Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virus-Extreme lag and slowness on my laptop. [Solved]

Started by Butterfly123 , Aug 27 2014 04:04 PM

  • This topic is locked This topic is locked

#1
Butterfly123
Posted 27 August 2014 - 04:04 PM

Butterfly123

    Member

  • Member
  • PipPip
  • 12 posts

Hi. I have a Dell Inspiron laptop. I've had it for 4 years. I've been to GTG in the past for help with other virus issues and you've all helped so much. Now I think I might have another virus, or I may have a Ram or a mechanical problem that I don't know how detect.

 

My laptop is extremely slow. It sticks. It drags. It lags. And it sucks. I'm ready to throw it out the front door. The end of July my Dell battery was so low that I had to buy a new one. I ended up buying one from "ubatteries" (which I'm sure wasn't the best idea). I made sure that all the specs were the same as my Dell battery. 

But now since the middle of this month, when I click on something, (even just offline folders etc) it takes a minute or more for the action to complete. There are times when I am on a website and I will click to open another tab and the internet window will freeze up, disappear for a second or two, and finally open back up. But it will stay stuck and frozen for about an entire minute or two. I use Chrome mainly, but I do use FF and IE every once in a while. Also on a couple of occasions the entire computer has just up and shut down on me as if I have hit the power switch.

 

I ran MBAM and Avast checks, and some online virus scans, and no viruses have been detected. But I noticed that I see alot of "errors" when I look at the logs that were printed out by OTL. I have no idea what they mean, but maybe they can tell you something. 

 

It's been so irritating, I am hoping so bad that one of you guys can help me. I'd sure appreciate it alot. 

 

OTL Log:

 

OTL logfile created on: 8/26/2014 10:52:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 0.19 Gb Available Physical Memory | 4.90% Memory free
7.61 Gb Paging File | 3.13 Gb Available in Paging File | 41.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 244.40 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
 
Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/26 22:50:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/08/06 20:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/31 07:01:42 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/17 15:40:30 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/06 20:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 20:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 20:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014/08/06 20:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014/08/06 20:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/07/17 15:40:33 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/17 15:40:31 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 06:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/17 15:40:30 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/30 12:54:31 | 000,048,128 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/10/14 07:45:26 | 000,270,848 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014/08/05 10:38:17 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/09 22:18:44 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 15:40:49 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/17 15:40:36 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/17 15:40:36 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/17 15:40:36 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/17 15:40:36 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/17 15:40:36 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/17 15:40:36 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/17 15:40:35 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/06 15:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/04/02 02:31:43 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/03/30 12:54:31 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/30 12:54:31 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/19 22:54:44 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 07:45:26 | 000,518,144 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/24 13:19:18 | 000,033,144 | ---- | M] (simonowen.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdrawcmd.sys -- (fdrawcmd)
DRV:64bit: - [2010/04/14 23:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 67 9B 08 14 60 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {4DA5DA9D-0B66-4939-B138-6ABA03AC9584}
IE - HKCU\..\SearchScopes\{02E4B210-812F-4D4A-8DFB-A2AEB724D16A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{4DA5DA9D-0B66-4939-B138-6ABA03AC9584}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:24.7
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:6.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/05 10:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/17 19:44:51 | 000,000,000 | ---D | M]
 
[2012/04/02 21:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2014/08/25 13:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions
[2014/08/20 07:15:39 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014/08/25 13:37:10 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube Full HD Download") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2013/06/02 21:48:57 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2014/08/25 13:14:35 | 000,046,596 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2014/04/16 01:34:15 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2014/08/25 13:58:56 | 001,000,594 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
[2014/07/24 12:52:38 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/08/05 10:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/05 10:38:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\npqscan.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Adblock for Youtubeâ„¢ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.17_0\
CHR - Extension: avast! Online Security = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Pin It Button = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.4_0\
CHR - Extension: Slinky Vintage = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdjbhifhppglclhnmmnlfloepnolbkn\19.6_0\
CHR - Extension: Planner 5D = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Current Moon Phase -N.Hemisphere = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo\1.28.0.0_0\
CHR - Extension: Earth map = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmibphegngmljhikklndacjdpkmhocp\2.1_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\
 
O1 HOSTS File: ([2013/06/08 18:53:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/supp...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B32BC24-EC0D-4AA9-A1D9-85FBD48ED006}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5772C59-C283-4631-82EC-B89D8642236F}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/26 22:49:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/08/25 10:14:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\dwhelper
[2014/08/20 22:55:25 | 000,131,072 | ---- | C] (Dell, Inc.) -- C:\Windows\SysWow64\DellSPMsg.dll
[2014/08/13 23:12:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2014/08/13 23:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/08/09 09:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/05 10:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/26 22:56:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/26 22:50:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/08/26 22:30:01 | 000,000,758 | ---- | M] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2014/08/26 22:18:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/26 22:11:33 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/26 22:11:33 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/26 22:11:33 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/26 09:53:59 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/26 09:53:59 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/26 09:46:57 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/26 09:46:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/26 09:46:18 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/26 04:10:09 | 000,395,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/20 18:45:59 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/20 18:35:53 | 000,006,682 | ---- | M] () -- C:\Users\Owner\Documents\cc_20140820_183543.reg
[2014/08/13 18:49:51 | 000,109,376 | ---- | M] () -- C:\Users\Owner\Documents\cc_20140813_184941.reg
[2014/08/13 16:31:50 | 000,045,568 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2014/08/26 22:30:01 | 000,000,758 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2014/08/20 18:35:49 | 000,006,682 | ---- | C] () -- C:\Users\Owner\Documents\cc_20140820_183543.reg
[2014/08/13 18:49:46 | 000,109,376 | ---- | C] () -- C:\Users\Owner\Documents\cc_20140813_184941.reg
[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2014/05/15 12:50:11 | 000,000,046 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2014/05/15 12:45:54 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2014/05/14 15:09:57 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
[2014/03/17 18:03:57 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2014/03/17 18:03:20 | 000,000,137 | ---- | C] () -- C:\Windows\Crypkey.ini
[2014/03/17 18:03:10 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2014/03/17 18:03:10 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2014/03/17 18:03:10 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2014/01/08 21:32:57 | 000,000,070 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2014/01/02 11:31:26 | 000,681,280 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2014/01/02 11:30:57 | 000,073,469 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2014/01/02 11:18:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/01/02 11:08:27 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/10/20 18:04:35 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/15 15:36:23 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/03/31 04:14:12 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI
[2012/06/07 20:57:11 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.backup.dm
[2012/05/07 09:51:39 | 000,045,568 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 10:53:34 | 000,007,622 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/05/20 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\abelhadigital.com
[2013/12/08 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2012/03/30 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DRPSu
[2013/06/18 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2013/01/03 18:36:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flo & Seb Engineering
[2014/06/28 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\inkscape
[2013/06/27 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2012/06/27 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MP3Rocket
[2012/04/15 12:54:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2014/05/23 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera Software
[2013/05/02 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2012/04/04 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2012/05/31 09:56:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
[2014/08/13 22:56:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2012/11/24 02:25:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RCKR
[2014/07/29 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SandSComputing
[2013/12/29 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SSDir
[2012/04/04 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp
[2014/05/16 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
 
Extras Log:
 
OTL Extras logfile created on: 8/26/2014 10:52:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 0.19 Gb Available Physical Memory | 4.90% Memory free
7.61 Gb Paging File | 3.13 Gb Available in Paging File | 41.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 244.40 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
 
Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0245147A-BBDB-4554-BB7C-5035160E387C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E3793D7-AB15-4386-A2E9-8947EEF75A68}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{183FC6D3-27C0-4502-8F7F-19506D404683}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{198A1FE3-BC20-4328-8C68-8AED26BEDC2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C7A6007-F278-4A01-BDB7-88F4B401963E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2285849D-9989-4F9F-BD41-AE7E69D5C54F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{397268FC-A1FD-44C2-9179-C8A1DA019905}" = rport=139 | protocol=6 | dir=out | app=system | 
"{401C1EFA-09D1-49CF-ADEF-56C5620C2257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54AF4A41-9027-48CA-AC5C-B69A80695112}" = lport=138 | protocol=17 | dir=in | app=system | 
"{58644017-0954-499F-B5F9-05D95D009266}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5F83A0B8-5250-477C-AE25-A3C96F743E43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B4347D7-947F-4E99-B424-FE030CE8B310}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7EFDD118-1184-4F7E-81D8-2CF74398A9FA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7F532AFF-19C0-4CDC-998C-ECDAA7B0B423}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8903D71D-2C83-4407-ABDA-77623D1BDE78}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B273D6A6-735E-4387-BC6F-0CF3325ADF0F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{B7229928-2C06-4B14-917F-8674D5FE6EB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C728F8E9-59FC-4996-8ECA-B18D4CEE1D07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CE8D2F34-3D71-4271-A1C3-4C286A589D5E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E2A23896-D9F2-46B0-A8F3-FE72E917D458}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{F6D52823-CB3D-46C1-BD03-658576B152CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FDD60437-8B36-407A-A848-710CE126B125}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078D3C5D-B6A9-4E90-94D7-CEAD45A5E2FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0F5E8D30-357A-4AD6-B5BA-E8B57DFDEF64}" = protocol=1 | dir=out | [email protected],-28544 | 
"{16EFBCF2-AB53-4AAB-B5BE-334328138F58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{258067AF-0D5E-4C77-80C0-4A6BBE73E3DE}" = protocol=1 | dir=in | [email protected],-28543 | 
"{351FB782-8661-4EEC-AB68-70206B83D9FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A03B616-13F4-4AA3-A74C-7412EF0AD18B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{502BEB79-6B23-4DB1-9058-F2ABF0DA7280}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{513837D3-D19A-4E4B-BC9E-6E7AB9DBC462}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5DA7CA73-B45B-4896-B0A0-AF3AD31E7959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6888CC8D-B795-47CE-9AE8-4B178BE1FC64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6DE9A3CD-709C-460A-A903-A225ADD2EE69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{794A815C-DF67-4D82-BFEB-F26B7EA9B1C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7BAC6710-A57D-45C1-B570-DFF5056DDC99}" = protocol=58 | dir=in | [email protected],-28545 | 
"{8C003471-897B-4185-81C9-230474CC4969}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD6AB1F3-CA7F-46A2-87E2-C8F8B844A348}" = protocol=6 | dir=out | app=system | 
"{B79CDC5B-6C3A-4579-BBBB-D3B2BCAE596E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8108F04-A82A-4635-B90D-292D50FC4AC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B936CFA4-6E85-4E32-A85D-F44F595D1C90}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6C781B5-3525-4624-A140-241C5C65DE04}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D9B82F7B-800B-4EC4-8525-92866AE23C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EBF40202-166D-4A46-8542-40274DFDFDCA}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F809EEDB-D075-44F0-89B3-C9FEAE820935}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{A4A18E14-E228-4FC9-8E78-2112EEFD0B16}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{C235B9E2-B5B6-4585-B42F-3A9A38C9F860}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4F4511FC-2FBD-4C83-AA7A-1ABB424975A6}" = SewWhat-Pro
"{527281D5-3D6A-4408-A771-7A91B483E60F}" = SewArt
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5D06A95D-2DD5-429B-8FF6-F966A8AAC115}" = SewWrite
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8397C1C5-39CA-4D5E-A798-50B5E6C6ABCB}" = SewWrite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4E3AD0C-C757-47C0-B66B-341EDF6D74A2}" = SewIconz
"{A7395F20-2B22-4CB8-8510-B452C0F47E02}" = Movie Maker 6.0 for Windows 7 (64-bit)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F1F646A7-AC07-4B3B-9E25-AF3DBA55D7FF}" = SewWrite
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"GIMP-2_is1" = GIMP 2.8.10
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"fdrawcmd" = Fdrawcmd.sys 1.0.1.11
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Amazon Kindle" = Amazon Kindle
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/20/2014 10:46:39 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized.  Context:
 Windows Application, SystemIndex Catalog  Details:  The content index catalog is corrupt.
  (HRESULT : 0xc0041801) (0xc0041801) 
 
Error - 8/20/2014 10:46:41 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized.  Context:
 Windows Application, SystemIndex Catalog  Details:  Element not found.  (HRESULT : 
0x80070490) (0x80070490) 
 
Error - 8/20/2014 10:46:41 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized.  Context: Windows Application,
 SystemIndex Catalog  Details:  The content index catalog is corrupt.  (HRESULT : 0xc0041801)
 (0xc0041801) 
 
Error - 8/20/2014 10:46:41 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized.  Context: Windows Application
 
Details:
The
 content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801) 
 
Error - 8/20/2014 10:46:41 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized.  Details:  The content index catalog 
is corrupt.  (HRESULT : 0xc0041801) (0xc0041801) 
 
Error - 8/22/2014 12:41:00 AM | Computer Name = LisaDay | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/25/2014 4:45:07 PM | Computer Name = LisaDay | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/25/2014 4:45:16 PM | Computer Name = LisaDay | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/25/2014 5:00:32 PM | Computer Name = LisaDay | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/25/2014 5:00:41 PM | Computer Name = LisaDay | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Broadcom Wireless LAN Events ]
Error - 7/23/2014 9:58:08 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 06:57:43, Wed, Jul 23, 14 Error - (WLTRAY.EXE-2044)  Unable to start
 peernet session, after 200 iterations 
 
Error - 7/23/2014 9:58:08 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 06:58:08, Wed, Jul 23, 14 Error - Unable to initialize peernet library
 
 
[ System Events ]
Error - 8/23/2014 9:04:25 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/23/2014 8:11:29 PM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/24/2014 7:04:58 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/24/2014 1:23:37 PM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/24/2014 2:36:48 PM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/25/2014 8:09:53 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/25/2014 11:47:39 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/25/2014 2:36:15 PM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/26/2014 7:10:04 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 8/26/2014 12:46:42 PM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
 

 

 


  • 0

Advertisements

#2
emeraldnzl
Posted 31 August 2014 - 06:58 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Butterfly123,

 

Sorry for the delay.

 

My first thought is that the symptoms your laptop exhibit are not malware related but let's check it out and see what we can find. :)

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

Next

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Note: rKill.txt log can also be found on your desktop.

 

 

So when you return please post

  • FRST.txt
  • Addition.txt
  • rKill.txt

  • 0

#3
Butterfly123
Posted 31 August 2014 - 11:13 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I want to thank you so much for your reply. Here are the things you asked for.

FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on LISADAY on 31-08-2014 21:43:33
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1837369184-1756073175-2637968707-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1837369184-1756073175-2637968707-1000\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDA679B081460CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/supp...t/Ode/pcd86.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\[email protected] [2014-08-25]
FF Extension: ColorfulTabs - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-08-20]
FF Extension: NoSquint - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\[email protected] [2013-06-02]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\[email protected] [2014-08-25]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-04-15]
FF Extension: Download Status Bar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-25]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Bitdefender QuickScan) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\npqscan.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Reallusion CT4Player for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll ( )
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-02-09]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-09]
CHR Extension: (Pin It Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-06-27]
CHR Extension: (Slinky Vintage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdjbhifhppglclhnmmnlfloepnolbkn [2014-07-26]
CHR Extension: (Planner 5D) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-10-21]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Current Moon Phase -N.Hemisphere) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2014-02-09]
CHR Extension: (Earth map) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmibphegngmljhikklndacjdpkmhocp [2014-02-13]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-02-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software)
S4 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] () [File not signed]
S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5830656 2012-03-30] (Broadcom Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-17] ()
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (simonowen.com)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S1 SASDIFSV; \??\C:\Users\Owner\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Owner\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-31 21:43 - 2014-08-31 21:44 - 00016725 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-08-31 21:43 - 2014-08-31 21:43 - 00000000 ____D () C:\FRST
2014-08-31 21:41 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Owner\Desktop\My Stuff
2014-08-31 21:39 - 2014-08-31 21:40 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-08-27 22:26 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 22:26 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 22:26 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 23:06 - 2014-08-26 23:06 - 00048054 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-08-26 23:05 - 2014-08-26 23:05 - 00077388 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-08-26 22:49 - 2014-08-26 22:50 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-08-26 22:30 - 2014-08-26 22:30 - 00000758 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2014-08-25 11:50 - 2014-08-25 11:50 - 01057176 _____ (Adobe) C:\Users\Owner\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-08-25 10:14 - 2014-08-25 10:14 - 00000000 ____D () C:\Users\Owner\dwhelper
2014-08-20 23:07 - 2014-08-20 23:08 - 00004198 _____ () C:\Windows\DPINST.LOG
2014-08-20 23:07 - 2010-04-14 23:40 - 00301688 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-08-20 23:07 - 2010-02-26 07:32 - 00100352 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-08-20 22:55 - 2009-09-02 07:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2014-08-20 19:46 - 2014-08-20 20:01 - 00000248 _____ () C:\Windows\error.log
2014-08-20 19:45 - 2014-08-31 11:17 - 00002380 _____ () C:\Windows\setupact.log
2014-08-20 19:45 - 2014-08-31 11:17 - 00001036 _____ () C:\Windows\errord.log
2014-08-20 19:45 - 2014-08-20 19:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 18:35 - 2014-08-20 18:35 - 00006682 _____ () C:\Users\Owner\Documents\cc_20140820_183543.reg
2014-08-13 23:12 - 2014-08-13 23:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-08-13 23:12 - 2014-08-13 23:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-13 18:49 - 2014-08-13 18:49 - 00109376 _____ () C:\Users\Owner\Documents\cc_20140813_184941.reg
2014-08-12 22:04 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 22:04 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 22:04 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 22:04 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 22:04 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 22:04 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 22:03 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 22:03 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 14:03 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 14:03 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 14:03 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 14:03 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 14:03 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 14:03 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 14:03 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 14:03 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 14:03 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 14:03 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 14:03 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 14:03 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 14:03 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 14:03 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 14:02 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 14:02 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 14:02 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 14:02 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 14:02 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 14:02 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 14:02 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 14:02 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 14:02 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 14:02 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 14:01 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 14:01 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 14:01 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 14:01 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 14:01 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 14:01 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 14:01 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 14:01 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 14:01 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 14:01 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 14:01 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 14:01 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 14:01 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 14:01 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 14:01 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 14:01 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 14:01 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 14:01 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 14:01 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 14:01 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 14:01 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 14:01 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 14:01 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 14:01 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 14:01 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 14:01 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 14:01 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 14:01 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 14:01 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 14:01 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 14:01 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 14:01 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 14:01 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 14:01 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 14:01 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 14:01 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 14:01 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 14:01 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 14:01 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 14:01 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 14:01 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 14:01 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 14:01 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 14:01 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 14:01 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 14:01 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 14:01 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 14:01 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 14:01 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 14:01 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 14:01 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 13:58 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 13:58 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 13:58 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 13:58 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-05 10:38 - 2014-08-05 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 22:33 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 22:33 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 22:33 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 22:33 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 22:33 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 22:33 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 22:33 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 22:33 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 22:33 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 22:33 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 22:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 22:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 22:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 22:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-31 21:44 - 2014-08-31 21:43 - 00016725 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-08-31 21:43 - 2014-08-31 21:43 - 00000000 ____D () C:\FRST
2014-08-31 21:42 - 2014-08-31 21:41 - 00000000 ____D () C:\Users\Owner\Desktop\My Stuff
2014-08-31 21:40 - 2014-08-31 21:39 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-08-31 21:18 - 2014-03-26 14:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 21:18 - 2012-03-30 19:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-08-31 20:56 - 2013-10-21 12:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 20:56 - 2012-03-30 14:15 - 01857397 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 11:25 - 2009-07-13 21:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 11:25 - 2009-07-13 21:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 11:17 - 2014-08-20 19:45 - 00002380 _____ () C:\Windows\setupact.log
2014-08-31 11:17 - 2014-08-20 19:45 - 00001036 _____ () C:\Windows\errord.log
2014-08-31 11:17 - 2013-10-21 12:21 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 11:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 03:33 - 2012-07-09 10:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-30 13:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-30 12:32 - 2012-07-06 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\CutePDF Writer
2014-08-29 01:18 - 2009-07-13 21:45 - 00396280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 23:06 - 2014-08-26 23:06 - 00048054 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-08-26 23:05 - 2014-08-26 23:05 - 00077388 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-08-26 22:50 - 2014-08-26 22:49 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-08-26 22:30 - 2014-08-26 22:30 - 00000758 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2014-08-26 22:29 - 2012-04-04 11:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-26 22:11 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 11:50 - 2014-08-25 11:50 - 01057176 _____ (Adobe) C:\Users\Owner\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-08-25 10:14 - 2014-08-25 10:14 - 00000000 ____D () C:\Users\Owner\dwhelper
2014-08-25 10:14 - 2012-03-30 14:19 - 00000000 ____D () C:\Users\Owner
2014-08-22 19:07 - 2014-08-27 22:26 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 22:26 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 22:26 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 14:59 - 2014-05-20 23:52 - 00000000 ___RD () C:\Users\Owner\Desktop\Storage for John
2014-08-20 23:08 - 2014-08-20 23:07 - 00004198 _____ () C:\Windows\DPINST.LOG
2014-08-20 23:08 - 2012-03-30 21:32 - 00000000 ____D () C:\Program Files\DellTPad
2014-08-20 23:00 - 2012-04-04 14:15 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-08-20 22:55 - 2012-03-30 21:31 - 00000000 ____D () C:\dell
2014-08-20 20:01 - 2014-08-20 19:46 - 00000248 _____ () C:\Windows\error.log
2014-08-20 19:45 - 2014-08-20 19:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 19:19 - 2014-05-23 18:58 - 00000000 ___RD () C:\Users\Owner\Desktop\Weekly Scans
2014-08-20 19:17 - 2014-05-23 19:38 - 00000000 ____D () C:\AdwCleaner
2014-08-20 18:45 - 2014-05-23 16:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 18:35 - 2014-08-20 18:35 - 00006682 _____ () C:\Users\Owner\Documents\cc_20140820_183543.reg
2014-08-16 08:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 13:50 - 2014-07-23 10:54 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-14 13:39 - 2012-04-04 17:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-08-13 23:12 - 2014-08-13 23:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-08-13 23:12 - 2014-08-13 23:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-13 22:56 - 2014-01-02 11:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan
2014-08-13 18:49 - 2014-08-13 18:49 - 00109376 _____ () C:\Users\Owner\Documents\cc_20140813_184941.reg
2014-08-13 16:31 - 2012-05-07 09:51 - 00045568 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-13 02:06 - 2013-08-14 22:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 01:59 - 2012-03-31 01:14 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 22:01 - 2014-04-30 11:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 13:32 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-08-09 09:56 - 2012-03-30 19:18 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 05:29 - 2014-02-18 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 19:06 - 2014-08-12 13:58 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-12 13:58 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 10:38 - 2014-08-05 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 09:20 - 2012-03-30 12:43 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 20:30
 
==================== End Of Log ============================
 
 
ADDITIONAL LOG:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Owner at 2014-08-31 21:45:34
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.8 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.202 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fdrawcmd.sys 1.0.1.11 (HKLM-x32\...\fdrawcmd) (Version: 1.0.1.11 - Simon Owen)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6304.0 - IDT)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.8.0.1003 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
SewArt (HKLM\...\{527281D5-3D6A-4408-A771-7A91B483E60F}) (Version: 1.7.8 - S & S Computing)
SewIconz (HKLM\...\{A4E3AD0C-C757-47C0-B66B-341EDF6D74A2}) (Version: 1.7.7 - S & S Computing)
SewWhat-Pro (HKLM\...\{4F4511FC-2FBD-4C83-AA7A-1ABB424975A6}) (Version: 3.7.4 - S & S Computing)
SewWrite (HKLM\...\{5D06A95D-2DD5-429B-8FF6-F966A8AAC115}) (Version: 1.2.6 - S & S Computing)
SewWrite (HKLM\...\{8397C1C5-39CA-4D5E-A798-50B5E6C6ABCB}) (Version: 1.2.1 - S & S Computing)
SewWrite (HKLM\...\{F1F646A7-AC07-4B3B-9E25-AF3DBA55D7FF}) (Version: 1.2.4 - S & S Computing)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-08-2014 23:50:40 Windows Update
21-08-2014 05:59:41 Installed System Software.
25-08-2014 18:12:34 Removed Java 7 Update 55
29-08-2014 05:00:30 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-06-08 18:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0186BC8C-6118-4EBE-83EF-487404E6F286} - System32\Tasks\{4946BCB4-05D9-46AB-BFFF-A364302998E2} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {10B054CB-BF30-413D-AEC6-0934026BB1E4} - System32\Tasks\{EA2718E5-EADF-4C3B-A7E3-DD146E57A6F1} => C:\Program Files\S &amp; S Computing\SewWrite\SewWrite.exe
Task: {1A3863E4-1FF5-4BD2-8503-2F04EAC8B212} - System32\Tasks\{869E56A5-3FBD-4741-8992-8F56EC129684} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe
Task: {2374B056-B2D0-4F96-BA87-42CEAA9CE204} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2828F39F-5E42-4467-B8F7-C9786592C35C} - System32\Tasks\{D5D65463-BDC6-4CC1-B37E-01A2BE394278} => C:\Users\Owner\Downloads\theword-setup-en.exe
Task: {2BE13359-EE8E-4F20-829E-6348CFBF0925} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe
Task: {365DEE64-D5B8-4EC3-8523-D4AF04F1B916} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3B4D5F85-2813-4DFA-B387-3A00B0BB0347} - System32\Tasks\{C65D3726-9DDE-43CC-8E71-F3C46EAC595C} => C:\Program Files\S &amp; S Computing\SewWrite\SewWrite.exe
Task: {3BC46F9A-7FAD-44C7-92F3-24118C8C40EA} - System32\Tasks\{91BC6A50-AD8C-4491-AF20-E8E0E17BD2FB} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe
Task: {3E21233D-E355-4629-B6D9-0354DFB8A738} - System32\Tasks\{C5412217-FE30-406A-8044-85CD0E5F2F04} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {418DFC5D-B9C4-4155-B788-7B963EAC3CF3} - System32\Tasks\{F9F3F3C2-F160-4201-B37B-FD83C67CC32C} => C:\Program Files\S &amp; S Computing\SewWrite\SewWrite.exe
Task: {44C4ED48-FDBF-4A5E-B38B-06E378296217} - System32\Tasks\{C8588C6C-E0D7-4EF3-8C89-2F9063F89977} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {46A4D31F-55FD-4361-8E30-D20DE13A17D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.)
Task: {47A97839-94C2-4E42-88C3-AD8C100BEE72} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {498975F3-5709-42B0-AC4D-3D4AE48D1401} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4B91227D-7C65-4758-8BE1-8B9F9E6D711B} - System32\Tasks\{05B86A2B-FBBD-49B1-9895-8BE6D2831A72} => C:\Program Files (x86)\EmbFontsPlus\EmbFontsPlus.exe
Task: {4BDD85D9-B076-444E-B3BA-3581FC038FF5} - System32\Tasks\{BC3A7F5E-6EF4-44D5-80CC-8A9EFC366EBF} => C:\Users\Owner\Downloads\ImageResizerPowertoySetup.exe
Task: {4D08AA97-B65B-4E3B-AE53-3AF7A2FF9B74} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {4F637A1D-420F-43B0-822D-77232800CECC} - System32\Tasks\{598904D4-9903-4CAC-B2FD-53CB13C0E1AA} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe
Task: {4FBB9B12-FC8A-4923-97DD-7AC30A733F0E} - System32\Tasks\{E0D22C84-A5DF-4923-A674-580E27A47A51} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31] (AVAST Software)
Task: {5058DB18-89A9-4491-A8FC-55BE0FC2B2F0} - System32\Tasks\{39B21596-6CDB-4339-9F1F-92767553C2E9} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {52D9DFD4-A0BF-44E2-B9D2-8236F50104C8} - System32\Tasks\{75AA678A-37A6-4B6C-B664-731F71212E4A} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe
Task: {55AD3426-13CF-44B7-9AE5-96468E27B745} - System32\Tasks\{051A394C-E930-4625-A315-00FDFDD1DB0E} => C:\Program Files\S &amp; S Computing\SewWhat-Pro\SewWhat-Pro.exe
Task: {5B60044F-457D-4EFF-BCDC-C6716CB893CF} - System32\Tasks\{96BBB182-4A2A-454B-8D5A-FEB5267606FE} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {69C265B7-91A8-4146-955C-DD3B8B101E87} - System32\Tasks\{E524DD98-7C17-4AAC-ADF1-65034E4A736E} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe
Task: {6B6DB86C-AA88-49FB-8729-281393041611} - System32\Tasks\{9B9A4A46-5ADA-48CB-89AE-5FEE51B70C92} => C:\Program Files\S &amp; S Computing\SewWhat-Pro\SewWhat-Pro.exe
Task: {756D02E7-7945-45A7-8796-06B495B4007B} - System32\Tasks\{81447682-8761-489A-B298-134796C22A20} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe
Task: {8B7B1722-EAF0-426D-99AF-91BF28DFF13C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {9C1BF17F-2B72-4714-A8FC-A8091372C60F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-17] (AVAST Software)
Task: {AE345A54-F492-4C1C-AD39-B77B5B53D330} - System32\Tasks\{2D2AE3E3-E563-40F9-9794-67C0AC9CE458} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31] (AVAST Software)
Task: {B6A20B03-626D-46B8-92B2-388631C7909B} - System32\Tasks\{ACCF7067-5AE1-4C15-B501-5F756307DAA6} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {B84540F0-B934-4D4A-B67D-2225465C9FA6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {B9F3F647-9724-4263-8B37-7706E4414B7D} - System32\Tasks\{4DCE1B12-0EA4-49CA-8240-C288F4AD0B01} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31] (AVAST Software)
Task: {BC414DBE-5FFE-4C31-95D9-116ADEECAEF8} - System32\Tasks\{7C1CBE4E-777B-460D-80B8-15D8E840008E} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {BEB03B06-754E-4098-987B-B02D9C31F6A6} - System32\Tasks\{B36EEF1D-5092-474C-AA1E-C5B2846BD77D} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {C0647D69-2890-45AF-88C3-FE735B10D142} - System32\Tasks\{B75EBC3A-FBEE-41F7-BC49-CB4B8E96550D} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31] (AVAST Software)
Task: {C42DD992-CACD-4557-8E5A-257D7AABB967} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {CE1D70AE-F4DD-4ABD-ADEB-568D1E18C8DA} - System32\Tasks\{ED522B71-8BC0-4B30-8DD3-B865A863C75D} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {D1777774-EF9B-4E18-83B5-8F314BF03929} - System32\Tasks\{E1DEA588-515C-482C-B2E5-9CCC21BCCF07} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {D1A22147-93DC-4890-819D-4847F87B6D53} - System32\Tasks\{DF0622E8-2744-4F04-9EDD-128FC0836173} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {D3664F90-0FBB-499D-8A08-94012C8DBC9B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D60BC5FD-AE90-4932-AB71-7C7D8EA2FF42} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D7160E87-24DC-49C3-BD13-8EA0F7BA30B6} - System32\Tasks\{6D2C417B-AE80-4E74-B04C-608AFB89BE40} => C:\Program Files (x86)\AnvSoft\Any Video Converter\VideoConverter.exe
Task: {DD21DB21-DDE5-4547-9185-4CEDEBC89542} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.)
Task: {DE05671A-C370-4EC8-AF3C-D6ACC2215AB3} - System32\Tasks\{19F9FBAC-E016-4D23-AD49-6E7491D9FB23} => C:\Program Files (x86)\SophieSew\SophieSew.exe
Task: {E0658E01-CD23-4E2E-820D-FD4F270165CF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EBE7424F-9E89-4DB3-BEC1-6F4525FAFF20} - System32\Tasks\{CAEA635E-E004-454B-8D57-5778915BA92E} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {EC0D5509-3E70-4244-8C56-B2B129A7697C} - System32\Tasks\{1AC9DC92-A195-4E49-BAF8-7AE5730E1070} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {F9B9EF54-2139-40CD-813B-EC5DAB428409} - System32\Tasks\{AF38A006-6ED9-4C2E-9882-F8606217256F} => C:\Program Files (x86)\AnvSoft\Any Video Converter\VideoConverter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-06 14:40 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-07-17 15:40 - 2014-07-17 15:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-31 03:33 - 2014-08-31 03:33 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14083100\algo.dll
2014-08-31 11:18 - 2014-08-31 11:18 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14083101\algo.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-07-17 15:40 - 2014-07-17 15:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-13 17:02 - 2014-08-06 20:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 17:02 - 2014-08-06 20:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 17:02 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 17:02 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 17:02 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Crypkey License => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk => C:\Windows\pss\Orbit.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Owner\AppData\Local\Apps\2.0\0DA0XVBE.HDP\OY9K5BEM.EEP\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/25/2014 02:00:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/25/2014 02:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/25/2014 01:45:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/25/2014 01:45:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/21/2014 09:41:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/20/2014 07:46:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (08/31/2014 11:17:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/31/2014 06:13:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/31/2014 03:32:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/30/2014 01:26:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/30/2014 09:41:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/30/2014 09:40:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:39:53 AM on ‎8/‎30/‎2014 was unexpected.
 
Error: (08/30/2014 09:31:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/30/2014 02:06:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/29/2014 09:55:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (08/29/2014 03:42:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
 
Microsoft Office Sessions:
=========================
Error: (08/25/2014 02:00:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe
 
Error: (08/25/2014 02:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe
 
Error: (08/25/2014 01:45:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe
 
Error: (08/25/2014 01:45:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\SoftonicDownloader_for_all-video-downloader.exe
 
Error: (08/21/2014 09:41:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/20/2014 07:46:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (08/20/2014 07:46:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-03-30 14:28:02.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-03-30 14:28:02.963
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 95%
Total physical RAM: 3894.7 MB
Available physical RAM: 164.85 MB
Total Pagefile: 7787.58 MB
Available Pagefile: 3391.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:242.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B222B86E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

RKILL LOG:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/31/2014 10:08:08 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\olepro32.dll : 0 : 05/14/2014 03:13 PM : d41d8cd98f00b204e9800998ecf8427e [NoSig]
 +-> C:\Windows\SysWOW64\olepro32.dll : 90,112 : 11/20/2010 04:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll : 90,112 : 11/20/2010 04:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 08/31/2014 10:09:02 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
 
 
Again, I thank you!

  • 0

#4
emeraldnzl
Posted 01 September 2014 - 03:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Butterfly123,

There are some application errors showing conflict going on. I am not a techie but to me it seems to be related to your AMD drivers. You could go to here and install drivers compatible for your system.

Now
 

  • Please go to VirSCAN.org FREE on-line scan service - Note: Please use Internet Explorer for this one
  • Click on  "Choose file"box on the top of the page:
  • Navigate to Local Disk C:\Windows\SysWOW64\spoolsv.exe
  • Click on the Scan button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • Please do the same for C:\Windows\System32\olepro32.dll

Next

Please run OTL.exe



  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

When you return please post

  • the two VirScan results
  • OTL fix log

 

 


  • 0

#5
Butterfly123
Posted 01 September 2014 - 05:52 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Spoolssv Log:

 

VirSCAN.org Scanned Report :
Scanned time   : 2014-09-01 20:15:36
Scanner results: 2%???(1/39)??????
File Name      : vc·ïî+m. vÆ
File Size      : 0 byte
File Type      : inode/x-empty
MD5            : d41d8cd98f00b204e9800998ecf8427e
SHA1           : da39a3ee5e6b4b0d3255bfef95601890afd80709
 
Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
ahnlab         9.9.9          9.9.9             2013-05-28     3    Found nothing                 
antivir        1.9.2.0        1.9.159.0         7.11.170.50    18   Found nothing                 
antiy          014621         AVL140512         2014-07-30     5    Found nothing                 
arcavir        1.0            2011              2014-05-30     21   Found nothing                 
asquared       9.0.0.4157     9.0.0.4157        2014-07-30     2    Found nothing                 
avast          140831-0       4.7.4             2014-08-31     11   Found nothing                 
avg            2109/7586      10.0.1405         2014-08-23     1    Found nothing                 
baidu          2.0.1.0        4.1.3.52192       2.0.1.0        1    Found nothing                 
baidusd        1.0            1.0               2014-04-02     1    Found nothing                 
bitdefender    7.56615        7.90123           2014-09-01     30   Found nothing                 
clamav         19316          0.97.5            2014-08-30     1    Found nothing                 
comodo         15023          5.1               2014-08-28     3    Found nothing                 
ctch           4.6.5          5.3.14            2013-12-01     1    Found nothing                 
drweb          5.0.2.3300     5.0.1.1           2014-08-31     58   Engine oversweep4             
fortinet       22.730, 22.730 5.1.153           2014-09-01     1    Found nothing                 
fprot          4.6.2.117      6.5.1.5418        2014-08-31     3    Found nothing                 
fsecure        2014-04-02-01  9.13              2014-04-02     1    Found nothing                 
gdata          24.3819        24.3819           2014-08-29     7    Found nothing                 
hauri          2.73           2.73              2014-06-13     1    Found nothing                 
ikarus         1.06.01        V1.32.31.0        2014-08-31     35   Found nothing                 
jiangmin       16.0.100       1.0.0.0           2014-07-28     14   Found nothing                 
kaspersky      5.5.33         5.5.33            2014-04-01     54   Found nothing                 
kingsoft       2.1            2.1               2013-09-22     6    Found nothing                 
mcafee         7520           5400.1158         2014-08-04     28   Found nothing                 
nod32          0298           3.0.21            2014-08-22     1    Found nothing                 
panda          9.05.01        9.05.01           2014-06-15     3    Found nothing                 
pcc            11.120.06      9.500-1005        2014-08-31     1    Found nothing    
             
qh360          1.0.1          1.0.1             1.0.1          12   Trojan/Win32.w2b.ui  
        
qqphone        1.0.0.0        1.0.0.0           2014-09-01     1    Found nothing                 
quickheal      14.00          14.00             2014-06-14     2    Found nothing                 
rising         25.17.00.04    25.17.00.04       2014-06-02     1    Found nothing                 
sophos         5.04           3.51.0            2014-08-05     8    Found nothing                 
sunbelt        3.9.2589.2     3.9.2589.2        2014-06-13     1    Found nothing                 
symantec       20140829.003   1.3.0.24          2014-08-29     1    Found nothing                 
tachyon        9.9.9          9.9.9             2013-12-27     3    Found nothing                 
thehacker      6.8.0.5        6.8.0.5           2014-06-12     1    Found nothing                 
tws            17.47.17308    1.0.2.2108        2014-06-16     6    Found nothing                 
vba            3.12.26.3      3.12.26.3         2014-08-29     22   Found nothing                 
virusbuster    15.0.894.0     5.5.2.13          2014-08-31     55   Found nothing        
 
OLEO PRO 32 Log:
 

VirSCAN.org Scanned Report :
Scanned time   : 2014-08-12 15:19:26
Scanner results: 0%???(0/39)??????
File Name      : olepro32.dll
File Size      : 90112 byte
File Type      : application/x-dosexec
MD5            : 703ffd301ab900b047337c5d40fd6f96
SHA1           : 69de438ca22afa4ecf5f25edcdc3088f386f9552
 
Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
ahnlab         9.9.9          9.9.9             2013-05-28     5    Found nothing                 
antivir        1.9.2.0        1.9.159.0         7.11.166.114   20   Found nothing                 
antiy          014621         AVL140512         2014-07-30     5    Found nothing                 
arcavir        1.0            2011              2014-05-30     19   Found nothing                 
asquared       9.0.0.4157     9.0.0.4157        2014-07-30     2    Found nothing                 
avast          140811-0       4.7.4             2014-08-11     34   Found nothing                 
avg            2109/7410      10.0.1405         2014-07-24     1    Found nothing                 
baidu          2.0.1.0        4.1.3.52192       2.0.1.0        1    Found nothing                 
baidusd        1.0            1.0               2014-04-02     1    Found nothing                 
bitdefender    7.56330        7.90123           2014-08-12     15   Found nothing                 
clamav         19275          0.97.5            2014-08-11     1    Found nothing                 
comodo         15023          5.1               2014-07-30     3    Found nothing                 
ctch           4.6.5          5.3.14            2013-12-01     1    Found nothing                 
drweb          5.0.2.3300     5.0.1.1           2014-08-10     36   Found nothing                 
fortinet       22.638         5.1.153           2014-08-12     1    Found nothing                 
fprot          4.6.2.117      6.5.1.5418        2014-08-11     1    Found nothing                 
fsecure        2014-04-02-01  9.13              2014-04-02     8    Found nothing                 
gdata          24.3405        24.3405           2014-07-30     11   Found nothing                 
hauri          2.73           2.73              2014-06-13     1    Found nothing                 
ikarus         1.06.01        V1.32.31.0        2014-08-11     14   Found nothing                 
jiangmin       16.0.100       1.0.0.0           2014-07-28     13   Found nothing                 
kaspersky      5.5.33         5.5.33            2014-04-01     21   Found nothing                 
kingsoft       2.1            2.1               2013-09-22     2    Found nothing                 
mcafee         7520           5400.1158         2014-08-04     9    Found nothing                 
nod32          9809           3.0.21            2014-05-16     1    Found nothing                 
panda          9.05.01        9.05.01           2014-06-15     3    Found nothing                 
pcc            10.978.05      9.500-1005        2014-08-11     2    Found nothing                 
qh360          1.0.1          1.0.1             1.0.1          12   Found nothing                 
qqphone        1.0.0.0        1.0.0.0           2014-08-12     2    Found nothing                 
quickheal      14.00          14.00             2014-06-14     2    Found nothing                 
rising         25.17.00.04    25.17.00.04       2014-06-02     3    Found nothing                 
sophos         5.04           3.51.0            2014-08-05     9    Found nothing                 
sunbelt        3.9.2589.2     3.9.2589.2        2014-06-13     1    Found nothing                 
symantec       20140810.001   1.3.0.24          2014-08-10     1    Found nothing                 
tachyon        9.9.9          9.9.9             2013-12-27     3    Found nothing                 
thehacker      6.8.0.5        6.8.0.5           2014-06-12     1    Found nothing                 
tws            17.47.17308    1.0.2.2108        2014-06-16     6    Found nothing                 
vba            3.12.26.3      3.12.26.3         2014-08-11     4    Found nothing                 
virusbuster    15.0.874.0     5.5.2.13          2014-08-10     17   Found nothing          
 
OTL FIX Log:
 
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 8920227 bytes
->Temporary Internet Files folder emptied: 42480094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 375421098 bytes
->Google Chrome cache emptied: 387989672 bytes
->Flash cache emptied: 8720 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11931942 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 788.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09012014_163713
 
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
I will head over to the link that you send me to update my AMD driver. Thank you!
 
 
     
 

  • 0

#6
Butterfly123
Posted 01 September 2014 - 05:57 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

When I went into the Device Manager it shows that my graphics is Intel® HD Graphics. Is that the same as AMD? And should I proceed with the website that you gave me? 


  • 0

#7
emeraldnzl
Posted 01 September 2014 - 06:59 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

should I proceed with the website that you gave me?

 

As I said, I am not a techie so no, I think once you are finished here you should open a new topic in the tech section here where you will get better advice I think.

 

Now

 

Everything looks fine in those results.

 

Let's run System File Checker to see if that will help things:

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories  right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
2.At the command prompt, type the following command, and then press ENTER:
 
sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

 

After
 

Please run Chkdsk to check for possible problems on your hard drive:
 

  • Right click on the Start > Open Windows Explorer.
  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.
 
If you need further help go here for information on how to run Chkdsk in Windows 7
 
Come back and tell me how it went and if there has been any change in your machine.

 

 


  • 0

#8
Butterfly123
Posted 01 September 2014 - 11:23 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I am on my way to follow your instructions, but I am curious about something. You said, "Everything looks fine in those results. But I see a line that might indicate there is a Trojan. It's in the spools log and says: 

 

qh360          1.0.1          1.0.1             1.0.1          12   Trojan/Win32.w2b.ui  

 

 

Is this an actual Trojan/Virus type thing that needs to be removed? Thank you!


  • 0

#9
Butterfly123
Posted 01 September 2014 - 11:49 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I ran the system file checker, sfc/ scannow, and it said: Windows Resource Protection did not find any integrity errors. Now I'm about to run the Chk/dsk. 


  • 0

#10
emeraldnzl
Posted 02 September 2014 - 02:11 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

qh360          1.0.1          1.0.1             1.0.1          12   Trojan/Win32.w2b.ui  


Is this an actual Trojan/Virus type thing that needs to be removed? Thank you!


I believe the reports do show things look fine. There was only one 1 scanner out of 39 diagnosed it as malicious. I think that is a false positive.

If you look at the VirSCAN report here you will see in red towards the bottom of the page a notice which explains that there can be false positives.

I think that file is part of Windows and used for fax and printing. There are two reasons I thought we should check it. Firstly because there is a similar file name that can be bad and secondly because it showed in the FRST scan as unsigned. In itself that doesn't necessarily mean it is bad but I thought worth checking. I see from the VirSCAN report that the file is empty which makes me think it was generated by Windows when required for use. For me 38 out of 39 AV scanners saying it is fine is good enough.

Having said all that, I don't think it is vital and if you have any worries we will remove it. :)

Look forward to hearing how chkdsk went.
 
  • 0

Advertisements

#11
Butterfly123
Posted 02 September 2014 - 04:33 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I did the scandisk. My laptop is just as bad as before.  :upset: Sticks. Lags. Freezes. Drags. Extremely slow and sluggish. I don't know how to find out just what the problem is. 

Thanks for your explanation of the false positive. I appreciate it. If you don't mind, and if it really wont hurt anything to remove it, can we do that? I'd appreciate that alot too. 

I'm at a loss, other than taking this in to a computer shop, and I really don't want to do that if I don't have to. I really do appreciate your help. 

 


  • 0

#12
emeraldnzl
Posted 02 September 2014 - 04:53 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again Butterfly123,
 

 

Thanks for your explanation of the false positive. I appreciate it. If you don't mind, and if it really wont hurt anything to remove it, can we do that? I'd appreciate that alot too.

Well let's see if removing that one makes a difference. :)
 

 

I'm at a loss, other than taking this in to a computer shop, and I really don't want to do that if I don't have to. I really do appreciate your help.

We haven't given up yet.

Moving on then

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Security Check by screen317 from here .
 

  • Save it to your Desktop.
       
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
       
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

When you return please post

  • Fixlog.txt
  • checkup.txt

  • 0

#13
Butterfly123
Posted 02 September 2014 - 09:03 PM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi there. Here are the two logs.

 

FIXLOG:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-02 19:45:36 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] () [File not signed]
C:\Windows\SysWOW64\spoolsv.exe
*****************
 
Spooler => Service stopped successfully.
Spooler => Service deleted successfully.
C:\Windows\SysWOW64\spoolsv.exe => Moved successfully.
 
==== End of Fixlog ====
 
CHECKUP:
 
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
Thank you. I'll be waiting to hear from you. 

 

  • 0

#14
emeraldnzl
Posted 02 September 2014 - 11:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Butterfly123,

 

Your Java is out of date. Older versions are vulnerable to attack.

Please follow these steps:
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

 

 

Next

 

 

Care: Do not download and use if your hard drive is SSD (Solid State Disk).

 

To check what type of hard drive disk you have:

  • Go to  Start > Search programs and files and type msinfo32
  • Click on msinfo32.exe (probably at the top) and look under Components > Storage > Disks

It should list somewhere there whether it is a Standard disk or a Solid State disk

Assuming you do not have an SSD drive, download Auslogics Disk Defrag (Note - click the button that says "No, thank you Just give me the Disk Defrag Free) and save somewhere you can find it.

Double click and follow the prompts to install it. Note: only install the defrag utility. Some versions come with Askbar toolbars... do not install those or any other foistware that might be promoted.

Once installed, run the defrag utility.

At the end the utility may tell you that it has found Junk Files and recommend that you run a scan to remove. Disregard that suggestion, it is a promotion of a tool you don't need. All we are interested in here is the defrag. process.

Note: Do not download Windows Registry Cleaner which is promoted at the same site.

 

 

After that

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

  • 0

#15
Butterfly123
Posted 03 September 2014 - 11:09 AM

Butterfly123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I followed all of your instructions exactly. My hard drive was not ssd so I did the defrag. I ran the eset scanner. The small window that opened up after it was complete said "no threats found" so there was no log to copy and paste here. I then uninstalled it. I am about to restart my laptop now and work on it for just a bit to see if I notice any changes. I have to say, though, that although I did not touch the mouse during the Eset test, I did get a phone call through Skype. (I forgot to turn it off). Would that have disturbed the Eset test? 

 

Also, are there tests of any kind that I can run that would tell me if the cause is hardware issues? Or issues with ram or memory leaks? 

 

Thanks so much!


Edited by Butterfly123, 03 September 2014 - 12:45 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP