johnblaze

Yeah, I totally understand. I've had enough help from you guys in the past to know that you wouldn't advise a factory reset lightly. As I said, it's not like I'll lose any information as I have the chance to back it up, and the main priority is getting a working laptop back to my sister-in-law. I'd like to thank you again for taking the time to help me. Re-reading my last message and it's maybe a little curt which is not how I meant it to sound as I do genuinely appreciate all the help you've given me :)

Thanks Starbuck, sounds like a factory reset is for the best. At least I have the chance to back up any important info beforehand. Thanks for all your help.

FRST text file as requested: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014 Ran by SYSTEM on MININT-7BK34B7 on 16-06-2014 01:05:07 Running from E:\ Platform: Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM-x32\...\RunOnce: [OTL] - "C:\Users\Test\Desktop\OTL.exe" [602112 2014-06-11] (OldTimer Tools) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-29] (Microsoft Corporation) S4 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [232256 2014-03-20] (SlimWare Utilities, Inc.) ==================== Drivers (Whitelisted) ==================== S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-14 06:14 - 2014-06-14 06:14 - 00000204 _____ () C:\Users\Test\Desktop\delete.reg 2014-06-14 03:08 - 2014-06-14 03:08 - 00000204 _____ () C:\Users\Test\Desktop\delete.txt 2014-06-13 20:10 - 2014-06-13 20:10 - 00001860 _____ () C:\Users\Test\Desktop\peek.txt 2014-06-13 20:10 - 2014-06-13 20:10 - 00000115 _____ () C:\Users\Test\Desktop\look.txt 2014-06-13 17:24 - 2014-06-13 17:24 - 00000000 ____D () C:\_OTL 2014-06-13 17:05 - 2014-06-13 17:05 - 00000263 _____ () C:\Users\Test\Desktop\peek.bat 2014-06-13 14:25 - 2014-06-13 14:25 - 01025536 _____ (Farbar) C:\Users\Test\Desktop\ListParts64.exe 2014-06-13 14:20 - 2014-06-13 14:20 - 00002362 _____ () C:\Users\Test\Desktop\fix.txt 2014-06-11 16:04 - 2014-06-11 16:04 - 00602112 _____ (OldTimer Tools) C:\Users\Test\Desktop\OTL.exe 2014-06-10 20:04 - 2014-06-16 01:05 - 00000000 ____D () C:\FRST 2014-06-10 20:02 - 2014-06-10 20:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-10 19:51 - 2014-06-10 19:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore 2014-06-10 19:14 - 2014-06-10 19:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol 2014-06-10 19:13 - 2014-06-15 17:57 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp 2014-06-10 19:13 - 2014-06-10 19:14 - 00000000 ____D () C:\users\Test 2014-06-10 19:13 - 2014-06-10 19:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini 2014-06-10 19:13 - 2013-12-18 04:13 - 00000000 ____D () C:\Users\Test\AppData\Local\SoftThinks 2014-06-10 19:13 - 2013-06-22 07:30 - 00000000 ____D () C:\Users\Test\AppData\LocalGoogle 2014-06-10 19:13 - 2013-06-22 07:30 - 00000000 ____D () C:\Users\Test\AppData\Local\Google 2014-06-10 17:01 - 2014-06-10 17:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe 2014-06-09 16:38 - 2014-06-10 19:22 - 00000000 ____D () C:\Windows\pss 2014-06-09 16:12 - 2014-06-09 16:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg 2014-05-24 14:46 - 2014-05-24 14:46 - 00003536 ____N () C:\bootsqm.dat 2014-05-24 14:43 - 2014-05-24 14:43 - 00000000 __SHD () C:\found.000 2014-05-23 17:07 - 2014-05-23 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 17:06 - 2014-05-23 17:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe ==================== One Month Modified Files and Folders ======= 2014-06-16 01:05 - 2014-06-10 20:04 - 00000000 ____D () C:\FRST 2014-06-15 17:57 - 2014-06-10 19:13 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp 2014-06-14 06:35 - 2014-01-10 19:10 - 00131072 _____ () C:\Windows\System32\Ikeext.etl 2014-06-14 06:26 - 2012-12-08 09:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-14 06:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-14 06:25 - 2009-07-13 23:51 - 00097634 _____ () C:\Windows\setupact.log 2014-06-14 06:18 - 2012-12-08 09:10 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-14 06:14 - 2014-06-14 06:14 - 00000204 _____ () C:\Users\Test\Desktop\delete.reg 2014-06-14 03:08 - 2014-06-14 03:08 - 00000204 _____ () C:\Users\Test\Desktop\delete.txt 2014-06-13 20:10 - 2014-06-13 20:10 - 00001860 _____ () C:\Users\Test\Desktop\peek.txt 2014-06-13 20:10 - 2014-06-13 20:10 - 00000115 _____ () C:\Users\Test\Desktop\look.txt 2014-06-13 17:30 - 2010-12-25 05:40 - 00568188 _____ () C:\Windows\PFRO.log 2014-06-13 17:24 - 2014-06-13 17:24 - 00000000 ____D () C:\_OTL 2014-06-13 17:05 - 2014-06-13 17:05 - 00000263 _____ () C:\Users\Test\Desktop\peek.bat 2014-06-13 14:25 - 2014-06-13 14:25 - 01025536 _____ (Farbar) C:\Users\Test\Desktop\ListParts64.exe 2014-06-13 14:20 - 2014-06-13 14:20 - 00002362 _____ () C:\Users\Test\Desktop\fix.txt 2014-06-12 06:38 - 2009-07-14 00:13 - 00779724 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-06-11 19:01 - 2012-12-08 14:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\Temp 2014-06-11 16:04 - 2014-06-11 16:04 - 00602112 _____ (OldTimer Tools) C:\Users\Test\Desktop\OTL.exe 2014-06-10 20:02 - 2014-06-10 20:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-10 19:51 - 2014-06-10 19:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore 2014-06-10 19:22 - 2014-06-09 16:38 - 00000000 ____D () C:\Windows\pss 2014-06-10 19:14 - 2014-06-10 19:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol 2014-06-10 19:14 - 2014-06-10 19:13 - 00000000 ____D () C:\users\Test 2014-06-10 19:13 - 2014-06-10 19:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini 2014-06-10 17:01 - 2014-06-10 17:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe 2014-06-10 00:17 - 2014-03-19 05:23 - 00000000 ____D () C:\ac0374c245021b16e5f3eb1c4b 2014-06-10 00:17 - 2014-01-15 12:11 - 00000000 ____D () C:\cb287b6835fb775f481b1cb1 2014-06-10 00:17 - 2013-08-29 05:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client 2014-06-10 00:17 - 2013-05-15 17:23 - 00000000 ____D () C:\3f70fcbecbda9e92dfb94d2fb0509fea 2014-06-10 00:17 - 2013-05-14 10:29 - 00000000 ____D () C:\Program Files (x86)\GUMFE99.tmp 2014-06-10 00:17 - 2013-03-10 16:03 - 00000000 ____D () C:\01e102cb5879a79d5648 2014-06-10 00:17 - 2012-12-08 14:31 - 00000000 ____D () C:\Emergency 2014-06-10 00:17 - 2012-12-08 09:10 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-10 00:17 - 2010-12-25 05:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-06-10 00:16 - 2014-04-20 03:52 - 00000000 ___RD () C:\Users\caroline\Podcasts 2014-06-10 00:16 - 2014-04-18 14:41 - 00000000 ____D () C:\ProgramData\COnvEurtteRR Maste 2014-06-10 00:16 - 2014-04-17 05:10 - 00000000 ____D () C:\Program Files\Zune 2014-06-10 00:16 - 2014-04-15 05:15 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d 2014-06-10 00:16 - 2014-04-01 07:53 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-06-10 00:16 - 2014-04-01 07:53 - 00000000 ____D () C:\ProgramData\Documents\Downloaded Installers 2014-06-10 00:16 - 2014-04-01 07:53 - 00000000 ____D () C:\Program Files\SlimCleaner Plus 2014-06-10 00:16 - 2014-03-23 08:35 - 00000000 ____D () C:\ProgramData\Websteroids 2014-06-10 00:16 - 2013-08-30 08:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-06-10 00:16 - 2013-08-30 08:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-06-10 00:16 - 2013-08-29 05:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 00:16 - 2013-03-13 05:27 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Macrovision 2014-06-10 00:16 - 2013-01-15 14:10 - 00000000 ____D () C:\Windows\Minidump 2014-06-10 00:16 - 2012-12-25 10:43 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\ArcSoft 2014-06-10 00:16 - 2012-12-08 14:38 - 00000000 ____D () C:\users\caroline 2014-06-10 00:16 - 2010-12-25 06:16 - 00000000 ____D () C:\Program Files\Windows Journal 2014-06-10 00:16 - 2010-12-25 05:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-06-10 00:16 - 2010-12-25 05:44 - 00000000 ____D () C:\ProgramData\Skype 2014-06-10 00:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-06-10 00:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-06-10 00:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-06-10 00:15 - 2013-08-29 05:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-06-10 00:15 - 2013-03-21 16:39 - 00000000 ____D () C:\Windows\System32\EventProviders 2014-06-10 00:15 - 2012-12-25 08:54 - 00000000 ____D () C:\Windows\System32\Macromed 2014-06-10 00:15 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy 2014-06-10 00:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-06-10 00:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\System32\NDF 2014-06-09 16:12 - 2014-06-09 16:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg 2014-05-24 14:46 - 2014-05-24 14:46 - 00003536 ____N () C:\bootsqm.dat 2014-05-24 14:43 - 2014-05-24 14:43 - 00000000 __SHD () C:\found.000 2014-05-23 17:25 - 2012-12-08 09:13 - 00000000 ____D () C:\Program Files\Google 2014-05-23 17:14 - 2010-12-25 04:20 - 01926678 _____ () C:\Windows\WindowsUpdate.log 2014-05-23 17:10 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-23 17:10 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-23 17:07 - 2014-05-23 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 17:07 - 2014-05-23 17:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-23 17:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing 2014-05-23 16:42 - 2010-12-25 05:26 - 00000000 ____D () C:\ProgramData\WildTangent 2014-05-23 16:40 - 2013-02-02 13:47 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\player 2014-05-23 16:35 - 2012-12-08 09:10 - 00000000 ____D () C:\Users\caroline\AppData\Local\Google 2014-05-23 16:35 - 2010-12-25 05:36 - 00000000 ____D () C:\ProgramData\Sonic ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 2010.36 MB Available physical RAM: 1475.43 MB Total Pagefile: 2010.36 MB Available Pagefile: 1464.63 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:175.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.09 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (Backup) (Fixed) (Total:298.09 GB) (Free:252.06 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E94AE992) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 298 GB) (Disk ID: EF2C2527) Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS) LastRegBack: 2014-01-10 19:34 ==================== End Of Log ============================

Hi Starbuck, thanks for keeping me in the loop. I'll sit tight until you get back in touch, and thanks again for your time & help.

Hi Starbuck, I followed the instructions in your last post but the computer still won't boot in normal mode. I'm still getting the blank screen with only the pointer...

Notepad file from peek.bat: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option] "OptionValue"=dword:00000001 REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "ComSpec"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,63,6d,64,2e,65,78,65,00 "FP_NO_HOST_CHECK"="NO" "OS"="Windows_NT" "Path"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live;C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\DLLShared\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\DLLShared\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\DLLShared\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\12.0\\DLLShared\\;C:\\Program Files (x86)\\Roxio\\OEM\\AudioCore\\;C:\\Program Files (x86)\\Windows Live\\Shared;C:\\Users\\caroline\\AppData\\Local\\Smartbar\\Application\\" "PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" "PROCESSOR_ARCHITECTURE"="AMD64" "TEMP"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,54,45,4d,50,00 "TMP"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,54,45,4d,50,00 "USERNAME"="SYSTEM" "windir"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,00 "PSModulePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,57,69,6e,64,6f,77,73,50,6f,77,65,72,53,68,65,6c,6c,5c,76,31,2e,30,\ 5c,4d,6f,64,75,6c,65,73,5c,00 "NUMBER_OF_PROCESSORS"="1" "PROCESSOR_LEVEL"="6" "PROCESSOR_IDENTIFIER"="Intel64 Family 6 Model 23 Stepping 10, GenuineIntel" "PROCESSOR_REVISION"="170a" "EMC_AUTOPLAY"="C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\" "RCAUTOPLAY"="C:\\Program Files (x86)\\Roxio\\OEM\\Roxio Central 5\\" "BURN_AUTOPLAY"="C:\\Program Files (x86)\\Roxio\\OEM\\Roxio Burn\\" "SAFEBOOT_OPTION"="MINIMAL"

Hi Starbuck, I've pasted the info as requested (after running the fix in OTL the laptop had the same problem with blank screen so I had to reboot in safe mode again to access the log) OTL: All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc3 2loader.dll deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Browser Infrastructure Helper\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Browser Plugin Loader\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Browser Plugin Loader 64\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic EPM Support\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Home Page Guard 64 bit\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Search Scope Monitor\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Marine Aquarium Lite EPM Support\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Marine Aquarium Lite Home Page Guard 64 bit\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Marine Aquarium Lite Search Scope Monitor\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MarineAquarium3Free_57 Browser Plugin Loader\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MarineAquarium3Free_57 Browser Plugin Loader 64\ not found. File C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.8 0.dll not found. ========== FILES ========== File\Folder C:\program files (x86)\premieropinion not found. File\Folder C:\Users\caroline\AppData\Roaming\DefaultTab not found. < ipconfig /flushdns /c > Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. C:\Users\Test\Desktop\cmd.bat deleted successfully. C:\Users\Test\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: caroline -> No Temporary Internet Files cache folder defined! User: Default -> No Temporary Internet Files cache folder defined! User: Default User -> No Temporary Internet Files cache folder defined! User: Public -> No Temporary Internet Files cache folder defined! User: Test -> No Temporary Internet Files cache folder defined! %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 911909990 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 870.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 06132014_232457 ListParts64: ListParts by Farbar Version: 17-04-2014 Ran by Test (administrator) on 13-06-2014 at 23:34:14 Windows 7 (X64) Running From: C:\Users\Test\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 22% Total physical RAM: 2010.36 MB Available physical RAM: 1567.32 MB Total Pagefile: 4020.73 MB Available Pagefile: 3601.34 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:175.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Partitions of Disk 0: =============== Disk ID: E94AE992 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 100 MB 1024 KB Partition 2 Primary 14 GB 101 MB Partition 3 Primary 218 GB 14 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Recovery NTFS Partition 14 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy Boot ====================================================================================================== ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: E94AE992 Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS) ****** End Of Log ******

Success! Here's the OTL.txt: OTL logfile created on: 6/13/2014 12:57:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 81.03% Memory free 3.93 Gb Paging File | 3.57 Gb Available in Paging File | 90.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218.14 Gb Total Space | 174.24 Gb Free Space | 79.88% Space Free | Partition Type: NTFS Computer Name: CAROLINE-PC | User Name: Test | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation) SRV:64bit: - (SlimService) -- C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe (SlimWare Utilities, Inc.) SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (Sftvol) -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CtClsFlt) -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (L1C) -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (ApfiltrService) -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (RSUSBSTOR) -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\WINDOWS\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (yukonw7) -- C:\WINDOWS\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/25 11:47:28 | 000,000,000 | ---D | M] [2013/02/02 19:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: avast! Online Security = \Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\ CHR - Extension: Google Wallet = \Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^smartbar_3312014.exe.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\caroline\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar) MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MsConfig:64bit - StartUpReg: FilmFanatic Browser Plugin Loader - hkey= - key= - File not found MsConfig:64bit - StartUpReg: FilmFanatic Browser Plugin Loader 64 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: FilmFanatic EPM Support - hkey= - key= - File not found MsConfig:64bit - StartUpReg: FilmFanatic Home Page Guard 64 bit - hkey= - key= - File not found MsConfig:64bit - StartUpReg: FilmFanatic Search Scope Monitor - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) MsConfig:64bit - StartUpReg: Marine Aquarium Lite EPM Support - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Marine Aquarium Lite Home Page Guard 64 bit - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Marine Aquarium Lite Search Scope Monitor - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MarineAquarium3Free_57 Browser Plugin Loader - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MarineAquarium3Free_57 Browser Plugin Loader 64 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SlimCleaner Plus - hkey= - key= - C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (SlimWare Utilities, Inc.) MsConfig:64bit - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. ========== Files/Folders - Created Within 30 Days ========== [2014/06/11 02:04:53 | 000,000,000 | ---D | C] -- C:\FRST [2014/06/11 02:04:53 | 000,000,000 | ---D | C] -- \FRST [2014/06/11 02:01:15 | 000,000,000 | -H-D | C] -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Videos [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Pictures [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Music [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Links [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Favorites [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Downloads [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Documents [2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Desktop [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Templates [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Start Menu [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\SendTo [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Recent [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\PrintHood [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\NetHood [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\My Documents [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Local Settings [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Cookies [2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Application Data [2014/06/11 01:13:40 | 000,000,000 | -H-D | C] -- C:\Users\Test\AppData [2014/06/11 01:13:40 | 000,000,000 | ---D | C] -- C:\Users\Test\Saved Games [2014/06/09 22:38:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014/06/09 22:08:29 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2014/05/24 20:43:51 | 000,000,000 | -HSD | C] -- C:\found.000 [2014/05/24 20:43:51 | 000,000,000 | -HSD | C] -- \found.000 [2014/05/23 23:08:09 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/05/23 23:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/05/23 23:07:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/05/23 23:07:49 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/05/23 23:07:49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014/05/23 23:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/05/23 23:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/06/13 00:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/06/13 00:54:25 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys [2014/06/12 12:38:44 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/06/12 12:38:44 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/06/12 12:38:44 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/06/12 01:57:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/06/12 01:56:57 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2014/06/11 01:18:19 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/06/11 01:14:40 | 000,000,258 | RHS- | M] () -- C:\Users\Test\ntuser.pol [2014/06/09 22:17:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/05/24 20:46:30 | 000,003,536 | ---- | M] () -- C:\bootsqm.dat [2014/05/23 23:10:32 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/05/23 23:10:24 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/05/23 23:07:57 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/06/11 01:14:40 | 000,000,258 | RHS- | C] () -- C:\Users\Test\ntuser.pol [2014/06/11 01:13:40 | 000,000,290 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2014/06/11 01:13:40 | 000,000,272 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2014/05/24 20:46:30 | 000,003,536 | ---- | C] () -- C:\bootsqm.dat [2014/05/24 20:46:30 | 000,003,536 | ---- | C] () -- \bootsqm.dat [2014/05/23 23:07:57 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/04/29 19:18:58 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll [2013/12/05 20:42:59 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013/02/02 19:45:25 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/12/08 20:32:29 | 1581,010,944 | -HS- | C] () -- \hiberfil.sys [2010/12/25 11:51:21 | 000,003,103 | -H-- | C] () -- \dell.sdr [2009/04/28 17:27:09 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009/04/28 17:27:08 | 000,383,562 | RHS- | C] () -- \bootmgr ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > And here's the Extras.txt: OTL Extras logfile created on: 6/13/2014 12:57:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 81.03% Memory free 3.93 Gb Paging File | 3.57 Gb Available in Paging File | 90.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218.14 Gb Total Space | 174.24 Gb Free Space | 79.88% Space Free | Partition Type: NTFS Computer Name: CAROLINE-PC | User Name: Test | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0519B2DA-DA8C-4D1D-B2C6-7E20CEA13E6B}" = rport=445 | protocol=6 | dir=out | app=system | "{160D5E3A-65FD-47F8-B747-D37A31BC4E91}" = lport=445 | protocol=6 | dir=in | app=system | "{2034C4CF-7424-41A7-BE1E-C5F1685BC174}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2125B0B1-84B8-4337-9425-DE5FE4E3864F}" = rport=10243 | protocol=6 | dir=out | app=system | "{21DFE584-43A6-4C8E-9923-3AAB6A0CE2D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28A23757-E58F-4C44-8173-AB557B09B0EA}" = lport=10243 | protocol=6 | dir=in | app=system | "{29061EE2-73C0-4046-97E7-2BBA7F6128FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{298941CC-B235-4A41-9376-2C5124EA2D67}" = rport=139 | protocol=6 | dir=out | app=system | "{42D7A239-8510-4243-956E-C86C6213B45B}" = rport=137 | protocol=17 | dir=out | app=system | "{42F21532-8743-4172-8A01-1A71BF760FFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4441E109-EA73-47C3-9309-29D02127115C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{56266383-8B2D-46F9-8BB4-14D27B65030E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{569A92C8-ECF7-488F-9E7A-CA826023A231}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7001C839-26C7-482A-A188-77F574EB17E2}" = lport=139 | protocol=6 | dir=in | app=system | "{73DEBCA8-78FB-4C1D-A654-C0BCB2302E6E}" = rport=138 | protocol=17 | dir=out | app=system | "{7A7EEC0D-7F37-4344-B872-9D8592F74A4A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{825D9BBB-0B33-43EF-848F-ACE802963A36}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8BAB6F48-76B3-4AC2-AB0B-9AB33B3D0F09}" = lport=2869 | protocol=6 | dir=in | app=system | "{98F45A54-7777-4494-A737-94E6DFB94DD5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9F08FDBE-0075-4479-84DC-FD20078929A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{AA93F64E-B855-4A7B-B520-E68038ED2436}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B12A0755-0D57-4BFE-92BC-85EA1E7DD195}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C236BEDE-29AB-42BC-9F9A-5FD3B796B804}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6B048E5-8841-4C85-A777-FD83A8DBD963}" = lport=138 | protocol=17 | dir=in | app=system | "{D4EC3005-A9DB-4C8A-A2A7-B69B91FF55D7}" = lport=2869 | protocol=6 | dir=in | app=system | "{E612AF83-AF74-4930-A37E-9FCDBB502C46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7108903-6750-45FA-9FDA-97CFB2B4C196}" = lport=137 | protocol=17 | dir=in | app=system | "{F6101F5C-E913-4C5C-95F8-0407887D9FEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AEF6CFB-F988-412F-851C-149C18222FD4}" = protocol=6 | dir=in | app=c:\users\caroline\appdata\roaming\utorrent\utorrent.exe | "{14A199D2-2F70-4B06-9925-E8FD289A5DBE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{187BBE7B-25A3-4FF4-8015-139A4E2115B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3CB181B9-65E7-4A81-9658-B6401A853131}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{400FC15C-05B7-49FA-B763-55CC968E1192}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42D235AC-18B3-491B-8C1B-26260FC1A5F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4DCE93D7-0F53-440D-AD1E-D5E5B108BD05}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe | "{62CB82A8-62B0-4288-9375-F656E623DA50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{66777969-C895-4EA3-A5ED-930406D07308}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6682DF26-F9AE-45E5-B1BA-5529FB4B054F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{66DA9ED0-2B87-4757-821B-59578EC343A7}" = dir=in | app=c:\users\caroline\appdata\local\microsoft\skydrive\skydrive.exe | "{6733492B-ED8B-4881-B3EB-CA566F6EF8C0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{6B27F2DF-F056-4180-BCF6-3A2B5446082F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{87B07E88-A614-4A05-881A-E17BA6B82F90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{88C8142D-D5ED-465C-9F04-A0C4ECCA8F36}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{8F3B56D8-7481-4F50-8661-62CD7900EB08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{96D5A93C-1067-43A2-8A79-552C381AF318}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A65EC814-A2E8-430A-A0A5-A58EFF9F7F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe | "{B1981DD6-984D-4FDC-8B76-45859BBCDC04}" = protocol=6 | dir=out | app=system | "{B58AC8C4-D209-4B51-BA31-135317B1330F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B6A961C1-1B8D-431B-A580-4B80E8099343}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D5DAB4C1-C807-4958-8312-F5568FF526F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DBB4862C-2784-43B9-B418-8461B284B3C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1184AF8-2B2B-473E-8EA0-CD996C3725F7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{E6DAFCBC-5D91-49C9-A9E8-FE938DE0066D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EA50DB82-6827-4406-A6C1-DF92F50B7C21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F47DDC8E-8354-40D5-A737-660D64B98FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F65D81C8-AD00-4DB4-A27D-A9CFA410F9E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F83CCD9E-AAED-4140-9079-B93E0860ABF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F9D70B19-4E2E-4FBB-8F2A-E5EB110EE245}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FCC6F5FD-3B4F-4C58-94CD-D8AD38AF179A}" = protocol=17 | dir=in | app=c:\users\caroline\appdata\roaming\utorrent\utorrent.exe | "TCP Query User{76DDEBD4-ACF6-419C-8C2D-F0927FAE664F}C:\program files (x86)\premieropinion\pmropn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe | "UDP Query User{66F2D1D7-F816-468D-A46C-4154FB220CFD}C:\program files (x86)\premieropinion\pmropn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416039FF}" = Java 6 Update 39 (64-bit) "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EA70F545-7D7D-4E65-BD8B-21D2DE0F0165}" = SlimCleaner Plus "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "O365HomePremRetail - en-us" = Microsoft Office 365 - en-us "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3D9326E1-E378-48A6-A82B-800147E63306}" = ArcSoft MediaImpression 2 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D96EBFC0-C680-4463-B4F0-299E48771819}" = Yahoo Community Smartbar "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "DefaultTab" = DefaultTab "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "FilmFanaticbar Uninstall Internet Explorer" = FilmFanatic Internet Explorer Toolbar "Google Chrome" = Google Chrome "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012 "MarineAquarium3Free_57bar Uninstall Internet Explorer" = Marine Aquarium Lite Internet Explorer Toolbar "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/16/2014 6:53:20 AM | Computer Name = caroline-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ffc Start Time: 01cf59616a7e9521 Termination Time: 47 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error - 4/17/2014 4:37:20 AM | Computer Name = caroline-PC | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 4/17/2014 4:40:43 AM | Computer Name = caroline-PC | Source = Registry Helper Service | ID = 109 Description = Error: Service started Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 13 Description = Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 8193 Description = Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 13 Description = Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 8193 Description = Error - 4/17/2014 6:16:28 AM | Computer Name = caroline-PC | Source = Registry Helper Service | ID = 109 Description = Error: Service started Error - 4/17/2014 6:27:55 AM | Computer Name = caroline-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 9dc Start Time: 01cf5a277f17d50f Termination Time: 66 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error - 4/17/2014 6:40:15 AM | Computer Name = caroline-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'Internet Explorer' could not be shut down. [ Dell Events ] Error - 12/8/2012 10:15:53 AM | Computer Name = caroline-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 6/12/2014 7:55:19 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 7:55:20 PM | Computer Name = caroline-PC | Source = DCOM | ID = 10005 Description = Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = DCOM | ID = 10005 Description = Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 6/12/2014 8:04:56 PM | Computer Name = caroline-PC | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. < End of report >

Hi Starbuck, I tried to run OTL in safe mode as per your original instructions and it froze again (I left it almost 40 minutes this time). I couldn't see what it was scanning when it froze, however I did notice that the last line of text that I pasted into the 'Custom Scans/Fixes' box had disappeared (CREATERESTOREPOINT)...

Here's the fixlog.txt (the laptop didn't re-boot into normal mode, it just went to the blank screen again): Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014 Ran by Test at 2014-06-12 01:00:39 Run:1 Running from C:\Users\Test\Desktop Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] => [X] AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll File Not Found AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32 loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc3 2loader.dll" File Not Found SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq 3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0e sujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRT Py0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq 3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0e sujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRT Py0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms} BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File BHO-x32: Toolbar BHO - {074d3229-0a22-491b-b9dd-ff3171d75f25} - C:\PROGRA~2\MARINE~2\bar\1.bin\57bar.dll No File BHO-x32: Search Assistant BHO - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll No File BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll No File BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\PROGRA~2\FILMFA~2\bar\1.bin\pabar.dll No File BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File BHO-x32: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File Toolbar: HKLM-x32 - FilmFanatic - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll No File Toolbar: HKLM-x32 - Marine Aquarium Lite - {07189b84-b33b-4a1e-9b32-ad203c983c20} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll No File Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File FF Plugin-x32: @FilmFanatic.com/Plugin - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dl l No File FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [36632 2014-03-25] () S2 FilmFanaticService; C:\PROGRA~2\FILMFA~2\bar\1.bin\pabarsvc.exe [X] S2 MarineAquarium3Free_57Service; C:\PROGRA~2\MARINE~2\bar\1.bin\57barsvc.exe [X] S3 JLTECH0227; System32\Drivers\jl2005c.sys [X] 2014-06-10 06:17 - 2014-04-17 09:39 - 00000000 ____D () C:\Program Files (x86)\LPT 2014-06-10 06:16 - 2014-04-17 09:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\LPT 2014-06-10 06:16 - 2013-05-01 21:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\iLivid 2014-06-09 22:36 - 2012-12-08 15:08 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-24 21:54 - 2013-02-02 19:38 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect 2014-05-23 22:09 - 2013-02-02 19:20 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\uTorrent Task: {40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" C:\Program Files\Common Files\McAfee C:\Program Files\McAfee C:\Program Files\AVAST Software C:\Program Files (x86)\MarineAquarium3Free_57 C:\Program Files (x86)\BabylonToolbar C:\Program Files (x86)\Common Files\McAfee C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab C:\Program Files (x86)\FilmFanatic Reboot: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll" => Value Data not found. "c:\progra~2\searchprotect\searchprotect\bin\spvc32 loader.dll" => Value Data not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully. 'HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully. 'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074d3229-0a22-491b-b9dd-ff3171d75f25}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631acb68-57c3-48af-9cc5-fcec0837ffd3}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. 'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425}' => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{07189b84-b33b-4a1e-9b32-ad203c983c20} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}' => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully. 'HKCR\PROTOCOLS\Handler\skype-ie-addon-data' => Key deleted successfully. 'HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}'=> Key not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@FilmFanatic.com/Plugin' => Key deleted successfully. C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin' => Key deleted successfully. FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dl l No File not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully. LPTSystemUpdater => Service deleted successfully. FilmFanaticService => Service deleted successfully. MarineAquarium3Free_57Service => Service deleted successfully. JLTECH0227 => Service deleted successfully. C:\Program Files (x86)\LPT => Moved successfully. C:\Users\caroline\AppData\Local\LPT => Moved successfully. C:\Users\caroline\AppData\Local\iLivid => Moved successfully. C:\ProgramData\AVAST Software => Moved successfully. C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect => Moved successfully. C:\Users\caroline\AppData\Roaming\uTorrent => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0}' => Key deleted successfully. C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update' => Key deleted successfully. "C:\Program Files\Common Files\McAfee" => File/Directory not found. "C:\Program Files\McAfee" => File/Directory not found. "C:\Program Files\AVAST Software" => File/Directory not found. C:\Program Files (x86)\MarineAquarium3Free_57 => Moved successfully. C:\Program Files (x86)\BabylonToolbar => Moved successfully. C:\Program Files (x86)\Common Files\McAfee => Moved successfully. "C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab" => File/Directory not found. C:\Program Files (x86)\FilmFanatic => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== I had to shut down and restart in safe mode to run OTL, but it seemed to hang after around 10 minutes. Should I try to run it again?

Thanks Starbuck, I appreciate you taking the time to help me. It's actually my sister-in-law's laptop, she's not very computer literate though so I half-expected that it would be needing some attention.

Thanks very much. I'll leave the laptop turned off until the security team reply.

I notice some odd programs under the installed programs (FilmFanatic toolbar, Marine Aquarium Toolbar) and similar named items under startup which makes me think that there may be malware on the laptop. Here's the FRST.txt log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014 Ran by Test (administrator) on CAROLINE-PC on 11-06-2014 02:05:00 Running from C:\Users\Test\Desktop Platform: Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0esujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRTPy0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0esujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRTPy0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms} BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Toolbar BHO - {074d3229-0a22-491b-b9dd-ff3171d75f25} - C:\PROGRA~2\MARINE~2\bar\1.bin\57bar.dll No File BHO-x32: Search Assistant BHO - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll No File BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll No File BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\PROGRA~2\FILMFA~2\bar\1.bin\pabar.dll No File BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File Toolbar: HKLM-x32 - FilmFanatic - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll No File Toolbar: HKLM-x32 - Marine Aquarium Lite - {07189b84-b33b-4a1e-9b32-ad203c983c20} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll No File Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @FilmFanatic.com/Plugin - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed] S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [36632 2014-03-25] () S4 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [232256 2014-03-20] (SlimWare Utilities, Inc.) S2 FilmFanaticService; C:\PROGRA~2\FILMFA~2\bar\1.bin\pabarsvc.exe [X] S2 MarineAquarium3Free_57Service; C:\PROGRA~2\MARINE~2\bar\1.bin\57barsvc.exe [X] ==================== Drivers (Whitelisted) ==================== S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-09] (Malwarebytes Corporation) S3 JLTECH0227; System32\Drivers\jl2005c.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 02:05 - 2014-06-11 02:05 - 00011607 _____ () C:\Users\Test\Desktop\FRST.txt 2014-06-11 02:04 - 2014-06-11 02:05 - 00000000 ____D () C:\FRST 2014-06-11 02:02 - 2014-06-11 02:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-11 01:51 - 2014-06-11 01:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore 2014-06-11 01:14 - 2014-06-11 01:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol 2014-06-11 01:13 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp 2014-06-11 01:13 - 2014-06-11 01:22 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-11 01:13 - 2014-06-11 01:14 - 00000000 ____D () C:\Users\Test 2014-06-11 01:13 - 2014-06-11 01:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini 2014-06-11 01:13 - 2013-12-18 10:13 - 00000000 ____D () C:\Users\Test\AppData\Local\SoftThinks 2014-06-11 01:13 - 2013-11-09 13:50 - 00002106 _____ () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-06-11 01:13 - 2013-06-22 13:30 - 00000000 ____D () C:\Users\Test\AppData\LocalGoogle 2014-06-11 01:13 - 2013-06-22 13:30 - 00000000 ____D () C:\Users\Test\AppData\Local\Google 2014-06-11 01:13 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-11 01:13 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-10 23:01 - 2014-06-10 23:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe 2014-06-09 22:38 - 2014-06-11 01:22 - 00000000 ____D () C:\Windows\pss 2014-06-09 22:12 - 2014-06-09 22:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg 2014-05-24 20:46 - 2014-05-24 20:46 - 00003536 ____N () C:\bootsqm.dat 2014-05-24 20:43 - 2014-05-24 20:43 - 00000000 __SHD () C:\found.000 2014-05-23 23:08 - 2014-06-09 22:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-23 23:07 - 2014-05-23 23:07 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-23 23:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-23 23:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-23 23:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-23 23:06 - 2014-05-23 23:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe ==================== One Month Modified Files and Folders ======= 2014-06-11 02:05 - 2014-06-11 02:05 - 00011607 _____ () C:\Users\Test\Desktop\FRST.txt 2014-06-11 02:05 - 2014-06-11 02:04 - 00000000 ____D () C:\FRST 2014-06-11 02:05 - 2014-06-11 01:13 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp 2014-06-11 02:04 - 2009-07-14 06:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 02:02 - 2014-06-11 02:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-11 01:51 - 2014-06-11 01:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore 2014-06-11 01:30 - 2012-12-08 15:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-11 01:29 - 2014-01-11 01:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-11 01:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-11 01:29 - 2009-07-14 05:51 - 00097354 _____ () C:\Windows\setupact.log 2014-06-11 01:22 - 2014-06-11 01:13 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-11 01:22 - 2014-06-09 22:38 - 00000000 ____D () C:\Windows\pss 2014-06-11 01:22 - 2012-12-08 20:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\Temp 2014-06-11 01:18 - 2012-12-08 15:10 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-11 01:14 - 2014-06-11 01:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol 2014-06-11 01:14 - 2014-06-11 01:13 - 00000000 ____D () C:\Users\Test 2014-06-11 01:13 - 2014-06-11 01:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini 2014-06-10 23:01 - 2014-06-10 23:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe 2014-06-10 06:17 - 2014-04-17 09:39 - 00000000 ____D () C:\Program Files (x86)\LPT 2014-06-10 06:17 - 2014-03-19 11:23 - 00000000 ____D () C:\ac0374c245021b16e5f3eb1c4b 2014-06-10 06:17 - 2014-01-15 18:11 - 00000000 ____D () C:\cb287b6835fb775f481b1cb1 2014-06-10 06:17 - 2013-08-29 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client 2014-06-10 06:17 - 2013-05-15 23:23 - 00000000 ____D () C:\3f70fcbecbda9e92dfb94d2fb0509fea 2014-06-10 06:17 - 2013-05-14 16:29 - 00000000 ____D () C:\Program Files (x86)\GUMFE99.tmp 2014-06-10 06:17 - 2013-03-10 22:03 - 00000000 ____D () C:\01e102cb5879a79d5648 2014-06-10 06:17 - 2012-12-08 20:31 - 00000000 ____D () C:\Emergency 2014-06-10 06:17 - 2012-12-08 15:10 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-10 06:17 - 2010-12-25 11:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-06-10 06:16 - 2014-04-20 09:52 - 00000000 ___RD () C:\Users\caroline\Podcasts 2014-06-10 06:16 - 2014-04-18 20:41 - 00000000 ____D () C:\ProgramData\COnvEurtteRR Maste 2014-06-10 06:16 - 2014-04-17 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune 2014-06-10 06:16 - 2014-04-17 11:10 - 00000000 ____D () C:\Program Files\Zune 2014-06-10 06:16 - 2014-04-17 09:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\LPT 2014-06-10 06:16 - 2014-04-15 11:15 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d 2014-06-10 06:16 - 2014-04-01 13:53 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-06-10 06:16 - 2014-04-01 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus 2014-06-10 06:16 - 2014-04-01 13:53 - 00000000 ____D () C:\Program Files\SlimCleaner Plus 2014-06-10 06:16 - 2014-03-23 14:35 - 00000000 ____D () C:\ProgramData\Websteroids 2014-06-10 06:16 - 2014-03-07 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-06-10 06:16 - 2013-11-09 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-06-10 06:16 - 2013-09-05 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) 2014-06-10 06:16 - 2013-08-30 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-06-10 06:16 - 2013-08-30 14:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-06-10 06:16 - 2013-08-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-06-10 06:16 - 2013-08-29 11:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 06:16 - 2013-05-28 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-06-10 06:16 - 2013-05-01 21:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\iLivid 2014-06-10 06:16 - 2013-03-13 11:27 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Macrovision 2014-06-10 06:16 - 2013-01-15 20:10 - 00000000 ____D () C:\Windows\Minidump 2014-06-10 06:16 - 2012-12-25 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect 2014-06-10 06:16 - 2012-12-25 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2 2014-06-10 06:16 - 2012-12-25 16:43 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\ArcSoft 2014-06-10 06:16 - 2012-12-08 20:38 - 00000000 ____D () C:\Users\caroline 2014-06-10 06:16 - 2010-12-25 12:16 - 00000000 ____D () C:\Program Files\Windows Journal 2014-06-10 06:16 - 2010-12-25 11:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-06-10 06:16 - 2010-12-25 11:44 - 00000000 ____D () C:\ProgramData\Skype 2014-06-10 06:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-06-10 06:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-06-10 06:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-06-10 06:15 - 2013-08-29 11:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-06-10 06:15 - 2013-03-21 22:39 - 00000000 ____D () C:\Windows\system32\EventProviders 2014-06-10 06:15 - 2012-12-25 14:54 - 00000000 ____D () C:\Windows\system32\Macromed 2014-06-10 06:15 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-06-10 06:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-06-10 06:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-09 22:38 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-09 22:36 - 2012-12-08 15:08 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-09 22:36 - 2010-12-25 11:40 - 00567850 _____ () C:\Windows\PFRO.log 2014-06-09 22:17 - 2014-05-23 23:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-09 22:12 - 2014-06-09 22:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg 2014-05-24 21:54 - 2013-02-02 19:38 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect 2014-05-24 20:46 - 2014-05-24 20:46 - 00003536 ____N () C:\bootsqm.dat 2014-05-24 20:43 - 2014-05-24 20:43 - 00000000 __SHD () C:\found.000 2014-05-23 23:25 - 2012-12-08 15:13 - 00000000 ____D () C:\Program Files\Google 2014-05-23 23:14 - 2010-12-25 10:20 - 01926678 _____ () C:\Windows\WindowsUpdate.log 2014-05-23 23:10 - 2009-07-14 05:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-23 23:10 - 2009-07-14 05:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-23 23:07 - 2014-05-23 23:07 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-23 23:07 - 2014-05-23 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-23 23:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-05-23 22:42 - 2010-12-25 11:26 - 00000000 ____D () C:\ProgramData\WildTangent 2014-05-23 22:42 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-23 22:40 - 2013-02-02 19:47 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\player 2014-05-23 22:35 - 2012-12-08 15:10 - 00000000 ____D () C:\Users\caroline\AppData\Local\Google 2014-05-23 22:35 - 2010-12-25 11:36 - 00000000 ____D () C:\ProgramData\Sonic 2014-05-23 22:09 - 2013-02-02 19:20 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\uTorrent 2014-05-12 07:26 - 2014-05-23 23:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-23 23:07 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-23 23:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-11 01:34 ==================== End Of Log ============================ Here's the Addition.txt log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014 Ran by Test at 2014-06-11 02:05:54 Running from C:\Users\Test\Desktop Boot Mode: Safe Mode (minimal) ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 10 Plugin (HKLM-x32\...\{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}) (Version: 10.1.85.3 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) ArcSoft MediaImpression 2 (HKLM-x32\...\{3D9326E1-E378-48A6-A82B-800147E63306}) (Version: 2.0.50.716 - ArcSoft) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DefaultTab (HKLM-x32\...\DefaultTab) (Version: 2.1.8.0 - Search Results, LLC) <==== ATTENTION Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell) Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 8.0 - Dell) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden FilmFanatic Internet Explorer Toolbar (HKLM-x32\...\FilmFanaticbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Drive (HKLM-x32\...\{989FB5FD-9B00-4B32-8663-849CB1370DD1}) (Version: 1.10.4769.632 - Google, Inc.) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation) Java 6 Update 39 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416039FF}) (Version: 6.0.390 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Marine Aquarium Lite Internet Explorer Toolbar (HKLM-x32\...\MarineAquarium3Free_57bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.6 - Roxio) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SlimCleaner Plus (HKLM\...\{EA70F545-7D7D-4E65-BD8B-21D2DE0F0165}) (Version: 1.0.19430 - SlimWare Utilities, Inc.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Yahoo Community Smartbar (HKLM-x32\...\{D96EBFC0-C680-4463-B4F0-299E48771819}) (Version: 11.38.66.16134 - Linkury Inc.) <==== ATTENTION Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {3878C8CC-5615-4143-AE22-01A3F3BEEEE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08] (Google Inc.) Task: {3D522B00-D585-48A0-AC90-F8764919443C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {6ADE333A-D9EE-45BD-B4AD-73CCABB778AA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-11] (Microsoft Corporation) Task: {A0030FFA-D865-4586-A708-202E8DB78A8F} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - caroline) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-03-20] (SlimWare Utilities, Inc.) Task: {A3F43878-7FBE-43A4-8BAC-B697CB528CA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - caroline).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-27 22:27 - 2014-04-11 20:17 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: ACDaemon => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: DockLoginService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: LPTSystemUpdater => 2 MSCONFIG\Services: RoxMediaDB12OEM => 3 MSCONFIG\Services: RoxWatch12 => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SlimService => 2 MSCONFIG\Services: stllssvr => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^smartbar_3312014.exe.lnk => C:\Windows\pss\smartbar_3312014.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock First Run.lnk => C:\Windows\pss\Dell Dock First Run.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\caroline\AppData\Local\Smartbar\Application\Smartbar.exe startup MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: FilmFanatic Browser Plugin Loader => C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe MSCONFIG\startupreg: FilmFanatic Browser Plugin Loader 64 => C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon64.exe MSCONFIG\startupreg: FilmFanatic EPM Support => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pamedint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: FilmFanatic Home Page Guard 64 bit => "C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" MSCONFIG\startupreg: FilmFanatic Search Scope Monitor => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Marine Aquarium Lite EPM Support => "C:\PROGRA~2\MARINE~2\bar\1.bin\57medint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: Marine Aquarium Lite Home Page Guard 64 bit => "C:\PROGRA~2\MARINE~2\bar\1.bin\AppIntegrator64.exe" MSCONFIG\startupreg: Marine Aquarium Lite Search Scope Monitor => "C:\PROGRA~2\MARINE~2\bar\1.bin\57srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: MarineAquarium3Free_57 Browser Plugin Loader => C:\PROGRA~2\MARINE~2\bar\1.bin\57brmon.exe MSCONFIG\startupreg: MarineAquarium3Free_57 Browser Plugin Loader 64 => C:\PROGRA~2\MARINE~2\bar\1.bin\57brmon64.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun MSCONFIG\startupreg: SlimCleaner Plus => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe" ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2014 01:10:19 AM) (Source: System Restore) (EventID: 8204) (User: ) Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update). Error: (06/09/2014 10:08:24 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstall; Description = avast! antivirus system restore point; Error = 0x8007043c). Error: (05/21/2014 10:54:56 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (05/09/2014 05:00:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (05/09/2014 04:51:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 156c Start Time: 01cf6b9e5144e1b9 Termination Time: 297 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error: (05/08/2014 08:49:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ba8 Start Time: 01cf6af67928d3e2 Termination Time: 40 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error: (05/08/2014 08:44:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b0c Start Time: 01cf6af5ca344225 Termination Time: 219 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error: (05/08/2014 08:43:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1844 Start Time: 01cf6af5b122cc01 Termination Time: 31 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error: (05/08/2014 08:42:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 64 Start Time: 01cf6af560e992fd Termination Time: 58 Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe Report Id: Error: (05/08/2014 06:21:57 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 System errors: ============= Error: (06/11/2014 02:03:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:24 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/11/2014 02:01:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/11/2014 02:01:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (06/11/2014 01:10:19 AM) (Source: System Restore) (EventID: 8204) (User: ) Description: Windows Update Error: (06/09/2014 10:08:24 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstallavast! antivirus system restore point0x8007043c Error: (05/21/2014 10:54:56 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (05/09/2014 05:00:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (05/09/2014 04:51:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16476156c01cf6b9e5144e1b9297C:\Program Files (x86)\internet explorer\iexplore.exe Error: (05/08/2014 08:49:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16476ba801cf6af67928d3e240C:\Program Files (x86)\internet explorer\iexplore.exe Error: (05/08/2014 08:44:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16476b0c01cf6af5ca344225219C:\Program Files (x86)\internet explorer\iexplore.exe Error: (05/08/2014 08:43:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.16476184401cf6af5b122cc0131C:\Program Files (x86)\internet explorer\iexplore.exe Error: (05/08/2014 08:42:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.164766401cf6af560e992fd58C:\Program Files (x86)\internet explorer\iexplore.exe Error: (05/08/2014 06:21:57 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 2010.36 MB Available physical RAM: 1516.89 MB Total Pagefile: 4020.73 MB Available Pagefile: 3555.2 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:174.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E94AE992) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS) ==================== End Of Log ============================

I created a new account and tried to log in but the same issue occurred (blank screen). I then disabled the startup item but no dice, then startup and services and still blank screen. From the startup items there seems to be some malware installed, could that be affecting startup?

Hi seedy21, thanks for getting back to me so quickly. I've tried to boot into 'last known good configuration (advanced)' and the same thing happened, it just went to a black screen. I then tried the 'repair your computer' option but startup repair didn't find any issues.