Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 Won't Update. Adware- walware, computer is infectedd


  • Please log in to reply

#1
awaitingthe1

awaitingthe1

    Member

  • Member
  • PipPip
  • 23 posts
My friends computer won't connect to Windows update. I ran the Microsoft fix-it and it still isn't working. The problem first showed up with a Roxio error. I kept saying Roxio can't be found. I uninstalled Roxio and ran Spybot which says she has ilivid.toolbar and widgi.toolbar. She doesn't normally have regular internet access so I'm not sure how update her computer is.

OTL logfile created on: 4/19/2013 8:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venus Smith\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.39% Memory free
7.60 Gb Paging File | 5.33 Gb Available in Paging File | 70.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 308.18 Gb Free Space | 68.32% Space Free | Partition Type: NTFS

Computer Name: VENUSSMITH-PC | User Name: Venus Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/18 20:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venus Smith\Downloads\OTL.exe
PRC - [2013/04/14 20:12:19 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013/04/14 19:49:30 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/31 10:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 18:23:48 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/15 18:23:36 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/23 22:17:26 | 001,994,936 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2011/04/23 22:17:26 | 000,098,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/02 16:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/12/02 16:48:00 | 000,347,888 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/12/02 16:47:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/08/17 21:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/18 19:03:42 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll
MOD - [2013/04/18 19:03:05 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/04/14 20:12:18 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/04/14 19:49:29 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/22 10:34:26 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/01/19 15:59:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/19 15:59:14 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll
MOD - [2013/01/19 15:58:40 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/19 15:58:33 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013/01/19 15:58:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/19 15:58:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/19 15:57:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b5eb81362a896af2c70f97502f42013\System.Configuration.ni.dll
MOD - [2013/01/19 15:57:49 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/19 15:57:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011/04/24 19:16:13 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2011/04/23 22:18:10 | 000,100,208 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2011/04/23 22:17:32 | 000,062,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2011/04/23 22:16:44 | 000,250,552 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/02 16:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2009/12/02 16:48:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2009/12/02 16:47:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/12/02 16:47:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2009/12/02 16:47:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2009/12/02 16:47:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2009/12/02 16:47:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
MOD - [2009/12/02 16:47:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2009/12/02 16:47:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2009/12/02 16:47:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2009/12/02 16:47:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2009/12/02 16:47:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
MOD - [2009/11/13 16:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/10/13 23:28:54 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 23:28:54 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 23:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/31 01:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/14 20:33:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/14 19:49:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/15 13:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/15 18:23:36 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/04/13 03:23:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 16:47:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/23 16:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/14 19:51:09 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/13 23:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 23:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 23:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/06 19:42:18 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/12 12:26:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/10/07 19:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFNVsp.sys -- (ATMFNVsp)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFMdm.sys -- (ATMFMdm)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFCVsp.sys -- (ATMFCVsp)
DRV:64bit: - [2009/10/01 05:51:12 | 000,133,632 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFNET.sys -- (ATMFNET)
DRV:64bit: - [2009/10/01 05:51:12 | 000,063,488 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFBUS.sys -- (ATMFBUS)
DRV:64bit: - [2009/10/01 05:51:12 | 000,015,872 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFFLT.sys -- (ATMFFLT)
DRV:64bit: - [2009/10/01 05:51:10 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFVsp.sys -- (ATMFVsp)
DRV:64bit: - [2009/09/25 18:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/03 05:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 02:34:38 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/23 12:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 22:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE:64bit: - HKLM\..\SearchScopes\{2AC04309-43BF-40F0-BAF6-197CF70B60CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{E56C29DA-F548-4331-BD11-EF2420FB93ED}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{26BEB746-2D89-4EEB-8FD3-0A73C6029AE1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{E56C29DA-F548-4331-BD11-EF2420FB93ED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.29
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1.195
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://dts.search-re...emid=2&sr=0&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Venus Smith\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/05/22 15:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/01/06 17:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/03/13 14:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 19:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/18 19:45:26 | 000,000,000 | ---D | M]

[2011/12/31 19:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Extensions
[2013/04/14 20:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions
[2013/04/14 19:43:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/14 19:53:33 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/04/14 19:53:40 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/06/01 17:14:30 | 000,001,832 | ---- | M] () -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\searchplugins\bing.xml
[2011/11/29 16:29:59 | 000,002,513 | ---- | M] () -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\searchplugins\Search_Results.xml
[2012/12/02 19:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/14 19:49:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/03/06 16:17:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013/04/14 19:49:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/29 16:29:59 | 000,002,513 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/04/14 19:49:27 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.bearshare.com

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301183506.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110301183506.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Venus Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1365988481653 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1365988439104 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92109D1F-4F0B-4A3C-99F4-324A04C808BB}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C59BBBFE-3085-4D83-A9B3-7F4709A28655}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f65a02f9-54a4-11df-9414-c417fe1f6f20}\Shell - "" = AutoRun
O33 - MountPoints2\{f65a02f9-54a4-11df-9414-c417fe1f6f20}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/18 20:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/04/18 19:58:19 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\ElevatedDiagnostics
[2013/04/14 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\Macromedia
[2013/04/14 20:12:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/04/14 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\Roxio Log Files
[2013/04/14 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\LavasoftStatistics
[2013/04/14 19:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/04/14 19:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/04/14 19:53:46 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\adawarebp
[2013/04/14 19:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/04/14 19:53:44 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\vlc
[2013/04/14 19:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/04/14 19:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/14 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/04/14 19:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/04/14 19:51:09 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/04/14 19:51:09 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/04/14 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\Ad-Aware Antivirus
[2013/04/14 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{013CC638-9750-437F-8DF3-6048884F78D4}
[2013/04/13 22:22:13 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\Desktop\Movies
[2013/04/11 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{64734F4F-BF73-4244-A15F-F6574CC96296}
[2013/04/11 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{23707CC2-F5D8-41CD-AF52-590A420A0E41}
[2013/04/11 13:57:08 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{68736C02-7CED-412C-B7E9-65B9575D39CB}
[2013/04/11 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{D923D7BD-4FA5-475C-9261-F183AD507E64}
[2013/04/11 13:49:27 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{64712D3E-50B2-4282-8CA0-FDAB0F7E8DC7}
[2013/04/11 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{B5999109-3F26-4E49-AF90-E2CA25E39634}
[2013/04/11 12:41:19 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{9195F217-A70E-49A1-B4B7-E14D9512498A}
[2013/04/11 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{42336266-A09B-42B2-A427-7E1173034678}
[2013/04/11 12:07:52 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{68E75705-F83B-4C40-8E69-574FD55CC6E1}
[2013/04/11 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{2F2DEA54-6313-4EDB-A947-EADEDFB55066}
[2013/04/11 12:06:52 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{AA9F160E-BA73-42D8-B181-4E9F74CBB348}
[2013/04/10 17:14:21 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{0B7D76DC-290E-4764-AE8A-E0AAAD748059}
[2013/04/10 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{F6909A09-EE0B-4532-BD3F-D2433770FFDD}
[2013/04/10 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{60AA16D8-40D4-4839-900A-98906A09531D}
[2013/04/10 12:04:23 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{34CFB550-5302-4836-A64E-79CEA102803F}
[2013/04/10 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{50ABC4D7-B336-4672-9F81-5902138C67A8}
[2013/04/10 11:41:23 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{346096CD-AFFA-4358-BFA6-2619B1E58DB8}
[2013/04/10 11:35:02 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{34436F7D-7AA4-48CA-9D7C-C0372FAA97FB}
[2013/04/10 11:26:35 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{DA66FD1C-212E-415E-8BE6-40EA492C1672}
[2013/04/10 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{4E235FDC-8FA3-4DED-8DE5-298ADEE5652A}
[2013/04/10 10:19:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{006D447D-73FC-41E3-AC2F-FFB3F0B4B0D4}
[2013/04/10 09:32:21 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{4557FCC4-10D3-45A4-BF97-215BD2016872}
[2013/04/07 17:09:04 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{EC3E0018-EF6A-4251-B0FE-51034F751DE5}
[2013/04/07 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{F9967A7B-445C-45BE-8C7C-D523D6BC16FE}
[2013/04/07 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7B8F3DAD-267C-4215-8F19-92F0BB848503}
[2013/04/01 23:48:09 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{38110BB1-23E6-4F83-ACAF-CA4B307BEF15}
[2013/04/01 23:47:36 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{1D568E22-2687-4F66-B166-FF629F5E65BA}
[2013/04/01 23:22:42 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{483C96D0-E9D8-47A1-8561-5D137C8AFD24}
[2013/04/01 22:55:59 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{B673F594-1DAF-430D-B13D-96D5E450F0A3}
[2013/04/01 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{A7ED99FD-9A24-472B-9D00-D03BC44FCDC2}
[2013/04/01 22:50:50 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{308A062B-C2B1-4376-9E18-6D1E56C43FE4}
[2013/04/01 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{025A0B03-7AB4-4D76-B203-B6BED86538A1}
[2013/04/01 20:42:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/04/01 20:41:53 | 000,000,000 | ---D | C] -- C:\b9e26732f75c98ac11e0
[2013/04/01 20:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/04/01 20:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/04/01 20:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/01 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{A5B614CD-EED4-40D1-BB34-6A3DBC1ECD4F}
[2013/04/01 12:50:51 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{17D2846C-074F-462B-BDAB-60F8A356810B}
[2013/04/01 12:50:30 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{364B96FE-35D2-4236-A75D-DFEB2E1BC39A}
[2013/04/01 12:50:11 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{D90BEDD4-210B-463F-B50B-E48B54E52C6A}
[2013/04/01 12:49:17 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7A65D9C6-5476-4342-85D4-8AAF9E9AAA04}
[2013/04/01 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{CDDB0AEC-D6E0-49B8-B2FA-5A0C332AC856}
[2013/04/01 12:13:47 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{2AD39AD9-A2A4-47DB-9B51-ADD2E4D80500}
[2013/04/01 12:13:24 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{202940D3-3D3A-48FE-A2CD-94089F02183C}
[2013/04/01 10:18:11 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{A4FAECDC-2604-4428-8E9D-F00A4AB011C3}
[2013/04/01 08:58:52 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7A85CA47-9E5D-44EE-95DC-0DA294BCA2DD}
[2013/04/01 08:57:42 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{6DE4C180-0D60-410D-9C47-A3EFA7A71370}
[2013/04/01 08:56:45 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{9D4E60FF-7183-4590-8888-A8A3A73FD735}
[2013/04/01 08:52:09 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{15BEAA34-9191-4621-95D3-4261D56C4686}
[2013/04/01 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{16852EBC-5A39-4805-9A6F-CF64AA47D322}
[2013/04/01 08:49:54 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{C6908A26-E673-4AD1-8745-B479165FA4D1}
[2013/04/01 08:48:15 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{FD085F5A-C707-47F8-BA1D-EE19C5D25CEA}
[2013/04/01 08:47:12 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{3988D274-D391-41B5-80F0-6A60EDA51893}
[2013/03/31 23:42:16 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7AEBAAAF-8770-4665-B23F-1ADB0C3F31C7}
[2013/03/31 23:40:51 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{ADB60DD5-7D3C-442E-8DE7-3EF8685C7F11}
[2013/03/31 23:16:53 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{8737F2EF-FC9B-4045-B0C0-C19032156AE5}
[2013/03/31 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{8B1BE5FC-C368-4605-805E-ED30AD6F642D}
[2013/03/31 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{DD4E8840-08A5-47FD-9A48-CEB192591F24}
[2013/03/31 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{C4086596-0FDF-4B43-A665-D511AB372995}
[2013/03/31 22:20:34 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{61A155A7-078E-4244-9E34-71912881B4FA}
[2013/03/31 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{AE113B15-E9F7-4C06-AA08-C79E308D2320}
[2013/03/31 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{913F342E-7A99-48B9-83A0-38D15A96F8F9}
[2013/03/31 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{FE20AC89-2F98-4D9D-AB46-355BF1433F54}
[2013/03/31 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{049021BC-3D86-4A12-A398-FFFDB4ED9079}
[2013/03/31 21:43:01 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{6416FF3F-0C5C-4652-9D87-E3F0ABA90061}
[2010/04/27 18:39:27 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Venus Smith\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Venus Smith\Desktop\*.tmp files -> C:\Users\Venus Smith\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/19 19:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 19:35:19 | 000,805,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/19 19:35:19 | 000,679,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/19 19:35:19 | 000,128,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/19 19:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/19 19:32:41 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 19:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/18 20:39:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 20:39:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 20:32:46 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/04/18 20:32:19 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2013/04/18 20:31:20 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/18 20:21:25 | 000,420,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/14 19:53:28 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/14 19:51:09 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/04/14 19:51:09 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/04/14 19:49:32 | 000,002,050 | ---- | M] () -- C:\Users\Venus Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/14 18:49:45 | 000,315,648 | ---- | M] () -- C:\Users\Venus Smith\Desktop\FASFA 2013.xps
[2013/04/14 17:52:37 | 000,312,538 | ---- | M] () -- C:\Users\Venus Smith\Desktop\mike taxes 2012.xps
[2013/04/14 16:28:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/14 16:23:00 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/04/14 16:23:00 | 000,001,967 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/01 15:37:51 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/01 10:25:35 | 000,000,992 | ---- | M] () -- C:\Users\Venus Smith\Documents\4-1-2013_1025.RBC
[2013/04/01 10:13:25 | 000,000,164 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_100939.roxio
[2013/04/01 10:09:38 | 000,000,192 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_095319.roxio
[2013/04/01 09:53:19 | 000,000,126 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_093117.roxio
[2013/04/01 09:31:17 | 000,000,152 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_090926.roxio
[2013/04/01 09:07:50 | 000,000,874 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_090210.roxio
[2013/04/01 08:59:52 | 000,002,293 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter4.wlmp
[2013/04/01 08:58:33 | 000,002,282 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter3.wlmp
[2013/04/01 08:57:23 | 000,002,293 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter2.wlmp
[2013/04/01 08:56:20 | 000,002,282 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter.wlmp
[2013/04/01 08:49:32 | 000,002,246 | ---- | M] () -- C:\Users\Venus Smith\Documents\My Movie.wlmp
[1 C:\Users\Venus Smith\Desktop\*.tmp files -> C:\Users\Venus Smith\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/18 19:31:51 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/04/14 20:12:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 19:53:28 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/14 18:49:42 | 000,315,648 | ---- | C] () -- C:\Users\Venus Smith\Desktop\FASFA 2013.xps
[2013/04/14 17:52:34 | 000,312,538 | ---- | C] () -- C:\Users\Venus Smith\Desktop\mike taxes 2012.xps
[2013/04/14 16:28:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/01 10:25:24 | 000,000,992 | ---- | C] () -- C:\Users\Venus Smith\Documents\4-1-2013_1025.RBC
[2013/04/01 10:13:25 | 000,000,164 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_100939.roxio
[2013/04/01 10:09:38 | 000,000,192 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_095319.roxio
[2013/04/01 09:53:19 | 000,000,126 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_093117.roxio
[2013/04/01 09:31:17 | 000,000,152 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_090926.roxio
[2013/04/01 09:07:50 | 000,000,874 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_090210.roxio
[2013/04/01 08:59:52 | 000,002,293 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter4.wlmp
[2013/04/01 08:58:33 | 000,002,282 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter3.wlmp
[2013/04/01 08:57:23 | 000,002,293 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter2.wlmp
[2013/04/01 08:56:20 | 000,002,282 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter.wlmp
[2013/04/01 08:49:32 | 000,002,246 | ---- | C] () -- C:\Users\Venus Smith\Documents\My Movie.wlmp
[2012/03/13 14:36:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/13 14:26:06 | 000,183,514 | ---- | C] () -- C:\Windows\hpwins11.dat
[2012/03/13 14:26:06 | 000,000,392 | ---- | C] () -- C:\Windows\hpwmdl11.dat
[2011/10/29 13:10:55 | 000,075,888 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\rx_audio.Cache
[2011/05/13 21:06:13 | 000,000,506 | ---- | C] () -- C:\ProgramData\DebugLog.tx0
[2011/05/13 20:54:07 | 000,000,609 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\bingsn.dll
[2011/04/23 22:18:10 | 000,100,208 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2011/04/23 22:17:32 | 000,062,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2011/04/23 22:16:44 | 000,250,552 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/07/31 16:26:05 | 000,007,680 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 14:26:17 | 000,585,904 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\rx_image.Cache
[2010/05/08 11:23:25 | 015,983,616 | ---- | C] () -- C:\Users\Venus Smith\Cricket Broadband Setup-v1.0 (build 1950).msi

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/14 19:51:07 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\Ad-Aware Antivirus
[2010/05/01 00:48:12 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\Cricket
[2010/06/21 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\Facebook
[2010/08/10 15:07:16 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\InterTrust
[2010/11/05 22:14:16 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\iWin
[2010/07/25 10:10:38 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\Leadertech
[2011/11/25 22:32:39 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\MusicNet
[2010/12/12 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\PCDr
[2010/04/22 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\WildTangent
[2011/11/25 23:01:42 | 000,000,000 | ---D | M] -- C:\Users\Venus Smith\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - VaShawn Mitchell - _Nobody Greater_.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Steph Jones - Little Drummer Boy (Official Music Video).mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Lauryn Hill & Bob Marley (HQ) - Turn Your Lights Down Low.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Eminem - Love The Way You Lie ft. Rihanna.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - DICE TRAILER.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Chester D. T. Baldwin - READY WILLING AND ABLE.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Amazing Grace Dance.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Amazing Grace - Promise Keepers.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\manni oct 28.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\Good Deeds.c2d:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\EBC VBS WOW CD.rcl:Roxio EMC Stream

< End of report >

Attached Files

  • Attached File  OTL.Txt   134.43KB   107 downloads

  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello awaitingthe1,

I'm likely not the one, but I will assist you in cleaning this system up. Good bit of adware/search hijacker activity showing here. And what looks like two antivirus programs (McAfee and Ad-Aware, which is an antivirus now), which definitely will cause problems. Let's get more info, then start repairs.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. Very important you disable them.

-------

First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps. Due to security software conflicts, and as part of these repairs, you will need to uninstall SpyBot at some point, so now is recommended.


Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

-------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
  • 0

#3
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Jintan,

Here is the Hijackthis uninstall_list
Update for Microsoft Office 2007 (KB2508958)
Accelerometer
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware Security Add-on
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Advanced Audio FX Engine
Avery Template - U_0332_01_L
Banctec Service Agreement
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cricket Broadband 1.0
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
Digital Voice Editor 3
DirectXInstallService
Google Chrome
Google Desktop
Google Update Helper
GoToAssist 8.0.0.514
Homestyles
HP Officejet Pro 8600 Help
HP Update
I.R.I.S. OCR
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 31
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.6
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader Toolbar v4.9
YTD Video Downloader 3.9.5


Here is the RKreport

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Venus Smith [Admin rights]
Mode : Scan -- Date : 04/24/2013 22:03:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) [7] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 317fe5ed72f2b9b4e1b7ed8a671d7763
[BSP] 6df8fdc220430e0f65058fcd38b687c3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04242013_02d2203.txt >>
RKreport[1]_S_04242013_02d2203.txt
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Yes, you have both Ad-Aware and McAfee antivirus programs installed, which will cause each to corrupt the other, as well as system functions. You will need to uninstall both to make things right.

Temp disable all security programs, then uninstall McAfee. If it is a paid for version, be sure to save any registration info to reinstall it. Then reboot.

---------

Temp disable all security programs, then go here and follow the steps under:

Step 2 - Download and run MCPR.exe

Be sure to reboot after running that.

---------

Then uninstall Ad-Aware, and again reboot after.

Run and post back a new OTL log please.
  • 0

#5
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here's the new OTL log

OTL logfile created on: 4/25/2013 9:46:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venus Smith\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 70.31% Memory free
7.60 Gb Paging File | 6.20 Gb Available in Paging File | 81.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 312.02 Gb Free Space | 69.17% Space Free | Partition Type: NTFS

Computer Name: VENUSSMITH-PC | User Name: Venus Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/18 20:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venus Smith\Downloads\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/23 22:17:26 | 001,994,936 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2011/04/23 22:17:26 | 000,098,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/02 16:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/12/02 16:48:00 | 000,347,888 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/12/02 16:47:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/08/17 21:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/18 19:03:42 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll
MOD - [2013/04/18 19:03:05 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/22 10:34:26 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/01/19 15:59:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/19 15:59:14 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll
MOD - [2013/01/19 15:58:40 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/19 15:58:33 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013/01/19 15:58:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/19 15:58:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/19 15:57:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b5eb81362a896af2c70f97502f42013\System.Configuration.ni.dll
MOD - [2013/01/19 15:57:49 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/19 15:57:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011/04/23 22:18:10 | 000,100,208 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2011/04/23 22:17:32 | 000,062,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2011/04/23 22:16:44 | 000,250,552 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/02 16:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2009/12/02 16:48:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2009/12/02 16:47:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/12/02 16:47:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2009/12/02 16:47:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2009/12/02 16:47:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2009/12/02 16:47:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
MOD - [2009/12/02 16:47:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2009/12/02 16:47:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2009/12/02 16:47:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2009/12/02 16:47:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2009/12/02 16:47:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
MOD - [2009/11/13 16:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/31 01:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/14 20:33:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/14 19:49:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/04/13 03:23:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 16:47:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/23 16:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/14 19:51:09 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/06 19:42:18 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/12 12:26:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/10/07 19:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFNVsp.sys -- (ATMFNVsp)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFMdm.sys -- (ATMFMdm)
DRV:64bit: - [2009/10/01 05:51:12 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFCVsp.sys -- (ATMFCVsp)
DRV:64bit: - [2009/10/01 05:51:12 | 000,133,632 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFNET.sys -- (ATMFNET)
DRV:64bit: - [2009/10/01 05:51:12 | 000,063,488 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFBUS.sys -- (ATMFBUS)
DRV:64bit: - [2009/10/01 05:51:12 | 000,015,872 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFFLT.sys -- (ATMFFLT)
DRV:64bit: - [2009/10/01 05:51:10 | 000,166,528 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATMFVsp.sys -- (ATMFVsp)
DRV:64bit: - [2009/09/25 18:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/03 05:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 02:34:38 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/23 12:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 22:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE:64bit: - HKLM\..\SearchScopes\{2AC04309-43BF-40F0-BAF6-197CF70B60CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{E56C29DA-F548-4331-BD11-EF2420FB93ED}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{26BEB746-2D89-4EEB-8FD3-0A73C6029AE1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{E56C29DA-F548-4331-BD11-EF2420FB93ED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.29
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1.195
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Venus Smith\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/05/22 15:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/03/13 14:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/25 21:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/18 19:45:26 | 000,000,000 | ---D | M]

[2011/12/31 19:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Extensions
[2013/04/25 21:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions
[2013/04/14 19:43:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/14 19:53:40 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/06/01 17:14:30 | 000,001,832 | ---- | M] () -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\searchplugins\bing.xml
[2011/11/29 16:29:59 | 000,002,513 | ---- | M] () -- C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\searchplugins\Search_Results.xml
[2012/12/02 19:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/14 19:49:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/06 16:17:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013/04/14 19:49:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/29 16:29:59 | 000,002,513 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/04/14 19:49:27 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.bearshare.com

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Venus Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1365988481653 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1365988439104 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92109D1F-4F0B-4A3C-99F4-324A04C808BB}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C59BBBFE-3085-4D83-A9B3-7F4709A28655}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f65a02f9-54a4-11df-9414-c417fe1f6f20}\Shell - "" = AutoRun
O33 - MountPoints2\{f65a02f9-54a4-11df-9414-c417fe1f6f20}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/24 22:02:20 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\Desktop\RK_Quarantine
[2013/04/18 19:58:19 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\ElevatedDiagnostics
[2013/04/14 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\Macromedia
[2013/04/14 20:12:19 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/14 20:12:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/04/14 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\Roxio Log Files
[2013/04/14 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\LavasoftStatistics
[2013/04/14 19:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/04/14 19:53:44 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\vlc
[2013/04/14 19:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/14 19:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/04/14 19:51:09 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/04/14 19:51:09 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/04/14 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Roaming\Ad-Aware Antivirus
[2013/04/14 19:44:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/04/14 19:44:42 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/04/14 19:44:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/04/14 19:44:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/14 19:44:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/04/14 19:44:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/04/14 19:44:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/04/14 19:44:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/04/14 19:44:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/04/14 19:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/04/14 19:44:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/04/14 19:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/14 19:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/14 19:44:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/04/14 19:44:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/04/14 19:44:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/04/14 19:44:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/04/14 19:44:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/14 19:44:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/14 19:44:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/14 19:44:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/14 19:44:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/04/14 19:44:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/14 19:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/14 19:44:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/04/14 19:44:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/04/14 19:44:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/04/14 19:44:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/04/14 19:44:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/04/14 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{013CC638-9750-437F-8DF3-6048884F78D4}
[2013/04/13 22:22:13 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\Desktop\Movies
[2013/04/11 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{64734F4F-BF73-4244-A15F-F6574CC96296}
[2013/04/11 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{23707CC2-F5D8-41CD-AF52-590A420A0E41}
[2013/04/11 13:57:08 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{68736C02-7CED-412C-B7E9-65B9575D39CB}
[2013/04/11 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{D923D7BD-4FA5-475C-9261-F183AD507E64}
[2013/04/11 13:49:27 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{64712D3E-50B2-4282-8CA0-FDAB0F7E8DC7}
[2013/04/11 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{B5999109-3F26-4E49-AF90-E2CA25E39634}
[2013/04/11 12:41:19 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{9195F217-A70E-49A1-B4B7-E14D9512498A}
[2013/04/11 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{42336266-A09B-42B2-A427-7E1173034678}
[2013/04/11 12:07:52 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{68E75705-F83B-4C40-8E69-574FD55CC6E1}
[2013/04/11 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{2F2DEA54-6313-4EDB-A947-EADEDFB55066}
[2013/04/11 12:06:52 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{AA9F160E-BA73-42D8-B181-4E9F74CBB348}
[2013/04/10 17:14:21 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{0B7D76DC-290E-4764-AE8A-E0AAAD748059}
[2013/04/10 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{F6909A09-EE0B-4532-BD3F-D2433770FFDD}
[2013/04/10 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{60AA16D8-40D4-4839-900A-98906A09531D}
[2013/04/10 12:04:23 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{34CFB550-5302-4836-A64E-79CEA102803F}
[2013/04/10 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{50ABC4D7-B336-4672-9F81-5902138C67A8}
[2013/04/10 11:41:23 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{346096CD-AFFA-4358-BFA6-2619B1E58DB8}
[2013/04/10 11:35:02 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{34436F7D-7AA4-48CA-9D7C-C0372FAA97FB}
[2013/04/10 11:26:35 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{DA66FD1C-212E-415E-8BE6-40EA492C1672}
[2013/04/10 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{4E235FDC-8FA3-4DED-8DE5-298ADEE5652A}
[2013/04/10 10:19:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{006D447D-73FC-41E3-AC2F-FFB3F0B4B0D4}
[2013/04/10 09:32:21 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{4557FCC4-10D3-45A4-BF97-215BD2016872}
[2013/04/07 17:09:04 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{EC3E0018-EF6A-4251-B0FE-51034F751DE5}
[2013/04/07 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{F9967A7B-445C-45BE-8C7C-D523D6BC16FE}
[2013/04/07 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7B8F3DAD-267C-4215-8F19-92F0BB848503}
[2013/04/01 23:48:09 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{38110BB1-23E6-4F83-ACAF-CA4B307BEF15}
[2013/04/01 23:47:36 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{1D568E22-2687-4F66-B166-FF629F5E65BA}
[2013/04/01 23:22:42 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{483C96D0-E9D8-47A1-8561-5D137C8AFD24}
[2013/04/01 22:55:59 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{B673F594-1DAF-430D-B13D-96D5E450F0A3}
[2013/04/01 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{A7ED99FD-9A24-472B-9D00-D03BC44FCDC2}
[2013/04/01 22:50:50 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{308A062B-C2B1-4376-9E18-6D1E56C43FE4}
[2013/04/01 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{025A0B03-7AB4-4D76-B203-B6BED86538A1}
[2013/04/01 20:42:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/04/01 20:41:53 | 000,000,000 | ---D | C] -- C:\b9e26732f75c98ac11e0
[2013/04/01 20:40:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/01 20:40:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/01 20:40:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/01 20:40:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/01 20:40:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/01 20:40:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/01 20:40:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/01 20:40:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/01 20:40:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/01 20:40:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/01 20:40:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/01 20:40:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/01 20:40:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/01 20:40:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/01 20:40:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/01 20:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/04/01 20:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/04/01 20:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/01 15:27:42 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/04/01 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{A5B614CD-EED4-40D1-BB34-6A3DBC1ECD4F}
[2013/04/01 12:50:51 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{17D2846C-074F-462B-BDAB-60F8A356810B}
[2013/04/01 12:50:30 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{364B96FE-35D2-4236-A75D-DFEB2E1BC39A}
[2013/04/01 12:50:11 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{D90BEDD4-210B-463F-B50B-E48B54E52C6A}
[2013/04/01 12:49:17 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7A65D9C6-5476-4342-85D4-8AAF9E9AAA04}
[2013/04/01 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{CDDB0AEC-D6E0-49B8-B2FA-5A0C332AC856}
[2013/04/01 12:13:47 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{2AD39AD9-A2A4-47DB-9B51-ADD2E4D80500}
[2013/04/01 12:13:24 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{202940D3-3D3A-48FE-A2CD-94089F02183C}
[2013/04/01 10:18:11 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{A4FAECDC-2604-4428-8E9D-F00A4AB011C3}
[2013/04/01 08:58:52 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7A85CA47-9E5D-44EE-95DC-0DA294BCA2DD}
[2013/04/01 08:57:42 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{6DE4C180-0D60-410D-9C47-A3EFA7A71370}
[2013/04/01 08:56:45 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{9D4E60FF-7183-4590-8888-A8A3A73FD735}
[2013/04/01 08:52:09 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{15BEAA34-9191-4621-95D3-4261D56C4686}
[2013/04/01 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{16852EBC-5A39-4805-9A6F-CF64AA47D322}
[2013/04/01 08:49:54 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{C6908A26-E673-4AD1-8745-B479165FA4D1}
[2013/04/01 08:48:15 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{FD085F5A-C707-47F8-BA1D-EE19C5D25CEA}
[2013/04/01 08:47:12 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{3988D274-D391-41B5-80F0-6A60EDA51893}
[2013/03/31 23:42:16 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{7AEBAAAF-8770-4665-B23F-1ADB0C3F31C7}
[2013/03/31 23:40:51 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{ADB60DD5-7D3C-442E-8DE7-3EF8685C7F11}
[2013/03/31 23:16:53 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{8737F2EF-FC9B-4045-B0C0-C19032156AE5}
[2013/03/31 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{8B1BE5FC-C368-4605-805E-ED30AD6F642D}
[2013/03/31 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{DD4E8840-08A5-47FD-9A48-CEB192591F24}
[2013/03/31 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{C4086596-0FDF-4B43-A665-D511AB372995}
[2013/03/31 22:20:34 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{61A155A7-078E-4244-9E34-71912881B4FA}
[2013/03/31 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{AE113B15-E9F7-4C06-AA08-C79E308D2320}
[2013/03/31 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{913F342E-7A99-48B9-83A0-38D15A96F8F9}
[2013/03/31 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{FE20AC89-2F98-4D9D-AB46-355BF1433F54}
[2013/03/31 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{049021BC-3D86-4A12-A398-FFFDB4ED9079}
[2013/03/31 21:43:01 | 000,000,000 | ---D | C] -- C:\Users\Venus Smith\AppData\Local\{6416FF3F-0C5C-4652-9D87-E3F0ABA90061}
[2010/04/27 18:39:27 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Venus Smith\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Venus Smith\Desktop\*.tmp files -> C:\Users\Venus Smith\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/25 21:45:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/25 21:45:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/25 21:45:06 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 21:43:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 21:43:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 21:41:22 | 000,805,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/25 21:41:22 | 000,679,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/25 21:41:22 | 000,128,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/25 21:36:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/25 21:33:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/24 22:00:27 | 000,816,128 | ---- | M] () -- C:\Users\Venus Smith\Desktop\RogueKiller.exe
[2013/04/18 20:21:25 | 000,420,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/14 20:33:35 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/14 20:33:35 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/14 19:53:28 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/14 19:51:09 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/04/14 19:51:09 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/04/14 19:49:32 | 000,002,050 | ---- | M] () -- C:\Users\Venus Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/14 18:49:45 | 000,315,648 | ---- | M] () -- C:\Users\Venus Smith\Desktop\FASFA 2013.xps
[2013/04/14 17:52:37 | 000,312,538 | ---- | M] () -- C:\Users\Venus Smith\Desktop\mike taxes 2012.xps
[2013/04/14 16:28:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/01 15:37:51 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/01 10:25:35 | 000,000,992 | ---- | M] () -- C:\Users\Venus Smith\Documents\4-1-2013_1025.RBC
[2013/04/01 10:13:25 | 000,000,164 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_100939.roxio
[2013/04/01 10:09:38 | 000,000,192 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_095319.roxio
[2013/04/01 09:53:19 | 000,000,126 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_093117.roxio
[2013/04/01 09:31:17 | 000,000,152 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_090926.roxio
[2013/04/01 09:07:50 | 000,000,874 | ---- | M] () -- C:\Users\Venus Smith\Documents\Data_040113_090210.roxio
[2013/04/01 08:59:52 | 000,002,293 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter4.wlmp
[2013/04/01 08:58:33 | 000,002,282 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter3.wlmp
[2013/04/01 08:57:23 | 000,002,293 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter2.wlmp
[2013/04/01 08:56:20 | 000,002,282 | ---- | M] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter.wlmp
[2013/04/01 08:49:32 | 000,002,246 | ---- | M] () -- C:\Users\Venus Smith\Documents\My Movie.wlmp
[1 C:\Users\Venus Smith\Desktop\*.tmp files -> C:\Users\Venus Smith\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/24 22:01:58 | 000,816,128 | ---- | C] () -- C:\Users\Venus Smith\Desktop\RogueKiller.exe
[2013/04/14 20:12:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 19:53:28 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/14 18:49:42 | 000,315,648 | ---- | C] () -- C:\Users\Venus Smith\Desktop\FASFA 2013.xps
[2013/04/14 17:52:34 | 000,312,538 | ---- | C] () -- C:\Users\Venus Smith\Desktop\mike taxes 2012.xps
[2013/04/14 16:28:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/01 10:25:24 | 000,000,992 | ---- | C] () -- C:\Users\Venus Smith\Documents\4-1-2013_1025.RBC
[2013/04/01 10:13:25 | 000,000,164 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_100939.roxio
[2013/04/01 10:09:38 | 000,000,192 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_095319.roxio
[2013/04/01 09:53:19 | 000,000,126 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_093117.roxio
[2013/04/01 09:31:17 | 000,000,152 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_090926.roxio
[2013/04/01 09:07:50 | 000,000,874 | ---- | C] () -- C:\Users\Venus Smith\Documents\Data_040113_090210.roxio
[2013/04/01 08:59:52 | 000,002,293 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter4.wlmp
[2013/04/01 08:58:33 | 000,002,282 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter3.wlmp
[2013/04/01 08:57:23 | 000,002,293 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter2.wlmp
[2013/04/01 08:56:20 | 000,002,282 | ---- | C] () -- C:\Users\Venus Smith\Documents\Hansel & Gretel witchhunter.wlmp
[2013/04/01 08:49:32 | 000,002,246 | ---- | C] () -- C:\Users\Venus Smith\Documents\My Movie.wlmp
[2012/03/13 14:36:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/13 14:26:06 | 000,183,514 | ---- | C] () -- C:\Windows\hpwins11.dat
[2012/03/13 14:26:06 | 000,000,392 | ---- | C] () -- C:\Windows\hpwmdl11.dat
[2011/10/29 13:10:55 | 000,075,888 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\rx_audio.Cache
[2011/05/13 21:06:13 | 000,000,506 | ---- | C] () -- C:\ProgramData\DebugLog.tx0
[2011/05/13 20:54:07 | 000,000,609 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\bingsn.dll
[2010/07/31 16:26:05 | 000,007,680 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 14:26:17 | 000,585,904 | ---- | C] () -- C:\Users\Venus Smith\AppData\Local\rx_image.Cache
[2010/05/08 11:23:25 | 015,983,616 | ---- | C] () -- C:\Users\Venus Smith\Cricket Broadband Setup-v1.0 (build 1950).msi

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - VaShawn Mitchell - _Nobody Greater_.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Steph Jones - Little Drummer Boy (Official Music Video).mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Lauryn Hill & Bob Marley (HQ) - Turn Your Lights Down Low.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Eminem - Love The Way You Lie ft. Rihanna.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - DICE TRAILER.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Chester D. T. Baldwin - READY WILLING AND ABLE.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Amazing Grace Dance.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\YouTube - Amazing Grace - Promise Keepers.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\manni oct 28.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\Good Deeds.c2d:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Venus Smith\Documents\EBC VBS WOW CD.rcl:Roxio EMC Stream

< End of report >
  • 0

#6
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Mystified why I wasn't aware you had posted, and I do apologize for the wait. Yes, it's okay to PM in situations like this.


Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc delete lbd

exit


You should have received a success on that leftover Ad-Aware driver deletion.

---------

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

  • 0

#7
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
# AdwCleaner v2.300 - Logfile created 05/02/2013 at 21:41:28
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Venus Smith - VENUSSMITH-PC
# Boot Mode : Normal
# Running from : C:\Users\Venus Smith\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\searchplugins\Search_Results.xml
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\Venus Smith\AppData\Local\PackageAware
Folder Found : C:\Users\Venus Smith\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Venus Smith\AppData\Roaming\iWin
Folder Found : C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKU\S-1-5-21-1481317116-1840137309-1180220080-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-1481317116-1840137309-1180220080-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search Results");
Found : user_pref("browser.search.order.1", "Search Results");

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Venus Smith\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5003 octets] - [02/05/2013 21:41:28]

########## EOF - C:\AdwCleaner[R1].txt - [5063 octets] ##########
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Good.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log, the AdwCleaner log and the Malwarebytes log please.
  • 0

#9
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here are the reports:

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 21:13:37
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Venus Smith - VENUSSMITH-PC
# Boot Mode : Normal
# Running from : C:\Users\Venus Smith\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Venus Smith\AppData\Local\PackageAware
Folder Deleted : C:\Users\Venus Smith\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Venus Smith\AppData\Roaming\iWin
Folder Deleted : C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\prefs.js

C:\Users\Venus Smith\AppData\Roaming\Mozilla\Firefox\Profiles\ned3avdy.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Venus Smith\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5122 octets] - [02/05/2013 21:41:28]
AdwCleaner[R2].txt - [5182 octets] - [03/05/2013 21:13:25]
AdwCleaner[S1].txt - [5013 octets] - [03/05/2013 21:13:37]

########## EOF - C:\AdwCleaner[S1].txt - [5073 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.04.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Venus Smith :: VENUSSMITH-PC [administrator]

5/3/2013 9:18:35 PM
mbam-log-2013-05-03 (21-18-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244068
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Users\Venus Smith\Downloads\TelevisionFanatic.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\Venus Smith\Downloads\YouTubeDownloaderSetup273.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Venus Smith\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Looks clean now, and the last logs only shows the adware-bundled installers. How are things running?
  • 0

Advertisements


#11
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I still can't check for windows updates. I says windows cannot find.
  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
@ECHO OFF
if exist winkey.txt del winkey.txt 
REG QUERY "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" > winkey.txt 
notepad winkey.txt
Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open text box, then save this to your desktop as "3serv.bat"

Be sure to include the "" quotes in the name. Then click on 3serv.bat. When the scan completes a textbox will open - copy/paste those contents back here please.
  • 0

#13
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It says:

ERROR: The system was unable to find the specified registry key or value.
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
May have gotten that key idea from the wrong windows version - have to check.

Better I ask, before we go further:

I still can't check for windows updates. I says windows cannot find.


I really need to know a more accurate, detailed post of the exact error that occurs during updating please.
  • 0

#15
awaitingthe1

awaitingthe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
When click on the Update Windows button from the program menu, nothing happens. When I go to the control panel, system and security, and click windows update noting happens. When I click turn automatic updating on or off, I get a message that says: Windows cannot find '::{26EE0668-A00A-44D7-9371-BEB064C98683}\5\::{36EEF7DB-88AD-4E81-AD4...\pageSettings'. Make sure you typed the name correctly, and then try again. I get similar messages with I click firewall. When I click Device Manager it says MMC cannot open the file C:\Windows\system32\devmgmt.msc. This may be becuase the file doesn't exist.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP