)
HP Update (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
iCloud (Version: 2.1.2.8 - Apple Inc.)
Intel® Matrix Storage Manager (Version: - )
Internet Service Offers Launcher (Version: 1.00.0000 - Dell Inc.)
IObit Apps Toolbar v8.3 (Version: 8.3 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (Version: 2.0 - IObit)
iTunes (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 12 (Version: 6.0.120 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Laptop Integrated Webcam Driver (1.03.02.0719) (Version: - )
LG United Mobile Drivers (Version: 3.3.0.0 - LG Electronics)
Live! Cam Avatar Creator (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (Version: 1.0 - Creative Technology Ltd.)
LUMIX Simple Viewer (Version: 0.99.0000 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
MediaDirect (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Modem Diagnostic Tool (Version: 1.0.20.0 - Dell)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 23.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (Version: 1.00.0000 - Dell Inc.)
NetWaiting (Version: 2.5.44 - BVRP Software, Inc)
Network Magic (Version: 5.5.9195.0 - Cisco Systems, Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OutlookAddinSetup (Version: 1.0.0 - CyberLink)
PHOTOfunSTUDIO -viewer- (Version: 1.00.000 - )
Picasa 3 (Version: 3.9 - Google, Inc.)
Product Documentation Launcher (Version: 1.00.0000 - Dell Inc.)
Pure Networks Platform (Version: 11.2.09195.1 - Pure Networks) Hidden
Quicken WillMaker Plus 2013 (Version: 1.0.0.0 - Nolo)
QuickSet (Version: 8.2.20 - Dell Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (Version: 10.1 - )
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Safari (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Seagate Manager Installer (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
Smart Defrag 2 (Version: 2.8 - IObit)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sonos Controller (Version: 21.4.61250 - Sonos, Inc.)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TomTom HOME (Version: 2.9.6 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TurboTax 2010 (Version: - Intuit, Inc)
TurboTax 2010 waliper (Version: 010.000.1332 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (Version: - Intuit, Inc)
TurboTax 2011 waliper (Version: 011.000.1508 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (Version: 011.000.2727 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0436 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0210 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0120 - Intuit Inc.) Hidden
Unity Web Player (Version: 2.6.1f3_31223 - Unity Technologies ApS)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917 - WebEx Communications Inc.)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WordPerfect Office 11 (Version: 11.0 - Corel Corporation)

==================== Restore Points =========================

30-11-2013 20:45:00 Scheduled Checkpoint
02-12-2013 05:30:56 Scheduled Checkpoint
03-12-2013 05:29:27 Scheduled Checkpoint
03-12-2013 07:16:54 Windows Update
03-12-2013 21:07:40 Scheduled Checkpoint
05-12-2013 06:00:02 Scheduled Checkpoint
06-12-2013 01:56:02 Scheduled Checkpoint
06-12-2013 07:23:38 Windows Update
07-12-2013 04:05:40 Scheduled Checkpoint
08-12-2013 07:08:36 Scheduled Checkpoint
09-12-2013 06:00:05 Scheduled Checkpoint
09-12-2013 22:47:15 Scheduled Checkpoint
10-12-2013 07:16:44 Windows Update
11-12-2013 00:19:21 Scheduled Checkpoint
30-12-2013 05:30:35 Windows Update
30-12-2013 05:50:09 Windows Update
02-01-2014 04:06:00 Restore Operation
02-01-2014 05:33:31 Installed EasyCleaner

==================== Hosts content: ==========================

2006-11-02 04:23 - 2006-09-18 15:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9274B4-3D11-4572-BA19-B71030589792} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3A9CE5DB-FB2E-4438-B6F3-9B8E57255352} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-06-30] (IObit)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {47E62C9D-83F8-4D95-B21F-E21335C76AEF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3605760776-3286238575-773632184-1000Core => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22] (Google Inc.)
Task: {4BB3B260-626E-4555-BD6E-DD6D5877826E} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4C562821-CC14-40F1-98E4-0BFEA22E7312} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5997A3AA-1632-4CE3-9BFB-126D39BE44D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3605760776-3286238575-773632184-1000UA => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22] (Google Inc.)
Task: {640BD736-95BF-4632-A3FB-68C6DE55B235} - System32\Tasks\avast! Emergency Update
Task: {6F8E481C-CF59-4434-A1D1-41B5CEDE8C3D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {860AF135-80E0-4D18-A3C3-59C1E91ED77E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-12] (Google Inc.)
Task: {D308D1B5-769B-47FF-A910-FA7CD5976594} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Amy
Task: {D52EC0DF-3F23-454E-82B9-200E3FB64B40} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-23] (Google)
Task: {D85DC3F7-D205-4B71-A646-A2DA2AED0F77} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {ED415389-2C39-4531-9ACF-E9B071F2EBAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-12] (Google Inc.)
Task: {FDEBEA43-18DC-4A02-9EA6-DEF9BFAF3500} - System32\Tasks\SmartDefragUpdate => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605760776-3286238575-773632184-1000Core.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605760776-3286238575-773632184-1000UA.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{1F0E8088-B135-4751-8601-57F14028342E}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-03-18 07:51 - 2013-01-15 17:47 - 00143168 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
2013-03-18 07:51 - 2013-01-15 17:59 - 00106304 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll
2012-03-22 10:40 - 2012-03-22 10:40 - 00087912 _____ () C:\Program Files\Safari\Apple Application Support\zlib1.dll
2012-03-22 10:40 - 2012-03-22 10:40 - 01242472 _____ () C:\Program Files\Safari\Apple Application Support\libxml2.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Amy\Documents\Cole Arrested.eml:OECustomProperty
AlternateDataStreams: C:\Users\Amy\Documents\Cole Hamilton.eml:OECustomProperty
AlternateDataStreams: C:\Users\Amy\Documents\july 4 Mitchell.eml:OECustomProperty
AlternateDataStreams: C:\Users\Amy\Documents\july 4, 2011.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 01:44:45 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xb84, application start time 0xrundll32.exe0.

Error: (01/02/2014 01:44:18 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xcfc, application start time 0xrundll32.exe0.

Error: (01/02/2014 01:44:06 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xb08, application start time 0xSearchIndexer.exe0.

Error: (01/02/2014 01:43:35 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xb0c, application start time 0xSearchIndexer.exe0.

Error: (01/02/2014 01:43:04 AM) (Source: Application Error) (User: )
Description: Faulting application ASCDownload.exe, version 1.0.0.518, time stamp 0x50971ab4, faulting module IMAGEHLP.DLL, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0x9f8, application start time 0xASCDownload.exe0.

Error: (01/02/2014 01:31:53 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xbb0, application start time 0xSearchIndexer.exe0.

Error: (01/02/2014 01:28:53 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xddc, application start time 0xSearchIndexer.exe0.

Error: (01/02/2014 01:27:55 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0x564, application start time 0xSearchIndexer.exe0.

Error: (01/02/2014 01:20:21 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xdd4, application start time 0xSearchIndexer.exe0.

Error: (01/02/2014 01:19:44 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module imagehlp.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xecc, application start time 0xSearchIndexer.exe0.

System errors:
=============
Error: (09/02/2008 11:01:26 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:00:07 PM on 9/2/2008 was unexpected.

Error: (09/02/2008 10:00:09 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:58:08 AM on 9/2/2008 was unexpected.

Error: (09/02/2008 08:56:17 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:55:02 AM on 9/2/2008 was unexpected.

Error: (09/01/2008 07:40:18 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:38:15 PM on 9/1/2008 was unexpected.

Error: (08/24/2008 07:05:30 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:04:14 PM on 8/24/2008 was unexpected.

Error: (08/24/2008 06:04:16 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:02:59 PM on 8/24/2008 was unexpected.

Error: (08/24/2008 05:03:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:01:00 PM on 8/24/2008 was unexpected.

Error: (08/24/2008 11:27:58 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:26:42 PM on 8/24/2008 was unexpected.

Microsoft Office Sessions:
=========================
Error: (11/24/2013 07:54:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3451 seconds with 420 seconds of active time. This session ended with a crash.

Error: (11/24/2013 06:56:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4431 seconds with 3180 seconds of active time. This session ended with a crash.

Error: (11/21/2013 08:51:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 43 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:54:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:53:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:52:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:52:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:51:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:50:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:50:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 164 seconds with 120 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-12-29 19:23:49.336
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:23:49.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:23:48.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:23:48.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:23:48.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:23:47.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:22:05.284
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:22:04.972
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:22:04.660
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-29 19:22:04.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3061.31 MB
Available physical RAM: 1486.81 MB
Total Pagefile: 6324.86 MB
Available Pagefile: 4971.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.32 GB) (Free:114.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.64 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:47.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#9
Machiavelli

Posted 05 January 2014 - 03:44 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Please do all this stuff in Safe Mode.

Step 1: Multiple Anti-Virus Software

I notice that you have multiple anti virus programs installed on your system. If more than one program is running real time protection, then there is a very high chance of conflicts being created. This could cause the programs to 'fight' against eachother and they may render the other useless, hence reducing your protection. It is very important to ensure that you are only running one anti virus program at the same time.

Please remove IObit Malware Fighter before we continue.

Step 2: Registry Cleaner Warning

You have following Registry Cleaners installed: EasyCleaner

These programs are called Registry Cleaners. This kind of programs aren't good for your PC! A registry cleaner will not increase your system's speed or performance and can damage your Registry, which lead to an unbootable PC. At Geeks to Go we strongly advise that users don't use this kind of sketchy programs.

Here is some reading stuff for you:

Registry Junk: A Windows Fact of Life

Step 3: Uninstall Software

Click on the Start button and select Control Panel
Click on Programs then click on Uninstall a program
You will now see a list of your installed software, double click on the following one by one to uninstall them:
- IObit Apps Toolbar v8.3
Once you have done this, reboot your computer

Step 4: Resetting Google Extensions

Run Google Chrome
Please type the command below into the Adress Box

chrome:extensions

A new Tab will open in Google Chrome
You will see an entry which is probably called LivingPlay
Next to this entry you will see a can icon - please click on that to remove the extension from your Browser
A confirmation dialog appears, click Remove.

Do the same for:

Ebay Shopping Assistant by Spigot
Slick Savings
Amazon Shopping Assistant by Spigot

Step 5: FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Right click on FRST.exe and select Run as Administrator - then press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 6: AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

Right-click on AdwCleaner.exe and select Run as administrator.
Click Scan and let the scan run.
When it finishes, click Clean, following the on screen prompts
After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 7: JRT Run

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 8: FRST Search

Right click on FRST.exe and select Run as Administrator
You will see a text box - please give the following text into the Search Box: imagehlp.dll
Then click on Search File(s) - the scan will begin
After this a file called Search.txt (located under the same directory where you saved FRST) will open - please post the content of this file into your next reply

Step 9: Farbar Recovery Scan Tool (FRST)

Right click on FRST.exe and select Run as Administrator
Click Scan to start FRST.
When FRST finishes scanning, a log, FRST.txt, will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Attached Files

fixlist.txt 2.21KB 141 downloads

#10
ltunagur

Posted 05 January 2014 - 04:20 PM

Member

Topic Starter
Member
35 posts

I uninstalled iObit and Easy Cleaner.

I was not able to uninstall IObit Apps Toolbar v8.3. The following error occurred.
Windows Installer
The Windows InstallerService could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

I then tried to run Google Chrome to uninstall the add ons but I could not get Google Chrome to open. I received the following error.
chrome.exe - Unable To Locate Component
this application has failed to start because imagehlp.dll was not found. Re0installing the application may fix this problem.

I did not do any of the other things you suggested because these did not work.
Waiting for your guidance.

#11
Machiavelli

Posted 06 January 2014 - 03:12 AM

GeekU Moderator

GeekU Moderator
4,722 posts

I was not able to uninstall IObit Apps Toolbar v8.3. The following error occurred.
Windows Installer
The Windows InstallerService could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Ignore that for now. We will fix that later.

I then tried to run Google Chrome to uninstall the add ons but I could not get Google Chrome to open. I received the following error.
chrome.exe - Unable To Locate Component
this application has failed to start because imagehlp.dll was not found. Re0installing the application may fix this problem.

The same for here, ignore that for now.

I did not do any of the other things you suggested because these did not work.

Ignore the two steps and proceed with the other steps.

#12
ltunagur

Posted 06 January 2014 - 07:52 AM

Member

Topic Starter
Member
35 posts

Here is the Fixlog.txt file.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-01-2014
Ran by Amy at 2014-01-06 07:44:19 Run:1
Running from C:\Users\Amy\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {6169170a-f4d7-44a1-881f-f7ff71c52670} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2320606
SearchScopes: HKCU - {3F04061B-20C6-42B4-9CE9-3237BF72FDE3} URL = http://websearch.ask...86-AB598F5FAC06
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2320606
BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {6169170A-F4D7-44A1-881F-F7FF71C52670} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Extension: LivingPlay TextLinks - C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
FF Extension: Installl Converter - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}(54)
FF Extension: Address Bar Search - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
S4 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-11-27] (Spigot, Inc.)
C:\ProgramData\boost_interprocess
C:\Program Files\IObit Apps Toolbar
C:\Program Files\Application Updater

*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value deleted successfully.
HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6169170a-f4d7-44a1-881f-f7ff71c52670} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F04061B-20C6-42B4-9CE9-3237BF72FDE3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3F04061B-20C6-42B4-9CE9-3237BF72FDE3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key deleted successfully.
HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6169170A-F4D7-44A1-881F-F7FF71C52670} => Value deleted successfully.
HKCR\CLSID\{6169170A-F4D7-44A1-881F-F7FF71C52670} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] => Moved successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}(54) => Moved successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon => Key deleted successfully.
C:\ProgramData\WeCareReminder\\wecarereminderro.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.
Application Updater => Service deleted successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
C:\Program Files\IObit Apps Toolbar => Moved successfully.
C:\Program Files\Application Updater => Moved successfully.

==== End of Fixlog ====

#13
ltunagur

Posted 06 January 2014 - 08:00 AM

Member

Topic Starter
Member
35 posts

Here is the file from AdwCleaner.exe

# AdwCleaner v3.016 - Report created 06/01/2014 at 07:54:57
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Amy - AMY-PC
# Running from : C:\Users\Amy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Amy\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Amy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Amy\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Amy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\Smartbar
Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52EC0DF-3F23-454E-82B9-200E3FB64B40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\83fs00ny.default\prefs.js ]

Line Deleted : user_pref("CT3299872.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3299872.1000082.shrinkState", "shrinked");
Line Deleted : user_pref("CT3299872.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_city", "BIRMINGHAM");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3299872.1000234.TWC_locId", "USAL0054");
Line Deleted : user_pref("CT3299872.1000234.TWC_location", "Birmingham, AL");
Line Deleted : user_pref("CT3299872.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3299872.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3299872.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3299872.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3299872.FirstTime", "true");
Line Deleted : user_pref("CT3299872.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3299872.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTk3MDkzNw==");
Line Deleted : user_pref("CT3299872.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NTk3MTAxNQ==");
Line Deleted : user_pref("CT3299872.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mg==");
Line Deleted : user_pref("CT3299872.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3NTk3MTAzMw==");
Line Deleted : user_pref("CT3299872.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=attwebmail&l=mail2web.com&t=2&v=0.4&d=conduit2.enc", "MTM3NTk3MTAyOA==");
Line Deleted : user_pref("CT3299872.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3299872.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3299872.SF_USER_ID.enc", "Y2lkXzg4MjAxMzkxMDU0MzM1ODA1");
Line Deleted : user_pref("CT3299872.UserID", "UN88054430387915625");
Line Deleted : user_pref("CT3299872.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3299872.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.cbfirsttime.enc", "VGh1IEF1ZyAwOCAyMDEzIDA5OjA1OjI0IEdNVC0wNTAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3299872.countryCode", "US");
Line Deleted : user_pref("CT3299872.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3299872.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc1OTcwODA4Mjg3LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3299872.discover-user-id.enc", "IjhlMzg2N2QxLTMyOTktNDIxZS05YzM3LWI5MmM0MzgxZDRiZCI=");
Line Deleted : user_pref("CT3299872.embeddedsData", "[{\"appId\":\"130116395078024690\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3299872.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3299872.fired_events.enc", "");
Line Deleted : user_pref("CT3299872.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3299872.fixUrls", true);
Line Deleted : user_pref("CT3299872.fullUserID", "UN88054430387915625.TB.20130808090055");
Line Deleted : user_pref("CT3299872.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3299872.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3299872.installType", "Unknown");
Line Deleted : user_pref("CT3299872.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3299872.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3299872.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3299872.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.key_date.enc", "OA==");
Line Deleted : user_pref("CT3299872.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3299872&octid=CT3299872&SearchSource=15&CUI=UN88054430387915625&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3299872.lastVersion", "10.16.9.6");
Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime.enc", "MTM3NTk3MDY4MTY5NA==");
Line Deleted : user_pref("CT3299872.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3299872.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIzZDgyYzA1YS0wOTc2LTRjYmUtYTFkZS04MTlmNDAwZWQyYWIiLCJ[...]
Line Deleted : user_pref("CT3299872.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Line Deleted : user_pref("CT3299872.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime.enc", "MTM3NTk3MDY3NzgzMw==");
Line Deleted : user_pref("CT3299872.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3299872.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3299872.mam_gk_userId.enc", "ZTBiNjhiZjItMTQ2NS00MmUzLTk4ZTMtODhiZDc4ZjYzZjZm");
Line Deleted : user_pref("CT3299872.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3299872.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fmail2web.com%2Fcgi-bin%2Fdelmail.asp\",\"EB_MAIN_FRAME_TITLE\":\"mail2web.com%20-%20Pick%20U[...]
Line Deleted : user_pref("CT3299872.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3299872.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3299872.search.searchAppId", "130116395078024690");
Line Deleted : user_pref("CT3299872.search.searchCount", "2");
Line Deleted : user_pref("CT3299872.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3299872.searchUserMode", "2");
Line Deleted : user_pref("CT3299872.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3299872\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InstalllConverter.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Installl Converter\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_services_Configuration_lastUpdate", "1375970729403");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375970729002");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appTracking_lastUpdate", "1375970794813");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appsMetadata_lastUpdate", "1375970673195");
Line Deleted : user_pref("CT3299872.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375970731889");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.16.9.6_lastUpdate", "1375970657817");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1375970729533");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1375970729597");
Line Deleted : user_pref("CT3299872.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375970730167");
Line Deleted : user_pref("CT3299872.serviceLayer_services_searchAPI_lastUpdate", "1375970730757");
Line Deleted : user_pref("CT3299872.serviceLayer_services_serviceMap_lastUpdate", "1375970728839");
Line Deleted : user_pref("CT3299872.serviceLayer_services_setupAPI_lastUpdate", "1375970729414");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375970729033");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarSettings_lastUpdate", "1375970672120");
Line Deleted : user_pref("CT3299872.serviceLayer_services_translation_lastUpdate", "1375970729743");
Line Deleted : user_pref("CT3299872.settingsINI", true);
Line Deleted : user_pref("CT3299872.showToolbarPermission", "false");
Line Deleted : user_pref("CT3299872.smartbar.CTID", "CT3299872");
Line Deleted : user_pref("CT3299872.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3299872.smartbar.toolbarName", "Installl Converter ");
Line Deleted : user_pref("CT3299872.toolbarBornServerTime", "8-8-2013");
Line Deleted : user_pref("CT3299872.toolbarCurrentServerTime", "8-8-2013");
Line Deleted : user_pref("CT3299872.toolbarLoginClientTime", "Thu Aug 08 2013 09:04:17 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT3299872.url_history0001.enc", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vci9feWx0PUEwb0c3aVhJcGdOU0pESUFKd1pYTnlvQTtfeWx1PVgzb0RNVEV6WTJzNU5ERTFCSE5sWXdOemNnUndiM01ETlFSamIyeHZBMkZqTWdSMmRHbGtBMVpK[...]
Line Deleted : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375973056563,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("smartbar.machineId", "S2HJ53EH2N6NHVMCL3TQN1NSNPQYBOPVTXK01Y63/RPS/+QV6OBJPLIWN97TCR9KHV/XTH/JCF97XOBJNFRVHG");

-\\ Google Chrome v

[ File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [16741 octets] - [06/01/2014 07:54:09]
AdwCleaner[S0].txt - [17017 octets] - [06/01/2014 07:54:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17078 octets] ##########

#14
ltunagur

Posted 06 January 2014 - 08:10 AM

Member

Topic Starter
Member
35 posts

Result of JRT run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Amy on Mon 01/06/2014 at 8:03:52.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Amy\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"

~~~ FireFox

Emptied folder: C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\83fs00ny.default\minidumps [160 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 8:06:30.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#15
ltunagur

Posted 06 January 2014 - 08:45 AM

Member

Topic Starter
Member
35 posts

Search.txt result

Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by Amy at 2014-01-06 08:11:18
Running from C:\Users\Amy\Desktop
Boot Mode: Safe Mode (with Networking)

================== Search: "imagehlp.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.23248_none_279f086a54ae84de\imagehlp.dll
[2013-12-29 23:38] - [2013-10-21 03:51] - 0158208 ____A (Microsoft Corporation) A16CC6879BA6CCF77420E419A1870FB6

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.22806_none_27c869b2548fb7b5\imagehlp.dll
[2012-04-12 02:08] - [2012-02-29 08:47] - 0157696 ____A (Microsoft Corporation) 5C2132864F0E97624E8297E4BF1C0BE6

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.18971_none_26ee1fcd3baf571d\imagehlp.dll
[2013-12-29 23:38] - [2013-10-22 01:19] - 0158208 ____A (Microsoft Corporation) 09EA40F4DAD2EDB3587E5E0BAA9C3E15

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.18592_none_26d978a73bbeb3ba\imagehlp.dll
[2012-04-12 02:08] - [2012-02-29 09:09] - 0157696 ____A (Microsoft Corporation) EB49FAA5EBBC06356FB12476438781B9

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.18005_none_273dbf533b731283\imagehlp.dll
[2008-07-19 08:54] - [2008-01-19 01:34] - 0153088 ____A (Microsoft Corporation) 8C55A6333DAFAB88E44C040C55179274

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\imagehlp.dll
[2008-07-19 08:54] - [2008-01-19 01:34] - 0153088 ____A (Microsoft Corporation) 8C55A6333DAFAB88E44C040C55179274

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.20580_none_239f21405a893b4a\imagehlp.dll
[2008-06-26 15:08] - [2008-06-26 15:08] - 0152576 ____A (Microsoft Corporation) F3071CFDD6BE3051375506D38CDECD80

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16470_none_2320546141637f8f\imagehlp.dll
[2008-06-26 15:08] - [2008-06-26 15:08] - 0152576 ____A (Microsoft Corporation) 5D53724E96F6B907355E616FFE08EB83

C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16386_none_231b844b41663663\imagehlp.dll
[2006-11-02 03:00] - [2006-11-02 03:46] - 0152576 ____A (Microsoft Corporation) 0042A84C24C6DA6FE904B6FC3421A419

=== End Of Search ===