WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Knock on problems from tackling Trojan RamnitA [Solved]

Started by vealie , Feb 19 2014 09:21 AM

RamnitA Firewall Avira

This topic is locked

33 replies to this topic

#1 vealie

New Member

Authentic Member
18 posts

Posted 19 February 2014 - 09:21 AM

Hi,

I am helping a friend with an infected Dell laptop. The machine was delivered to me with warnings of infection by RamnitA and suggesting a full scan was required to clean it up. It also suggested turning on Security Centre. Attempts to do this failed and scans did not prevent the warnings returning. The machine was slow and would frequently hang. On further investigation the windows firewall and security centre were absent from the services list as was defender.

I downloaded Malwarebytes and spybot and ran scans. mwb apparently picked up the trojan and deleted it.

I created a new admin account and then I uninstalled MSE and downloaded a fresh copy. I Re-installed MSE and then checked the services. Firewall and Defender were back in the list and set to Manual startup. Any attempt to start them fails with Firewall: 'Access Denied error 5' and Defender: 'The service started and stopped, some services stop automatically, etc'

mwb and spybot now run without reporting errors.

I have now uninstalled MSE and loaded avira free. During the initial scan avira froze and hung for about 1.5 hours before I terminated.

Help!

Steve

Edited by vealie, 19 February 2014 - 09:23 AM.

Advertisements

Register to Remove

#2 vealie

New Member

Authentic Member
18 posts

Posted 19 February 2014 - 09:42 AM

This is my HJT log.

Logfile of HijackThis v1.99.1

Scan saved at 15:40:15, on 19/02/2014

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

C:\Users\Admin2\AppData\Local\VNT\vntldr.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Admin2\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

O4 - HKLM\..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe

O4 - HKLM\..\RunOnce: [PIP] C:\Users\Admin2\AppData\Local\Temp\Offercast_AVIRAV7_.exe -pid AVIRAV7 -rebootRetry

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [INTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#3 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 21 February 2014 - 10:00 AM

Hi vealie,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Unfortunately... I consider Ramnit a "game over" situation. I think you should reformat and then reinstall the operating system.

However, I'm willing to look at some logs and see what we see if you want:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#4 vealie

New Member

Authentic Member
18 posts

Posted 21 February 2014 - 11:44 AM

TomK,

Thanks for your time and help.....

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014

Ran by Admin2 at 2014-02-21 17:09:15

Running from C:\Users\Admin2\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)

Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)

AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden

AMD Fuel (Version: 2011.0712.44.42597 - AMD) Hidden

AMD Media Foundation Decoders (Version: 1.0.60712.0005 - ATI Technologies Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2011.0712.44.42597 - ATI) Hidden

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

ATI AVIVO64 Codecs (Version: 11.6.0.10712 - ATI Technologies Inc.) Hidden

ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)

Avira Free Antivirus (x32 Version: 14.0.3.338 - Avira)

Avira SearchFree Toolbar (x32 Version: 12.10.3.4488 - APN, LLC)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (x32 Version: 2.3.7140 - K-NFB Reading Technology, Inc.)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0712.44.42597 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.0712.44.42597 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2011.0712.44.42597 - ATI) Hidden

Catalyst Control Center Profiles Mobile (x32 Version: 2011.0712.44.42597 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Czech (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Danish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Dutch (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help English (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Finnish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help French (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help German (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Greek (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Italian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Japanese (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Korean (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Polish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Russian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Spanish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Swedish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Thai (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

CCC Help Turkish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden

ccc-utility64 (Version: 2011.0712.44.42597 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)

Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60 - Dell Inc.)

Dell DataSafe Local Backup (x32 Version: 9.4.60 - Dell Inc.)

Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (x32 Version: 1.5.201.0 - Fingertapps)

Dell PhotoStage (x32 Version: 1.5.0.65 - ArcSoft)

Dell Product Registration (x32 Version: 1.0.6 - Dell Inc.)

Dell Stage (x32 Version: 1.5.420.0 - Fingertapps)

Dell Stage Remote (x32 Version: 2.0.0.43 - ArcSoft)

Dell Touchpad (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)

Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.)

Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

Dell Webcam Central (x32 Version: 2.00.44 - Creative Technology Ltd)

Dell Wireless Driver Installation (x32 Version: 9.0 - Dell)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

DivX Setup (x32 Version: 2.6.1.8 - DivX, LLC)

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

eBay (x32 Version: 1.4.0 - eBay Inc.)

Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden

Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)

Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team)

Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

HiJackThis (x32 Version: 1.0.0 - Trend Micro)

HijackThis 1.99.1 (x32 Version: 1.99.1 - Soeperman Enterprises Ltd.)

IDT Audio (x32 Version: 1.0.6341.0 - IDT)

iTunes (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 27 (64-bit) (Version: 6.0.270 - Oracle)

Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden

Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden

Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden

Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Quickset64 (Version: 10.09.25 - Dell Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio)

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden

Skype Click to Call (x32 Version: 5.8.8855 - Skype Technologies S.A.)

Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)

Sony PC Companion 2.10.188 (x32 Version: 2.10.188 - Sony)

SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden

SyncUP (x32 Version: 10.2.13500 - Nero AG)

Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)

WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

17-02-2014 15:01:13 Sony PC Companion

17-02-2014 15:13:59 Installed HiJackThis

18-02-2014 00:07:07 Windows Update

18-02-2014 00:37:21 Removed Java™ 6 Update 37

18-02-2014 00:40:57 Installed Java 7 Update 51

18-02-2014 03:00:27 Windows Update

18-02-2014 23:35:29 Windows Update

19-02-2014 02:04:21 Windows Update

19-02-2014 14:55:21 OTL Restore Point - 19/02/2014 14:55:19

20-02-2014 10:53:36 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DB0BE1D-C3A4-4CAE-A419-F5682C3F7580} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)

Task: {135A49EB-56C7-4214-9ECD-DC1812CAAE6E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {1A618BD9-DB57-4173-A4E1-EC4EEA95AF79} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001Core => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {35CFEC24-1E81-4D40-A711-979350CB8D04} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1111199960-1227256506-274844869-1001

Task: {4937D1F7-E6E6-45BC-8AD3-A33BD97E92A7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)

Task: {52E56857-94C0-41F1-A6F9-89EE9DF846F6} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe

Task: {854AB1BA-38ED-4629-AED1-411891B0D468} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9A4BA43E-C52C-49AD-B689-2836BB01E9C2} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe

Task: {A8DDB28D-7123-40B5-9E86-D3C2915AC124} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)

Task: {B68865BF-A426-4D27-B779-75665FF3697D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)

Task: {BD9AE85B-EFDC-4B51-915E-1E271E8BD36F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-07] (PC-Doctor, Inc.)

Task: {DC418B27-0CF0-45D6-B628-FC0642106BE0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {F7CBAFF3-2A1F-4707-8440-F37F31CABAD4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001UA => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001Core.job => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001UA.job => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-12 05:53 - 2011-07-12 05:53 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2011-10-06 11:58 - 2011-08-18 16:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2011-06-28 00:26 - 2011-06-28 00:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

2011-06-29 13:52 - 2011-06-29 13:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

2010-11-17 15:35 - 2010-11-17 15:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2011-05-30 10:30 - 2011-05-30 10:30 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

2011-07-12 05:52 - 2011-07-12 05:52 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2011-07-12 05:42 - 2011-07-12 05:42 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-03-22 15:17 - 2011-03-22 15:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2014-02-19 11:59 - 2014-02-14 11:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-03-17 01:28 - 2010-03-17 01:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll

2010-03-22 20:52 - 2010-03-22 20:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll

2010-03-17 01:28 - 2010-03-17 01:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll

2010-03-17 01:28 - 2010-03-17 01:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll

2011-06-25 04:20 - 2011-06-25 04:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll

2011-06-28 00:25 - 2011-06-28 00:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll

2011-06-25 04:21 - 2011-06-25 04:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll

2010-03-12 00:52 - 2010-03-12 00:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll

2010-03-05 20:07 - 2010-03-05 20:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

2010-03-05 20:07 - 2010-03-05 20:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll

2010-03-12 00:52 - 2010-03-12 00:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-11-25 03:44 - 2010-11-25 03:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2011-05-30 10:25 - 2011-05-30 10:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll

2011-05-30 10:25 - 2011-05-30 10:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll

2014-02-05 20:34 - 2014-02-01 23:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll

2014-02-05 20:34 - 2014-02-01 23:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll

2014-02-05 20:35 - 2014-02-01 23:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

2014-02-05 20:35 - 2014-02-01 23:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

2014-02-05 20:34 - 2014-02-01 23:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 14103

Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 14103

Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12433

Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12433

Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11388

Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11388

Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:11:17 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

System errors:

=============

Error: (02/20/2014 11:40:53 PM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (02/20/2014 02:03:39 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (02/20/2014 11:28:07 AM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%-2147024891

Error: (02/20/2014 11:28:05 AM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (02/20/2014 11:26:36 AM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/19/2014 03:10:22 PM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (02/19/2014 01:56:16 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/19/2014 01:54:29 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/19/2014 00:19:36 PM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (02/19/2014 00:18:39 PM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5.

Microsoft Office Sessions:

=========================

Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 14103

Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 14103

Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12433

Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12433

Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11388

Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11388

Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2014 00:11:17 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

CodeIntegrity Errors:

===================================

Date: 2012-07-29 15:34:53.903

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Chloe\AppData\Local\Temp\bvpnjlro.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-29 15:34:53.825

Date: 2012-07-29 11:38:39.125

Date: 2012-07-29 11:38:39.047

==================== Memory info ===========================

Percentage of memory in use: 44%

Total physical RAM: 2668.02 MB

Available physical RAM: 1480.69 MB

Total Pagefile: 5334.23 MB

Available Pagefile: 3438.46 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:147.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: EDB1DD74)

Partition: GPT Partition Type.

==================== End Of Log ============================

#5 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 21 February 2014 - 01:30 PM

That is addition.txt. I also need to see FRST.txt.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#6 vealie

New Member

Authentic Member
18 posts

Posted 21 February 2014 - 04:04 PM

Sorry!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014

Ran by Admin2 (administrator) on CHLOE-LAPTOP on 21-02-2014 17:04:18

Running from C:\Users\Admin2\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(AMD) C:\windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\windows\system32\msiexec.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(APN LLC.) C:\Users\Admin2\AppData\Local\VNT\vntldr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)

HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()

HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()

HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-12] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [RoxWatchTray] - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)

HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)

Startup: C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)

DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchKeyword: google.co.uk

CHR Extension: (Google Docs) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]

CHR Extension: (Google Drive) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-19]

CHR Extension: (YouTube) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-19]

CHR Extension: (Google Search) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-19]

CHR Extension: (Google Wallet) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-02-19]

CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm [2014-02-19]

CHR Extension: (Gmail) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-19]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2014-02-20]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-12] (Advanced Micro Devices, Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-02-14] (Avira Operations GmbH & Co. KG)

S1 abdphysh; \??\C:\windows\system32\drivers\abdphysh.sys [X]

S1 brbhpior; \??\C:\windows\system32\drivers\brbhpior.sys [X]

S1 cjphkwwo; \??\C:\windows\system32\drivers\cjphkwwo.sys [X]

S1 eppfhhqj; \??\C:\windows\system32\drivers\eppfhhqj.sys [X]

S1 eqxynqhw; \??\C:\windows\system32\drivers\eqxynqhw.sys [X]

S1 forwuxqf; \??\C:\windows\system32\drivers\forwuxqf.sys [X]

S1 fpdhymzr; \??\C:\windows\system32\drivers\fpdhymzr.sys [X]

S1 futajjvw; \??\C:\windows\system32\drivers\futajjvw.sys [X]

S1 fzqvqgpj; \??\C:\windows\system32\drivers\fzqvqgpj.sys [X]

S1 gzgrafqo; \??\C:\windows\system32\drivers\gzgrafqo.sys [X]

S1 hocdoobh; \??\C:\windows\system32\drivers\hocdoobh.sys [X]

S1 jpvghcuv; \??\C:\windows\system32\drivers\jpvghcuv.sys [X]

S1 kdxeszml; \??\C:\windows\system32\drivers\kdxeszml.sys [X]

S1 nxvasbjr; \??\C:\windows\system32\drivers\nxvasbjr.sys [X]

S1 odcqkjnv; \??\C:\windows\system32\drivers\odcqkjnv.sys [X]

S1 osvyqtzg; \??\C:\windows\system32\drivers\osvyqtzg.sys [X]

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

S1 pxtcjnpy; \??\C:\windows\system32\drivers\pxtcjnpy.sys [X]

S1 rsgqtkwf; \??\C:\windows\system32\drivers\rsgqtkwf.sys [X]

S1 ughcqatp; \??\C:\windows\system32\drivers\ughcqatp.sys [X]

S1 vjmizuks; \??\C:\windows\system32\drivers\vjmizuks.sys [X]

S1 xlariapw; \??\C:\windows\system32\drivers\xlariapw.sys [X]

S1 xlszhgck; \??\C:\windows\system32\drivers\xlszhgck.sys [X]

S1 xsckdilr; \??\C:\windows\system32\drivers\xsckdilr.sys [X]

S1 yebjmdjg; \??\C:\windows\system32\drivers\yebjmdjg.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-21 17:04 - 2014-02-21 17:05 - 00017474 _____ () C:\Users\Admin2\Desktop\FRST.txt

2014-02-21 17:03 - 2014-02-21 17:04 - 00000000 ____D () C:\FRST

2014-02-21 17:02 - 2014-02-21 17:02 - 02153984 _____ (Farbar) C:\Users\Admin2\Desktop\FRST64.exe

2014-02-20 23:38 - 2014-02-20 23:38 - 00000000 ____D () C:\Users\Admin2\AppData\Local\CrashDumps

2014-02-19 21:12 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Apple

2014-02-19 15:40 - 2014-02-19 15:40 - 00015964 _____ () C:\Users\Admin2\Desktop\hijackthis.log

2014-02-19 15:37 - 2014-02-19 15:37 - 00049678 _____ () C:\Users\Admin2\Desktop\Extras.Txt

2014-02-19 15:32 - 2014-02-19 15:32 - 00148034 _____ () C:\Users\Admin2\Desktop\OTL.Txt

2014-02-19 15:19 - 2014-02-19 15:20 - 00000000 ____D () C:\Program Files\HijackThis

2014-02-19 15:19 - 2014-02-19 15:19 - 00251392 _____ () C:\Users\Admin2\Desktop\hijackthis_sfx.exe

2014-02-19 14:47 - 2014-02-19 14:47 - 00602112 _____ (OldTimer Tools) C:\Users\Admin2\Desktop\OTL.exe

2014-02-19 14:33 - 2014-02-19 14:34 - 00000000 ____D () C:\Users\Admin2\Desktop\tdsskiller

2014-02-19 14:32 - 2014-02-19 14:32 - 04102163 _____ () C:\Users\Admin2\Desktop\tdsskiller.zip

2014-02-19 12:03 - 2014-02-19 12:03 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Avira

2014-02-19 12:02 - 2014-02-21 17:03 - 00000000 ____D () C:\Users\Admin2\AppData\Local\VNT

2014-02-19 12:02 - 2014-02-21 17:03 - 00000000 ____D () C:\Program Files (x86)\VNT

2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork

2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\ProgramData\APN

2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork

2014-02-19 11:59 - 2014-02-19 11:59 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-02-19 11:58 - 2014-02-19 11:58 - 00000000 ____D () C:\ProgramData\Avira

2014-02-19 11:58 - 2014-02-19 11:58 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-02-19 11:58 - 2014-02-14 11:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys

2014-02-19 11:58 - 2014-02-14 11:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

2014-02-19 11:58 - 2014-02-14 11:00 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys

2014-02-19 11:58 - 2014-02-14 11:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys

2014-02-19 11:51 - 2014-02-19 11:54 - 137044488 _____ () C:\Users\Admin2\Downloads\avira_free_antivirus_en.exe

2014-02-19 11:48 - 2014-02-19 11:48 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Adobe

2014-02-19 11:46 - 2014-02-19 11:46 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Google

2014-02-19 11:43 - 2014-02-19 11:43 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

2014-02-19 11:43 - 2014-02-19 11:43 - 00000000 ____D () C:\Users\Admin2\AppData\Local\AMD

2014-02-19 11:42 - 2014-02-19 11:48 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Adobe

2014-02-19 11:42 - 2014-02-19 11:42 - 00126528 _____ () C:\Users\Admin2\AppData\Local\GDIPFONTCACHEV1.DAT

2014-02-19 11:42 - 2014-02-19 11:42 - 00001415 _____ () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Roxio

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Leadertech

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Dell Touch Zone

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Dell

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\ATI

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Apple Computer

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Dell

2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Local\ATI

2014-02-19 11:41 - 2014-02-19 11:42 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-19 11:41 - 2014-02-19 11:42 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-02-19 11:41 - 2014-02-19 11:41 - 00000020 ___SH () C:\Users\Admin2\ntuser.ini

2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\Admin2\AppData\Local\SoftThinks

2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\Admin2

2014-02-19 11:41 - 2011-10-06 11:49 - 00000000 ___RD () C:\Users\Admin2\Desktop\Play Games

2014-02-19 11:41 - 2011-10-06 10:25 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Macromedia

2014-02-19 11:41 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-02-19 11:41 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-02-19 11:14 - 2014-02-19 11:15 - 13670584 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe

2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-02-19 02:44 - 2014-02-19 02:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Roxio

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI

2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD

2014-02-19 02:41 - 2014-02-19 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Dell

2014-02-19 02:41 - 2014-02-19 02:41 - 00126528 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2014-02-19 02:41 - 2014-02-19 02:41 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leadertech

2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell Touch Zone

2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe

2014-02-19 02:39 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator

2014-02-19 02:39 - 2014-02-19 02:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SoftThinks

2014-02-19 02:39 - 2014-02-19 02:39 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini

2014-02-19 02:39 - 2011-10-06 11:49 - 00000000 ___RD () C:\Users\Administrator\Desktop\Play Games

2014-02-19 02:39 - 2011-10-06 10:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia

2014-02-19 02:39 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-02-19 02:39 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-02-19 01:04 - 2014-02-19 01:04 - 01056768 _____ () C:\windows\system32\defltbase.sdb

2014-02-19 00:53 - 2014-02-19 00:53 - 00007586 _____ () C:\Users\Chloe\Downloads\WinDefend.reg

2014-02-19 00:53 - 2014-02-19 00:53 - 00005256 _____ () C:\Users\Chloe\Downloads\wscsvc.reg

2014-02-19 00:37 - 2014-02-19 00:37 - 00176940 _____ () C:\Users\Chloe\Downloads\BFE.reg

2014-02-19 00:37 - 2014-02-19 00:37 - 00006396 _____ () C:\Users\Chloe\Downloads\MpsSvc.reg

2014-02-19 00:09 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll

2014-02-19 00:09 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL

2014-02-19 00:09 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL

2014-02-19 00:09 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll

2014-02-18 23:39 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-02-18 23:39 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-02-18 23:37 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-02-18 23:37 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-02-18 23:37 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-02-18 23:37 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-02-18 23:37 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-02-18 23:37 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-02-18 23:36 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-02-18 23:36 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-02-18 23:36 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-02-18 23:36 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-02-18 23:36 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-02-18 23:36 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-02-18 23:36 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-02-18 23:36 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-02-18 23:36 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-02-18 23:36 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-02-18 23:36 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-02-18 23:36 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-02-18 23:36 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-02-18 23:36 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-02-18 23:36 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-02-18 23:36 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-02-18 23:36 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-02-18 23:36 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-02-18 23:36 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-02-18 23:36 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-02-18 23:36 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-02-18 23:36 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-02-18 23:36 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-02-18 23:36 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-02-18 23:36 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-02-18 23:36 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-02-18 23:36 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-02-18 23:36 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-02-18 23:36 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-02-18 23:36 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-02-18 23:36 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-02-18 23:36 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-02-18 23:36 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-02-18 22:49 - 2014-02-18 22:51 - 101026576 _____ (Microsoft Corporation) C:\Users\Chloe\Downloads\msert (1).exe

2014-02-18 22:48 - 2014-02-18 22:48 - 00142083 _____ () C:\Users\Chloe\Downloads\msert.exe

2014-02-18 22:03 - 2014-02-18 22:03 - 13670584 _____ (Microsoft Corporation) C:\Users\Chloe\Downloads\mseinstall.exe

2014-02-18 12:07 - 2014-02-18 12:07 - 00000159 _____ () C:\windows\wininit.ini

2014-02-18 12:04 - 2014-02-18 12:04 - 00000000 ____D () C:\Users\Chloe\Documents\OneNote Notebooks

2014-02-18 03:19 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll

2014-02-18 03:19 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll

2014-02-18 03:18 - 2013-12-31 23:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls

2014-02-18 03:18 - 2013-12-31 23:04 - 00420008 _____ () C:\windows\system32\locale.nls

2014-02-18 03:18 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll

2014-02-18 03:18 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll

2014-02-18 03:18 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2014-02-18 03:18 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2014-02-18 03:18 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll

2014-02-18 03:18 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll

2014-02-18 03:17 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-02-18 03:17 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2014-02-18 03:17 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2014-02-18 03:17 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

2014-02-18 03:16 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll

2014-02-18 03:16 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll

2014-02-18 03:16 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll

2014-02-18 03:16 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll

2014-02-18 03:16 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2014-02-18 03:16 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe

2014-02-18 03:16 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe

2014-02-18 03:16 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe

2014-02-18 03:16 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe

2014-02-18 03:16 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll

2014-02-18 03:16 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll

2014-02-18 03:16 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll

2014-02-18 03:16 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll

2014-02-18 03:16 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll

2014-02-18 03:16 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe

2014-02-18 03:16 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe

2014-02-18 03:16 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe

2014-02-18 03:16 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-18 03:16 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys

2014-02-18 03:16 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys

2014-02-18 03:15 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

2014-02-18 03:15 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-02-18 03:15 - 2013-11-27 01:42 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2014-02-18 03:15 - 2013-11-27 01:42 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2014-02-18 03:15 - 2013-11-27 01:42 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys

2014-02-18 03:15 - 2013-11-27 01:42 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2014-02-18 03:15 - 2013-11-27 01:42 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2014-02-18 03:15 - 2013-11-27 01:42 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys

2014-02-18 03:15 - 2013-11-27 01:42 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2014-02-18 03:15 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys

2014-02-18 03:15 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-02-18 03:15 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll

2014-02-18 03:15 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

2014-02-18 03:15 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx

2014-02-18 03:15 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll

2014-02-18 03:15 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx

2014-02-18 03:15 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll

2014-02-18 03:15 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe

2014-02-18 03:15 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe

2014-02-18 03:15 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe

2014-02-18 03:15 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe

2014-02-18 01:59 - 2014-02-18 01:59 - 00280204 _____ () C:\Users\Chloe\Downloads\WindowsUpdateDiagnostic.diagcab

2014-02-18 01:13 - 2014-02-18 01:11 - 00000402 _____ () C:\Users\Chloe\Desktop\repair.bat

2014-02-18 00:44 - 2014-02-18 00:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-02-18 00:43 - 2014-02-18 00:42 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2014-02-18 00:42 - 2014-02-18 00:42 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2014-02-18 00:42 - 2014-02-18 00:42 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2014-02-18 00:42 - 2014-02-18 00:42 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-02-18 00:41 - 2014-02-18 00:41 - 00000000 ____D () C:\Program Files (x86)\Java

2014-02-18 00:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE

2014-02-18 00:12 - 2014-02-18 00:12 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-02-18 00:12 - 2014-02-18 00:12 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll

2014-02-18 00:12 - 2014-02-18 00:12 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-02-18 00:12 - 2014-02-18 00:12 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2014-02-18 00:12 - 2014-02-18 00:12 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-02-18 00:12 - 2014-02-18 00:12 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll

2014-02-18 00:12 - 2014-02-18 00:12 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll

2014-02-18 00:12 - 2014-02-18 00:12 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll

2014-02-18 00:12 - 2014-02-18 00:12 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2014-02-18 00:12 - 2014-02-18 00:12 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx

2014-02-18 00:12 - 2014-02-18 00:12 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-02-18 00:11 - 2014-02-18 00:12 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat

2014-02-18 00:11 - 2014-02-18 00:11 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat

2014-02-18 00:11 - 2014-02-18 00:11 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2014-02-18 00:11 - 2014-02-18 00:11 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx

2014-02-18 00:11 - 2014-02-18 00:11 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll

2014-02-18 00:11 - 2014-02-18 00:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe

2014-02-18 00:11 - 2014-02-18 00:11 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

2014-02-18 00:08 - 2014-02-18 00:20 - 00007469 _____ () C:\windows\IE11_main.log

2014-02-17 15:17 - 2014-02-17 15:17 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Malwarebytes

2014-02-17 15:17 - 2014-02-17 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-17 15:16 - 2014-02-17 15:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Chloe\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-17 15:14 - 2014-02-17 15:14 - 00002975 _____ () C:\Users\Chloe\Desktop\HiJackThis.lnk

2014-02-17 15:14 - 2014-02-17 15:14 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-02-17 15:14 - 2014-02-17 15:14 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-02-17 15:13 - 2014-02-17 15:13 - 01402880 _____ () C:\Users\Chloe\Downloads\HijackThis.msi

2014-02-17 14:49 - 2014-02-17 14:50 - 235680752 _____ () C:\regold.reg

2014-02-17 14:47 - 2014-02-17 14:45 - 00002629 _____ () C:\fix.reg

2014-02-17 12:47 - 2010-12-27 21:55 - 00119808 _____ () C:\Users\Chloe\Documents\waiting.avi

2014-02-17 12:47 - 2010-12-18 21:10 - 00152064 ____S () C:\Users\Chloe\Documents\Thumbs.db

2014-02-17 12:46 - 2012-03-11 14:34 - 02357774 _____ () C:\Users\Chloe\Documents\juliet talking weirdly.3gp

2014-02-17 12:46 - 2011-03-12 17:06 - 103926992 _____ () C:\Users\Chloe\Documents\isis.avi

2014-02-17 12:46 - 2010-03-07 11:55 - 237162520 _____ () C:\Users\Chloe\Documents\Picture 038.avi

2014-02-17 12:46 - 2010-03-07 11:55 - 157765128 _____ () C:\Users\Chloe\Documents\Picture 037.avi

2014-02-17 12:44 - 2014-02-17 12:44 - 00000000 ____D () C:\Users\Chloe\Documents\Sardinia

2014-02-17 12:43 - 2014-02-17 12:44 - 00000000 ____D () C:\Users\Chloe\Documents\New York

2014-02-17 12:43 - 2014-02-17 12:43 - 00000000 ____D () C:\Users\Chloe\Documents\Mummyy

2014-02-17 12:42 - 2014-02-17 12:43 - 00000000 ____D () C:\Users\Chloe\Documents\Me and Lottie

2014-02-17 12:40 - 2014-02-17 12:42 - 00000000 ____D () C:\Users\Chloe\Documents\Granny and Grandad

2014-02-17 12:25 - 2014-02-17 12:26 - 00000000 ____D () C:\Users\Chloe\Documents\Films

2014-02-17 12:25 - 2014-02-17 12:25 - 00000000 ____D () C:\Users\Chloe\Documents\DivX Movies

2014-02-17 12:25 - 2012-02-04 22:04 - 00000000 ____D () C:\Users\Chloe\Documents\Dell WebCam Central

2014-02-17 12:24 - 2014-02-17 12:24 - 00000000 ____D () C:\Users\Chloe\Documents\Composition

2014-02-17 12:24 - 2014-02-17 12:24 - 00000000 ____D () C:\Users\Chloe\Documents\Clover

2014-02-11 10:21 - 2014-02-19 11:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-02-11 10:21 - 2014-02-19 11:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy

2014-02-11 10:12 - 2014-02-11 10:08 - 16409960 _____ (Safer Networking Limited ) C:\Users\Chloe\Desktop\spybotsd162.exe

2014-02-10 23:37 - 2014-02-19 14:33 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Admin2\Desktop\TDSSKiller.exe

==================== One Month Modified Files and Folders =======

2014-02-21 17:05 - 2014-02-21 17:04 - 00017474 _____ () C:\Users\Admin2\Desktop\FRST.txt

2014-02-21 17:04 - 2014-02-21 17:03 - 00000000 ____D () C:\FRST

2014-02-21 17:03 - 2014-02-19 12:02 - 00000000 ____D () C:\Users\Admin2\AppData\Local\VNT

2014-02-21 17:03 - 2014-02-19 12:02 - 00000000 ____D () C:\Program Files (x86)\VNT

2014-02-21 17:02 - 2014-02-21 17:02 - 02153984 _____ (Farbar) C:\Users\Admin2\Desktop\FRST64.exe

2014-02-21 17:02 - 2012-04-02 10:05 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-02-21 17:02 - 2012-04-02 10:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-02-21 17:02 - 2012-04-02 10:04 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-02-21 17:02 - 2011-12-30 18:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-21 17:01 - 2012-07-10 18:35 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-21 17:01 - 2011-12-27 19:39 - 00000926 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001UA.job

2014-02-21 17:01 - 2011-10-06 09:36 - 01653214 _____ () C:\windows\WindowsUpdate.log

2014-02-21 00:11 - 2012-07-10 18:35 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-20 23:38 - 2014-02-20 23:38 - 00000000 ____D () C:\Users\Admin2\AppData\Local\CrashDumps

2014-02-20 23:38 - 2011-12-27 19:39 - 00000904 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001Core.job

2014-02-20 14:03 - 2011-12-22 00:01 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-02-20 14:03 - 2011-12-22 00:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-02-20 14:03 - 2011-10-06 11:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-02-20 11:36 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-20 11:36 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-20 11:28 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-02-20 11:28 - 2009-07-14 04:51 - 00069385 _____ () C:\windows\setupact.log

2014-02-20 11:27 - 2010-11-21 03:47 - 00688884 _____ () C:\windows\PFRO.log

2014-02-20 10:58 - 2011-10-06 10:03 - 00770932 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-02-20 10:58 - 2009-07-14 05:13 - 00770932 _____ () C:\windows\system32\PerfStringBackup.INI

2014-02-19 21:12 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Apple

2014-02-19 15:40 - 2014-02-19 15:40 - 00015964 _____ () C:\Users\Admin2\Desktop\hijackthis.log

2014-02-19 15:37 - 2014-02-19 15:37 - 00049678 _____ () C:\Users\Admin2\Desktop\Extras.Txt

2014-02-19 15:32 - 2014-02-19 15:32 - 00148034 _____ () C:\Users\Admin2\Desktop\OTL.Txt

2014-02-19 15:20 - 2014-02-19 15:19 - 00000000 ____D () C:\Program Files\HijackThis

2014-02-19 15:19 - 2014-02-19 15:19 - 00251392 _____ () C:\Users\Admin2\Desktop\hijackthis_sfx.exe

2014-02-19 14:47 - 2014-02-19 14:47 - 00602112 _____ (OldTimer Tools) C:\Users\Admin2\Desktop\OTL.exe

2014-02-19 14:34 - 2014-02-19 14:33 - 00000000 ____D () C:\Users\Admin2\Desktop\tdsskiller

2014-02-19 14:33 - 2014-02-10 23:37 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Admin2\Desktop\TDSSKiller.exe