Dell laptop won't startup

[johnblaze]

Hi all, hoping someone can help with an issue on my sister-in-law's laptop. It's a Dell Inspiron 5030 running Windows 7, and it won't startup normally. It let's me login but then sits at a black screen. I can boot in safe mode however. I've tried a system restore (there's only 1 restore point) but it gives me an error message. Any ideas?

 

Thanks in advance :)

[seedy21]

Hi JohnBlaze

 

Did you try booting into Last Know Good Configuration (advanced) ?

If that wasn't successful try running the Repair your computer , then running the start up repair option.

[johnblaze]

Hi seedy21, thanks for getting back to me so quickly. I've tried to boot into 'last known good configuration (advanced)' and the same thing happened, it just went to a black screen.

 

I then tried the 'repair your computer' option but startup repair didn't find any issues.

[seedy21]

Hi

 

Try making another Account in safe mode and then try and log in with that.

 

If the issue still persists try this.

 

In safe mode, go to start->run, type in msconfig, and the system configuration window will come up.

 

First, try clicking on startup and say disable all, then say apply. Try restarting your computer and loading it normally, and see if it lets you get anywhere. If it does, you can go back into msconfig and start enabling startup items again until you find the one that is messing you up.

 

If that didn't work, try going back into msconfig, keep all the startup items disabled, and click on the services tab. check the box saying hide all microsoft services, then click on disable all, and hit apply. Try restarting into Windows normally again, if it works, then again, you have to figure out which service/startup items are affecting your boot up.

[johnblaze]

I created a new account and tried to log in but the same issue occurred (blank screen). I then disabled the startup item but no dice, then startup and services and still blank screen.

 

From the startup items there seems to be some malware installed, could that be affecting startup?

[seedy21]

From the startup items there seems to be some malware installed, could that be affecting startup?

 

Its possible. What makes you think they is malware on the machine?

 

Run this tool in safe mode and I will get one of the security guys to look over it for you.

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

 

• Double-click the downloaded icon to run the tool.
   
  http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
   
  
• When the tool opens click Yes to disclaimer.
   
  http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
   
  
• Press Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
   
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
  

[johnblaze]

I notice some odd programs under the installed programs (FilmFanatic toolbar, Marine Aquarium Toolbar) and similar named items under startup which makes me think that there may be malware on the laptop.

 

Here's the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014

Ran by Test (administrator) on CAROLINE-PC on 11-06-2014 02:05:00

Running from C:\Users\Test\Desktop

Platform: Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (minimal)

 

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe

(Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found

Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

 

==================== Internet (Whitelisted) ====================

 

 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0esujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRTPy0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms}

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0esujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRTPy0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms}

BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File

BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Toolbar BHO - {074d3229-0a22-491b-b9dd-ff3171d75f25} - C:\PROGRA~2\MARINE~2\bar\1.bin\57bar.dll No File

BHO-x32: Search Assistant BHO - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll No File

BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File

BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll No File

BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\PROGRA~2\FILMFA~2\bar\1.bin\pabar.dll No File

BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File

BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll No File

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File

Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File

Toolbar: HKLM-x32 - FilmFanatic - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll No File

Toolbar: HKLM-x32 - Marine Aquarium Lite - {07189b84-b33b-4a1e-9b32-ad203c983c20} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll No File

Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

 

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF Plugin-x32: @FilmFanatic.com/Plugin - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File

FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

 

==================== Services (Whitelisted) =================

 

 

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)

S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [36632 2014-03-25] ()

S4 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [232256 2014-03-20] (SlimWare Utilities, Inc.)

S2 FilmFanaticService; C:\PROGRA~2\FILMFA~2\bar\1.bin\pabarsvc.exe [X]

S2 MarineAquarium3Free_57Service; C:\PROGRA~2\MARINE~2\bar\1.bin\57barsvc.exe [X]

 

 

==================== Drivers (Whitelisted) ====================

 

 

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-09] (Malwarebytes Corporation)

S3 JLTECH0227; System32\Drivers\jl2005c.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

2014-06-11 02:05 - 2014-06-11 02:05 - 00011607 _____ () C:\Users\Test\Desktop\FRST.txt

2014-06-11 02:04 - 2014-06-11 02:05 - 00000000 ____D () C:\FRST

2014-06-11 02:02 - 2014-06-11 02:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-11 01:51 - 2014-06-11 01:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore

2014-06-11 01:14 - 2014-06-11 01:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol

2014-06-11 01:13 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp

2014-06-11 01:13 - 2014-06-11 01:22 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-11 01:13 - 2014-06-11 01:14 - 00000000 ____D () C:\Users\Test

2014-06-11 01:13 - 2014-06-11 01:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini

2014-06-11 01:13 - 2013-12-18 10:13 - 00000000 ____D () C:\Users\Test\AppData\Local\SoftThinks

2014-06-11 01:13 - 2013-11-09 13:50 - 00002106 _____ () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-06-11 01:13 - 2013-06-22 13:30 - 00000000 ____D () C:\Users\Test\AppData\LocalGoogle

2014-06-11 01:13 - 2013-06-22 13:30 - 00000000 ____D () C:\Users\Test\AppData\Local\Google

2014-06-11 01:13 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-06-11 01:13 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-06-10 23:01 - 2014-06-10 23:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe

2014-06-09 22:38 - 2014-06-11 01:22 - 00000000 ____D () C:\Windows\pss

2014-06-09 22:12 - 2014-06-09 22:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg

2014-05-24 20:46 - 2014-05-24 20:46 - 00003536 ____N () C:\bootsqm.dat

2014-05-24 20:43 - 2014-05-24 20:43 - 00000000 __SHD () C:\found.000

2014-05-23 23:08 - 2014-06-09 22:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-23 23:07 - 2014-05-23 23:07 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-23 23:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-23 23:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-23 23:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-23 23:06 - 2014-05-23 23:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe

 

 

==================== One Month Modified Files and Folders =======

 

 

2014-06-11 02:05 - 2014-06-11 02:05 - 00011607 _____ () C:\Users\Test\Desktop\FRST.txt

2014-06-11 02:05 - 2014-06-11 02:04 - 00000000 ____D () C:\FRST

2014-06-11 02:05 - 2014-06-11 01:13 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp

2014-06-11 02:04 - 2009-07-14 06:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-11 02:02 - 2014-06-11 02:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-11 01:51 - 2014-06-11 01:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore

2014-06-11 01:30 - 2012-12-08 15:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-11 01:29 - 2014-01-11 01:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-06-11 01:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-11 01:29 - 2009-07-14 05:51 - 00097354 _____ () C:\Windows\setupact.log

2014-06-11 01:22 - 2014-06-11 01:13 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-11 01:22 - 2014-06-09 22:38 - 00000000 ____D () C:\Windows\pss

2014-06-11 01:22 - 2012-12-08 20:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\Temp

2014-06-11 01:18 - 2012-12-08 15:10 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-11 01:14 - 2014-06-11 01:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol

2014-06-11 01:14 - 2014-06-11 01:13 - 00000000 ____D () C:\Users\Test

2014-06-11 01:13 - 2014-06-11 01:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini

2014-06-10 23:01 - 2014-06-10 23:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe

2014-06-10 06:17 - 2014-04-17 09:39 - 00000000 ____D () C:\Program Files (x86)\LPT

2014-06-10 06:17 - 2014-03-19 11:23 - 00000000 ____D () C:\ac0374c245021b16e5f3eb1c4b

2014-06-10 06:17 - 2014-01-15 18:11 - 00000000 ____D () C:\cb287b6835fb775f481b1cb1

2014-06-10 06:17 - 2013-08-29 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client

2014-06-10 06:17 - 2013-05-15 23:23 - 00000000 ____D () C:\3f70fcbecbda9e92dfb94d2fb0509fea

2014-06-10 06:17 - 2013-05-14 16:29 - 00000000 ____D () C:\Program Files (x86)\GUMFE99.tmp

2014-06-10 06:17 - 2013-03-10 22:03 - 00000000 ____D () C:\01e102cb5879a79d5648

2014-06-10 06:17 - 2012-12-08 20:31 - 00000000 ____D () C:\Emergency

2014-06-10 06:17 - 2012-12-08 15:10 - 00000000 ____D () C:\Program Files (x86)\Google

2014-06-10 06:17 - 2010-12-25 11:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-06-10 06:16 - 2014-04-20 09:52 - 00000000 ___RD () C:\Users\caroline\Podcasts

2014-06-10 06:16 - 2014-04-18 20:41 - 00000000 ____D () C:\ProgramData\COnvEurtteRR Maste

2014-06-10 06:16 - 2014-04-17 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune

2014-06-10 06:16 - 2014-04-17 11:10 - 00000000 ____D () C:\Program Files\Zune

2014-06-10 06:16 - 2014-04-17 09:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\LPT

2014-06-10 06:16 - 2014-04-15 11:15 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d

2014-06-10 06:16 - 2014-04-01 13:53 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-06-10 06:16 - 2014-04-01 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus

2014-06-10 06:16 - 2014-04-01 13:53 - 00000000 ____D () C:\Program Files\SlimCleaner Plus

2014-06-10 06:16 - 2014-03-23 14:35 - 00000000 ____D () C:\ProgramData\Websteroids

2014-06-10 06:16 - 2014-03-07 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-06-10 06:16 - 2013-11-09 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-06-10 06:16 - 2013-09-05 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)

2014-06-10 06:16 - 2013-08-30 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-06-10 06:16 - 2013-08-30 14:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-06-10 06:16 - 2013-08-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-06-10 06:16 - 2013-08-29 11:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-10 06:16 - 2013-05-28 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-06-10 06:16 - 2013-05-01 21:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\iLivid

2014-06-10 06:16 - 2013-03-13 11:27 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Macrovision

2014-06-10 06:16 - 2013-01-15 20:10 - 00000000 ____D () C:\Windows\Minidump

2014-06-10 06:16 - 2012-12-25 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect

2014-06-10 06:16 - 2012-12-25 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2

2014-06-10 06:16 - 2012-12-25 16:43 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\ArcSoft

2014-06-10 06:16 - 2012-12-08 20:38 - 00000000 ____D () C:\Users\caroline

2014-06-10 06:16 - 2010-12-25 12:16 - 00000000 ____D () C:\Program Files\Windows Journal

2014-06-10 06:16 - 2010-12-25 11:44 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-06-10 06:16 - 2010-12-25 11:44 - 00000000 ____D () C:\ProgramData\Skype

2014-06-10 06:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-06-10 06:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-06-10 06:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-06-10 06:15 - 2013-08-29 11:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2014-06-10 06:15 - 2013-03-21 22:39 - 00000000 ____D () C:\Windows\system32\EventProviders

2014-06-10 06:15 - 2012-12-25 14:54 - 00000000 ____D () C:\Windows\system32\Macromed

2014-06-10 06:15 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-06-10 06:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-06-10 06:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-06-09 22:38 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-09 22:36 - 2012-12-08 15:08 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-06-09 22:36 - 2010-12-25 11:40 - 00567850 _____ () C:\Windows\PFRO.log

2014-06-09 22:17 - 2014-05-23 23:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-09 22:12 - 2014-06-09 22:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg

2014-05-24 21:54 - 2013-02-02 19:38 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

2014-05-24 20:46 - 2014-05-24 20:46 - 00003536 ____N () C:\bootsqm.dat

2014-05-24 20:43 - 2014-05-24 20:43 - 00000000 __SHD () C:\found.000

2014-05-23 23:25 - 2012-12-08 15:13 - 00000000 ____D () C:\Program Files\Google

2014-05-23 23:14 - 2010-12-25 10:20 - 01926678 _____ () C:\Windows\WindowsUpdate.log

2014-05-23 23:10 - 2009-07-14 05:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-23 23:10 - 2009-07-14 05:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-23 23:07 - 2014-05-23 23:07 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-23 23:07 - 2014-05-23 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-23 23:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2014-05-23 22:42 - 2010-12-25 11:26 - 00000000 ____D () C:\ProgramData\WildTangent

2014-05-23 22:42 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-05-23 22:40 - 2013-02-02 19:47 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\player

2014-05-23 22:35 - 2012-12-08 15:10 - 00000000 ____D () C:\Users\caroline\AppData\Local\Google

2014-05-23 22:35 - 2010-12-25 11:36 - 00000000 ____D () C:\ProgramData\Sonic

2014-05-23 22:09 - 2013-02-02 19:20 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\uTorrent

2014-05-12 07:26 - 2014-05-23 23:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-05-23 23:07 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-05-23 23:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2014-01-11 01:34

 

 

==================== End Of Log ============================

 

 

 

 

Here's the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014

Ran by Test at 2014-06-11 02:05:54

Running from C:\Users\Test\Desktop

Boot Mode: Safe Mode (minimal)

==========================================================

 

 

 

 

==================== Security Center ========================

 

 

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

 

==================== Installed Programs ======================

 

 

Adobe Flash Player 10 Plugin (HKLM-x32\...\{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}) (Version: 10.1.85.3 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

ArcSoft MediaImpression 2 (HKLM-x32\...\{3D9326E1-E378-48A6-A82B-800147E63306}) (Version: 2.0.50.716 - ArcSoft)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DefaultTab (HKLM-x32\...\DefaultTab) (Version: 2.1.8.0 - Search Results, LLC) <==== ATTENTION

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)

Dell Dock (Version: 2.0 - Stardock Corporation) Hidden

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)

Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 8.0 - Dell)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

FilmFanatic Internet Explorer Toolbar (HKLM-x32\...\FilmFanaticbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Drive (HKLM-x32\...\{989FB5FD-9B00-4B32-8663-849CB1370DD1}) (Version: 1.10.4769.632 - Google, Inc.)

Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)

Java 6 Update 39 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416039FF}) (Version: 6.0.390 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Marine Aquarium Lite Internet Explorer Toolbar (HKLM-x32\...\MarineAquarium3Free_57bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.6 - Roxio) Hidden

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)

Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SlimCleaner Plus (HKLM\...\{EA70F545-7D7D-4E65-BD8B-21D2DE0F0165}) (Version: 1.0.19430 - SlimWare Utilities, Inc.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Yahoo Community Smartbar (HKLM-x32\...\{D96EBFC0-C680-4463-B4F0-299E48771819}) (Version: 11.38.66.16134 - Linkury Inc.) <==== ATTENTION

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

 

 

==================== Restore Points =========================

 

 

 

 

==================== Hosts content: ==========================

 

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

Task: {3878C8CC-5615-4143-AE22-01A3F3BEEEE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08] (Google Inc.)

Task: {3D522B00-D585-48A0-AC90-F8764919443C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)

Task: {40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: {6ADE333A-D9EE-45BD-B4AD-73CCABB778AA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-11] (Microsoft Corporation)

Task: {A0030FFA-D865-4586-A708-202E8DB78A8F} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - caroline) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-03-20] (SlimWare Utilities, Inc.)

Task: {A3F43878-7FBE-43A4-8BAC-B697CB528CA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - caroline).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2014-02-27 22:27 - 2014-04-11 20:17 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

 

 

==================== Safe Mode (whitelisted) ===================

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

 

 

==================== EXE Association (whitelisted) =============

 

 

 

 

==================== Disabled items from MSCONFIG ==============

 

 

MSCONFIG\Services: ACDaemon => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: DockLoginService => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: LPTSystemUpdater => 2

MSCONFIG\Services: RoxMediaDB12OEM => 3

MSCONFIG\Services: RoxWatch12 => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: SlimService => 2

MSCONFIG\Services: stllssvr => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^smartbar_3312014.exe.lnk => C:\Windows\pss\smartbar_3312014.exe.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock First Run.lnk => C:\Windows\pss\Dell Dock First Run.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe

MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\caroline\AppData\Local\Smartbar\Application\Smartbar.exe startup

MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: FilmFanatic Browser Plugin Loader => C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe

MSCONFIG\startupreg: FilmFanatic Browser Plugin Loader 64 => C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabrmon64.exe

MSCONFIG\startupreg: FilmFanatic EPM Support => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pamedint.exe" T8EPMSUP.DLL,S

MSCONFIG\startupreg: FilmFanatic Home Page Guard 64 bit => "C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe"

MSCONFIG\startupreg: FilmFanatic Search Scope Monitor => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: Marine Aquarium Lite EPM Support => "C:\PROGRA~2\MARINE~2\bar\1.bin\57medint.exe" T8EPMSUP.DLL,S

MSCONFIG\startupreg: Marine Aquarium Lite Home Page Guard 64 bit => "C:\PROGRA~2\MARINE~2\bar\1.bin\AppIntegrator64.exe"

MSCONFIG\startupreg: Marine Aquarium Lite Search Scope Monitor => "C:\PROGRA~2\MARINE~2\bar\1.bin\57srchmn.exe" /m=2 /w /h

MSCONFIG\startupreg: MarineAquarium3Free_57 Browser Plugin Loader => C:\PROGRA~2\MARINE~2\bar\1.bin\57brmon.exe

MSCONFIG\startupreg: MarineAquarium3Free_57 Browser Plugin Loader 64 => C:\PROGRA~2\MARINE~2\bar\1.bin\57brmon64.exe

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe

MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

MSCONFIG\startupreg: SlimCleaner Plus => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize

MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

 

 

==================== Faulty Device Manager Devices =============

 

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

==================

Error: (06/11/2014 01:10:19 AM) (Source: System Restore) (EventID: 8204) (User: )

Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

 

 

Error: (06/09/2014 10:08:24 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstall; Description = avast! antivirus system restore point; Error = 0x8007043c).

 

 

Error: (05/21/2014 10:54:56 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

 

Error: (05/09/2014 05:00:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

 

Error: (05/09/2014 04:51:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 156c

 

 

Start Time: 01cf6b9e5144e1b9

 

 

Termination Time: 297

 

 

Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Report Id:

 

 

Error: (05/08/2014 08:49:52 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: ba8

 

 

Start Time: 01cf6af67928d3e2

 

 

Termination Time: 40

 

 

Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Report Id:

 

 

Error: (05/08/2014 08:44:18 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: b0c

 

 

Start Time: 01cf6af5ca344225

 

 

Termination Time: 219

 

 

Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Report Id:

 

 

Error: (05/08/2014 08:43:30 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 1844

 

 

Start Time: 01cf6af5b122cc01

 

 

Termination Time: 31

 

 

Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Report Id:

 

 

Error: (05/08/2014 08:42:48 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 64

 

 

Start Time: 01cf6af560e992fd

 

 

Termination Time: 58

 

 

Application Path: C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Report Id:

 

 

Error: (05/08/2014 06:21:57 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

 

 

 

System errors:

=============

Error: (06/11/2014 02:03:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:24 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

 

Error: (06/11/2014 02:01:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

Error: (06/11/2014 02:01:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

 

 

 

 

Microsoft Office Sessions:

=========================

Error: (06/11/2014 01:10:19 AM) (Source: System Restore) (EventID: 8204) (User: )

Description: Windows Update

 

 

Error: (06/09/2014 10:08:24 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstallavast! antivirus system restore point0x8007043c

 

 

Error: (05/21/2014 10:54:56 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

 

Error: (05/09/2014 05:00:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

 

Error: (05/09/2014 04:51:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16476156c01cf6b9e5144e1b9297C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Error: (05/08/2014 08:49:52 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16476ba801cf6af67928d3e240C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Error: (05/08/2014 08:44:18 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16476b0c01cf6af5ca344225219C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Error: (05/08/2014 08:43:30 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16476184401cf6af5b122cc0131C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Error: (05/08/2014 08:42:48 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.164766401cf6af560e992fd58C:\Program Files (x86)\internet explorer\iexplore.exe

 

 

Error: (05/08/2014 06:21:57 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 24%

Total physical RAM: 2010.36 MB

Available physical RAM: 1516.89 MB

Total Pagefile: 4020.73 MB

Available Pagefile: 3555.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

 

==================== Drives ================================

 

 

Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:174.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E94AE992)

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

 

 

==================== End Of Log ============================

[seedy21]

Have request the security team to look into it. Please don't make any changes to your system until the security team get back to you. Thank you

[johnblaze]

Thanks very much. I'll leave the laptop turned off until the security team reply.

[Starbuck]

Hi John,

 

Just to let you know that i am aware of the post and will go through the reports and write a fix after having food.

One thing i will point out (and something we need to address later) this system is dangerously out of date.

 

This is your system:

Platform: Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

 

and now mine:

 

Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 11

 

Will post again soon.

 

Thanks

[johnblaze]

Thanks Starbuck, I appreciate you taking the time to help me. It's actually my sister-in-law's laptop, she's not very computer literate though so I half-expected that it would be needing some attention.

[Starbuck]

Hi John,

 

I notice some odd programs under the installed programs (FilmFanatic toolbar, Marine Aquarium Toolbar) and similar named items under startup

Yes, it seems that a previous security program has removed some of the programs but has left some orphan entries.

We'll clean those.

 

There is no Anti Virus protection installed at the moment.

Once we get the system to boot into normal mode, we'll deal with that.

 

I think it's fair to say that this won't be a quick fix. :)

 

 

Step 1

After the fix has run it will say that the system needs to reboot.

Let it reboot and hopefully it'll boot into normal mode.

 

Please download the attached fixlist.txt file (bottom of this post) and save it to: C:\Users\Test\Desktop.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png

 

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

 

 

 

Step 2

• Download OTL to your desktop.
  
• Double click on the icon to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  
• Make sure all other windows are closed and let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Extra Registry section, make sure that Use SafeList is selected.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

 

In your next reply, please submit:

Fixlog.txt

Both reports from OTL

 

 

Thanks.

fixlist.txt

[johnblaze]

Here's the fixlog.txt (the laptop didn't re-boot into normal mode, it just went to the blank screen again):

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014

Ran by Test at 2014-06-12 01:00:39 Run:1

Running from C:\Users\Test\Desktop

Boot Mode: Safe Mode (minimal)

==============================================

 

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [] => [X]

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll File Not Found

AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32 loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc3 2loader.dll" File Not Found

SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq 3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0e sujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRT Py0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms}

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDc3Q3t57J8enJeXhVcFwIR4iLH2F_nFq 3lACVAM0oW-q1EF4_Gy66uvS1VM5tsvfra5oLgYMJ4NQ6_VWXNyU5QoDMXj0e sujcdT-ZoIAs4qxOjWkHd6mhbiEM_sxLfIGab28MytBd6cYYA4GnzpLRT Py0fdJyTkP8vxIvdoQJYOttISg,,&q={searchTerms}

BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File

BHO-x32: Toolbar BHO - {074d3229-0a22-491b-b9dd-ff3171d75f25} - C:\PROGRA~2\MARINE~2\bar\1.bin\57bar.dll No File

BHO-x32: Search Assistant BHO - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll No File

BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File

BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll No File

BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\PROGRA~2\FILMFA~2\bar\1.bin\pabar.dll No File

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225045027.dll No File

BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File

BHO-x32: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File

BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll No File

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File

Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll No File

Toolbar: HKLM-x32 - FilmFanatic - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll No File

Toolbar: HKLM-x32 - Marine Aquarium Lite - {07189b84-b33b-4a1e-9b32-ad203c983c20} - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll No File

Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FF Plugin-x32: @FilmFanatic.com/Plugin - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File

FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dl l No File

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [36632 2014-03-25] ()

S2 FilmFanaticService; C:\PROGRA~2\FILMFA~2\bar\1.bin\pabarsvc.exe [X]

S2 MarineAquarium3Free_57Service; C:\PROGRA~2\MARINE~2\bar\1.bin\57barsvc.exe [X]

S3 JLTECH0227; System32\Drivers\jl2005c.sys [X]

2014-06-10 06:17 - 2014-04-17 09:39 - 00000000 ____D () C:\Program Files (x86)\LPT

2014-06-10 06:16 - 2014-04-17 09:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\LPT

2014-06-10 06:16 - 2013-05-01 21:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\iLivid

2014-06-09 22:36 - 2012-12-08 15:08 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-05-24 21:54 - 2013-02-02 19:38 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

2014-05-23 22:09 - 2013-02-02 19:20 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\uTorrent

Task: {40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

C:\Program Files\Common Files\McAfee

C:\Program Files\McAfee

C:\Program Files\AVAST Software

C:\Program Files (x86)\MarineAquarium3Free_57

C:\Program Files (x86)\BabylonToolbar

C:\Program Files (x86)\Common Files\McAfee

C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab

C:\Program Files (x86)\FilmFanatic

Reboot:

 

 

 

 

 

 

 

 

 

 

*****************

 

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll" => Value Data not found.

"c:\progra~2\searchprotect\searchprotect\bin\spvc32 loader.dll" => Value Data not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}'=> Key not found.

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully.

'HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.

'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.

'HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074d3229-0a22-491b-b9dd-ff3171d75f25}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{074d3229-0a22-491b-b9dd-ff3171d75f25}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{0eeaa2c3-0cd7-4364-b82e-f9257081c860}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631acb68-57c3-48af-9cc5-fcec0837ffd3}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{631acb68-57c3-48af-9cc5-fcec0837ffd3}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{d5e9b421-c309-41de-9014-800a2adcdeb0}' => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.

'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} => value deleted successfully.

'HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}'=> Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0b84b4b4-8af8-4f1f-91fe-074a666f6425} => value deleted successfully.

'HKCR\Wow6432Node\CLSID\{0b84b4b4-8af8-4f1f-91fe-074a666f6425}' => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{07189b84-b33b-4a1e-9b32-ad203c983c20} => value deleted successfully.

'HKCR\Wow6432Node\CLSID\{07189b84-b33b-4a1e-9b32-ad203c983c20}' => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.

'HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully.

'HKCR\PROTOCOLS\Handler\skype-ie-addon-data' => Key deleted successfully.

'HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}'=> Key not found.

'HKLM\Software\Wow6432Node\MozillaPlugins\@FilmFanatic.com/Plugin' => Key deleted successfully.

C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll not found.

'HKLM\Software\Wow6432Node\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin' => Key deleted successfully.

FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dl l No File not found.

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully.

LPTSystemUpdater => Service deleted successfully.

FilmFanaticService => Service deleted successfully.

MarineAquarium3Free_57Service => Service deleted successfully.

JLTECH0227 => Service deleted successfully.

C:\Program Files (x86)\LPT => Moved successfully.

C:\Users\caroline\AppData\Local\LPT => Moved successfully.

C:\Users\caroline\AppData\Local\iLivid => Moved successfully.

C:\ProgramData\AVAST Software => Moved successfully.

C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect => Moved successfully.

C:\Users\caroline\AppData\Roaming\uTorrent => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40D0CE8D-CA7D-4DC0-931F-1B4EB94CFCF0}' => Key deleted successfully.

C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update' => Key deleted successfully.

"C:\Program Files\Common Files\McAfee" => File/Directory not found.

"C:\Program Files\McAfee" => File/Directory not found.

"C:\Program Files\AVAST Software" => File/Directory not found.

C:\Program Files (x86)\MarineAquarium3Free_57 => Moved successfully.

C:\Program Files (x86)\BabylonToolbar => Moved successfully.

C:\Program Files (x86)\Common Files\McAfee => Moved successfully.

"C:\Users\caroline\AppData\Roaming\DefaultTab\DefaultTab" => File/Directory not found.

C:\Program Files (x86)\FilmFanatic => Moved successfully.

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog ====

 

 

I had to shut down and restart in safe mode to run OTL, but it seemed to hang after around 10 minutes. Should I try to run it again?

[Starbuck]

Yes, try to run OTL again in safe mode. (using the original instructions )

Sometimes it may seem as though it's doing nothing, but leave it anyway.

If it does seem to freeze.... have a look and see if you can see what it was scanning when it froze.

[johnblaze]

Hi Starbuck, I tried to run OTL in safe mode as per your original instructions and it froze again (I left it almost 40 minutes this time). I couldn't see what it was scanning when it froze, however I did notice that the last line of text that I pasted into the 'Custom Scans/Fixes' box had disappeared (CREATERESTOREPOINT)...

[Starbuck]

Hi John,

 

It's strange that OTL won't run a scan for us.... OTL very rarely encounters a problem.

It's always a possibility that one of the entries in the custom scan might be causing this.

Let's remove all but one.

This is the main one i wanted to see.

 

Double click on OTL to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

• Under Extra Registry section, select Use SafeList.
  

Now copy the line in bold below.

 

msconfig

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
   
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

If you still get no joy from Otl, try removing it ( just right click on the icon and select delete) and download a fresh copy.

 

Thanks

[johnblaze]

Success! Here's the OTL.txt:

 

OTL logfile created on: 6/13/2014 12:57:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.96 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 81.03% Memory free

3.93 Gb Paging File | 3.57 Gb Available in Paging File | 90.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218.14 Gb Total Space | 174.24 Gb Free Space | 79.88% Space Free | Partition Type: NTFS

 

Computer Name: CAROLINE-PC | User Name: Test | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools)

 

 

========== Modules (No Company Name) ==========

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)

SRV:64bit: - (SlimService) -- C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe (SlimWare Utilities, Inc.)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)

SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMSwissArmy) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV:64bit: - (Sftvol) -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (CtClsFlt) -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (L1C) -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (ApfiltrService) -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (RSUSBSTOR) -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (athr) -- C:\WINDOWS\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (yukonw7) -- C:\WINDOWS\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/25 11:47:28 | 000,000,000 | ---D | M]

 

[2013/02/02 19:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://google.co.uk/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: avast! Online Security = \Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\

CHR - Extension: Google Wallet = \Users\caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found

O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^smartbar_3312014.exe.lnk - - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\caroline\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)

MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

MsConfig:64bit - StartUpReg: FilmFanatic Browser Plugin Loader - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: FilmFanatic Browser Plugin Loader 64 - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: FilmFanatic EPM Support - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: FilmFanatic Home Page Guard 64 bit - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: FilmFanatic Search Scope Monitor - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: Marine Aquarium Lite EPM Support - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Marine Aquarium Lite Home Page Guard 64 bit - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Marine Aquarium Lite Search Scope Monitor - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: MarineAquarium3Free_57 Browser Plugin Loader - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: MarineAquarium3Free_57 Browser Plugin Loader 64 - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: SlimCleaner Plus - hkey= - key= - C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (SlimWare Utilities, Inc.)

MsConfig:64bit - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/06/11 02:04:53 | 000,000,000 | ---D | C] -- C:\FRST

[2014/06/11 02:04:53 | 000,000,000 | ---D | C] -- \FRST

[2014/06/11 02:01:15 | 000,000,000 | -H-D | C] -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Videos

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Pictures

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Music

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Links

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Favorites

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Downloads

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Documents

[2014/06/11 01:13:40 | 000,000,000 | R--D | C] -- C:\Users\Test\Desktop

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Templates

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Start Menu

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\SendTo

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Recent

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\PrintHood

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\NetHood

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\My Documents

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Local Settings

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Cookies

[2014/06/11 01:13:40 | 000,000,000 | -HSD | C] -- C:\Users\Test\Application Data

[2014/06/11 01:13:40 | 000,000,000 | -H-D | C] -- C:\Users\Test\AppData

[2014/06/11 01:13:40 | 000,000,000 | ---D | C] -- C:\Users\Test\Saved Games

[2014/06/09 22:38:55 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2014/06/09 22:08:29 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft

[2014/05/24 20:43:51 | 000,000,000 | -HSD | C] -- C:\found.000

[2014/05/24 20:43:51 | 000,000,000 | -HSD | C] -- \found.000

[2014/05/23 23:08:09 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/05/23 23:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/05/23 23:07:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/05/23 23:07:49 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/05/23 23:07:49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/05/23 23:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/05/23 23:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/06/13 00:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/06/13 00:54:25 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys

[2014/06/12 12:38:44 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/06/12 12:38:44 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/06/12 12:38:44 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/06/12 01:57:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/06/12 01:56:57 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2014/06/11 01:18:19 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/06/11 01:14:40 | 000,000,258 | RHS- | M] () -- C:\Users\Test\ntuser.pol

[2014/06/09 22:17:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/05/24 20:46:30 | 000,003,536 | ---- | M] () -- C:\bootsqm.dat

[2014/05/23 23:10:32 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/23 23:10:24 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/23 23:07:57 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/06/11 01:14:40 | 000,000,258 | RHS- | C] () -- C:\Users\Test\ntuser.pol

[2014/06/11 01:13:40 | 000,000,290 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2014/06/11 01:13:40 | 000,000,272 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2014/05/24 20:46:30 | 000,003,536 | ---- | C] () -- C:\bootsqm.dat

[2014/05/24 20:46:30 | 000,003,536 | ---- | C] () -- \bootsqm.dat

[2014/05/23 23:07:57 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/04/29 19:18:58 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll

[2013/12/05 20:42:59 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2013/02/02 19:45:25 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/12/08 20:32:29 | 1581,010,944 | -HS- | C] () -- \hiberfil.sys

[2010/12/25 11:51:21 | 000,003,103 | -H-- | C] () -- \dell.sdr

[2009/04/28 17:27:09 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK

[2009/04/28 17:27:08 | 000,383,562 | RHS- | C] () -- \bootmgr

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

 

< End of report >

 

 

 

And here's the Extras.txt:

 

OTL Extras logfile created on: 6/13/2014 12:57:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.96 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 81.03% Memory free

3.93 Gb Paging File | 3.57 Gb Available in Paging File | 90.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218.14 Gb Total Space | 174.24 Gb Free Space | 79.88% Space Free | Partition Type: NTFS

 

Computer Name: CAROLINE-PC | User Name: Test | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0519B2DA-DA8C-4D1D-B2C6-7E20CEA13E6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{160D5E3A-65FD-47F8-B747-D37A31BC4E91}" = lport=445 | protocol=6 | dir=in | app=system |

"{2034C4CF-7424-41A7-BE1E-C5F1685BC174}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2125B0B1-84B8-4337-9425-DE5FE4E3864F}" = rport=10243 | protocol=6 | dir=out | app=system |

"{21DFE584-43A6-4C8E-9923-3AAB6A0CE2D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{28A23757-E58F-4C44-8173-AB557B09B0EA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{29061EE2-73C0-4046-97E7-2BBA7F6128FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{298941CC-B235-4A41-9376-2C5124EA2D67}" = rport=139 | protocol=6 | dir=out | app=system |

"{42D7A239-8510-4243-956E-C86C6213B45B}" = rport=137 | protocol=17 | dir=out | app=system |

"{42F21532-8743-4172-8A01-1A71BF760FFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{4441E109-EA73-47C3-9309-29D02127115C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{56266383-8B2D-46F9-8BB4-14D27B65030E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{569A92C8-ECF7-488F-9E7A-CA826023A231}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7001C839-26C7-482A-A188-77F574EB17E2}" = lport=139 | protocol=6 | dir=in | app=system |

"{73DEBCA8-78FB-4C1D-A654-C0BCB2302E6E}" = rport=138 | protocol=17 | dir=out | app=system |

"{7A7EEC0D-7F37-4344-B872-9D8592F74A4A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{825D9BBB-0B33-43EF-848F-ACE802963A36}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8BAB6F48-76B3-4AC2-AB0B-9AB33B3D0F09}" = lport=2869 | protocol=6 | dir=in | app=system |

"{98F45A54-7777-4494-A737-94E6DFB94DD5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{9F08FDBE-0075-4479-84DC-FD20078929A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

"{AA93F64E-B855-4A7B-B520-E68038ED2436}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{B12A0755-0D57-4BFE-92BC-85EA1E7DD195}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C236BEDE-29AB-42BC-9F9A-5FD3B796B804}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C6B048E5-8841-4C85-A777-FD83A8DBD963}" = lport=138 | protocol=17 | dir=in | app=system |

"{D4EC3005-A9DB-4C8A-A2A7-B69B91FF55D7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E612AF83-AF74-4930-A37E-9FCDBB502C46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E7108903-6750-45FA-9FDA-97CFB2B4C196}" = lport=137 | protocol=17 | dir=in | app=system |

"{F6101F5C-E913-4C5C-95F8-0407887D9FEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AEF6CFB-F988-412F-851C-149C18222FD4}" = protocol=6 | dir=in | app=c:\users\caroline\appdata\roaming\utorrent\utorrent.exe |

"{14A199D2-2F70-4B06-9925-E8FD289A5DBE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{187BBE7B-25A3-4FF4-8015-139A4E2115B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3CB181B9-65E7-4A81-9658-B6401A853131}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{400FC15C-05B7-49FA-B763-55CC968E1192}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{42D235AC-18B3-491B-8C1B-26260FC1A5F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{4DCE93D7-0F53-440D-AD1E-D5E5B108BD05}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |

"{62CB82A8-62B0-4288-9375-F656E623DA50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{66777969-C895-4EA3-A5ED-930406D07308}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{6682DF26-F9AE-45E5-B1BA-5529FB4B054F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{66DA9ED0-2B87-4757-821B-59578EC343A7}" = dir=in | app=c:\users\caroline\appdata\local\microsoft\skydrive\skydrive.exe |

"{6733492B-ED8B-4881-B3EB-CA566F6EF8C0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{6B27F2DF-F056-4180-BCF6-3A2B5446082F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{87B07E88-A614-4A05-881A-E17BA6B82F90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{88C8142D-D5ED-465C-9F04-A0C4ECCA8F36}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{8F3B56D8-7481-4F50-8661-62CD7900EB08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{96D5A93C-1067-43A2-8A79-552C381AF318}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A65EC814-A2E8-430A-A0A5-A58EFF9F7F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |

"{B1981DD6-984D-4FDC-8B76-45859BBCDC04}" = protocol=6 | dir=out | app=system |

"{B58AC8C4-D209-4B51-BA31-135317B1330F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B6A961C1-1B8D-431B-A580-4B80E8099343}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D5DAB4C1-C807-4958-8312-F5568FF526F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{DBB4862C-2784-43B9-B418-8461B284B3C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E1184AF8-2B2B-473E-8EA0-CD996C3725F7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{E6DAFCBC-5D91-49C9-A9E8-FE938DE0066D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EA50DB82-6827-4406-A6C1-DF92F50B7C21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{F47DDC8E-8354-40D5-A737-660D64B98FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F65D81C8-AD00-4DB4-A27D-A9CFA410F9E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F83CCD9E-AAED-4140-9079-B93E0860ABF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F9D70B19-4E2E-4FBB-8F2A-E5EB110EE245}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FCC6F5FD-3B4F-4C58-94CD-D8AD38AF179A}" = protocol=17 | dir=in | app=c:\users\caroline\appdata\roaming\utorrent\utorrent.exe |

"TCP Query User{76DDEBD4-ACF6-419C-8C2D-F0927FAE664F}C:\program files (x86)\premieropinion\pmropn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |

"UDP Query User{66F2D1D7-F816-468D-A46C-4154FB220CFD}C:\program files (x86)\premieropinion\pmropn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416039FF}" = Java 6 Update 39 (64-bit)

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EA70F545-7D7D-4E65-BD8B-21D2DE0F0165}" = SlimCleaner Plus

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us

"Zune" = Zune

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3D9326E1-E378-48A6-A82B-800147E63306}" = ArcSoft MediaImpression 2

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D96EBFC0-C680-4463-B4F0-299E48771819}" = Yahoo Community Smartbar

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"DefaultTab" = DefaultTab

"Dell Dock" = Dell Dock

"Dell Webcam Central" = Dell Webcam Central

"FilmFanaticbar Uninstall Internet Explorer" = FilmFanatic Internet Explorer Toolbar

"Google Chrome" = Google Chrome

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

"MarineAquarium3Free_57bar Uninstall Internet Explorer" = Marine Aquarium Lite Internet Explorer Toolbar

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"WinLiveSuite" = Windows Live Essentials

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 4/16/2014 6:53:20 AM | Computer Name = caroline-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16476 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: ffc Start

Time: 01cf59616a7e9521 Termination Time: 47 Application Path: C:\Program Files (x86)\internet

explorer\iexplore.exe Report Id:

 

Error - 4/17/2014 4:37:20 AM | Computer Name = caroline-PC | Source = Office 2013 Licensing Service | ID = 0

Description =

 

Error - 4/17/2014 4:40:43 AM | Computer Name = caroline-PC | Source = Registry Helper Service | ID = 109

Description = Error: Service started

 

Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 13

Description =

 

Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 8193

Description =

 

Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 13

Description =

 

Error - 4/17/2014 6:15:10 AM | Computer Name = caroline-PC | Source = VSS | ID = 8193

Description =

 

Error - 4/17/2014 6:16:28 AM | Computer Name = caroline-PC | Source = Registry Helper Service | ID = 109

Description = Error: Service started

 

Error - 4/17/2014 6:27:55 AM | Computer Name = caroline-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16476 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 9dc Start

Time: 01cf5a277f17d50f Termination Time: 66 Application Path: C:\Program Files (x86)\internet

explorer\iexplore.exe Report Id:

 

Error - 4/17/2014 6:40:15 AM | Computer Name = caroline-PC | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Application or service 'Internet Explorer' could not be shut down.

 

[ Dell Events ]

Error - 12/8/2012 10:15:53 AM | Computer Name = caroline-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

[ System Events ]

Error - 6/12/2014 7:55:19 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 7:55:20 PM | Computer Name = caroline-PC | Source = DCOM | ID = 10005

Description =

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = DCOM | ID = 10005

Description =

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 7:55:21 PM | Computer Name = caroline-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

 

Error - 6/12/2014 8:04:56 PM | Computer Name = caroline-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

 

 

< End of report >

[Starbuck]

Hi John

 

That's great, thanks.

 

Step 1

For the time being, please uninstall MalwareBytes AntiMalware.

We can reinstall it later.

 

 

Step 2

I've added an attachment called a fix.txt (it's at the bottom of this post)

Please click on this and download it to your Desktop.

 

Do nothing else with it.

 

Now:

Right click on the OTL icon and select 'Run as Administrator'.

 

http://img.photobucket.com/albums/v708/starbuck50/Otl1-1.png

 

When OTL opens just click on the FIX button.

As you haven't added anything to the bottom section..... an additional dialogue box will appear.

Click OK in the box.

 

http://img.photobucket.com/albums/v708/starbuck50/otl2-1.png

 

Make sure the 'Look in' directory selected is the Desktop.

Otl will now find the Fix.txt.

Click Open when it's found.

 

http://img.photobucket.com/albums/v708/starbuck50/otl3-1.png

 

Otl will automatically enter the fix for you.

When it's entered, just click the Fix button.

 

http://img.photobucket.com/albums/v708/starbuck50/otl4.png

• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.
  

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 3

For x64 bit systems download

ListParts64bit and save it to your Desktop.

 

• Double-click the downloaded icon to run the tool. Vista/Windows 7 users right-click and select Run As Administrator.
  
• Press Scan button.
  
• It will make a log (Result.txt) on your Desktop. Please copy and paste it to your reply.
  

 

 

 

In your next reply, please submit:

Otl fix report

Result.txt

 

Thanks.

fix.txt

[johnblaze]

Hi Starbuck, I've pasted the info as requested (after running the fix in OTL the laptop had the same problem with blank screen so I had to reboot in safe mode again to access the log)

 

OTL:

 

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc3 2loader.dll deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Browser Infrastructure Helper\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Browser Plugin Loader\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Browser Plugin Loader 64\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic EPM Support\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Home Page Guard 64 bit\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\FilmFanatic Search Scope Monitor\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Marine Aquarium Lite EPM Support\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Marine Aquarium Lite Home Page Guard 64 bit\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Marine Aquarium Lite Search Scope Monitor\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MarineAquarium3Free_57 Browser Plugin Loader\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MarineAquarium3Free_57 Browser Plugin Loader 64\ not found.

File C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.8 0.dll not found.

========== FILES ==========

File\Folder C:\program files (x86)\premieropinion not found.

File\Folder C:\Users\caroline\AppData\Roaming\DefaultTab not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:\Users\Test\Desktop\cmd.bat deleted successfully.

C:\Users\Test\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

->Temp folder emptied: 0 bytes

-> No Temporary Internet Files cache folder defined!

 

User: caroline

-> No Temporary Internet Files cache folder defined!

 

User: Default

-> No Temporary Internet Files cache folder defined!

 

User: Default User

-> No Temporary Internet Files cache folder defined!

 

User: Public

-> No Temporary Internet Files cache folder defined!

 

User: Test

-> No Temporary Internet Files cache folder defined!

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 911909990 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 870.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 06132014_232457

 

 

 

 

 

 

 

 

 

 

 

 

ListParts64:

 

ListParts by Farbar Version: 17-04-2014

Ran by Test (administrator) on 13-06-2014 at 23:34:14

Windows 7 (X64)

Running From: C:\Users\Test\Desktop

Language: 0409

************************************************************

 

 

========================= Memory info ======================

 

 

Percentage of memory in use: 22%

Total physical RAM: 2010.36 MB

Available physical RAM: 1567.32 MB

Total Pagefile: 4020.73 MB

Available Pagefile: 3601.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

 

======================= Partitions =========================

 

 

1 Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:175.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

 

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

 

 

Partitions of Disk 0:

===============

 

 

Disk ID: E94AE992

 

 

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 100 MB 1024 KB

Partition 2 Primary 14 GB 101 MB

Partition 3 Primary 218 GB 14 GB

 

 

======================================================================================================

 

 

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

 

 

There is no volume associated with this partition.

 

 

======================================================================================================

 

 

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

 

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Recovery NTFS Partition 14 GB Healthy System (partition with boot components)

 

 

======================================================================================================

 

 

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

 

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 218 GB Healthy Boot

 

 

======================================================================================================

============================== MBR Partition Table ==================

 

 

==============================

Partitions of Disk 0:

===============

Disk ID: E94AE992

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

 

 

 

 

****** End Of Log ******

[Starbuck]

Hi John,

 

after running the fix in OTL the laptop had the same problem with blank screen so I had to reboot in safe mode again to access the log

That's ok, i didn't expect the system to boot into normal mode.

The object of the OTL fix was to clean out the rest of the bad/Orphan entries so that the system is free of all the rubbish..... it will make things easier if we get the system booting up properly.

 

The object of the ListParts report was to look and check for an escape route if we need one.

and there is one:

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

 

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Recovery NTFS Partition 14 GB Healthy System (partition with boot components)

The laptop contains a factory restore partition.

So if all else fails we can restore the laptop back to how it was when it left the factory.

 

 

Can you please run this:

Open notepad and copy/paste the text in the quotebox below into it:

 

regedit /a look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" 
regedit /a peek.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
type look.txt>log.txt
type peek.txt>>log.txt
start notepad log.txt

 

Save this as peek.bat

Choose to "Save type as - All Files"

 

It should look like this:http://img.photobucket.com/albums/v708/starbuck50/bat_icon_zps4328e507.gif

Double click on peek.bat & allow it to run.

A notepad file will open.... Copy that information into your next reply, please.

[johnblaze]

Notepad file from peek.bat:

 

REGEDIT4

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

"OptionValue"=dword:00000001

 

 

REGEDIT4

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]

"ComSpec"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\

32,5c,63,6d,64,2e,65,78,65,00

"FP_NO_HOST_CHECK"="NO"

"OS"="Windows_NT"

"Path"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live;C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\DLLShared\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\DLLShared\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\DLLShared\\;C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\12.0\\DLLShared\\;C:\\Program Files (x86)\\Roxio\\OEM\\AudioCore\\;C:\\Program Files (x86)\\Windows Live\\Shared;C:\\Users\\caroline\\AppData\\Local\\Smartbar\\Application\\"

"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"

"PROCESSOR_ARCHITECTURE"="AMD64"

"TEMP"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,54,45,4d,50,00

"TMP"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,54,45,4d,50,00

"USERNAME"="SYSTEM"

"windir"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,00

"PSModulePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\

33,32,5c,57,69,6e,64,6f,77,73,50,6f,77,65,72,53,68,65,6c,6c,5c,76,31,2e,30,\

5c,4d,6f,64,75,6c,65,73,5c,00

"NUMBER_OF_PROCESSORS"="1"

"PROCESSOR_LEVEL"="6"

"PROCESSOR_IDENTIFIER"="Intel64 Family 6 Model 23 Stepping 10, GenuineIntel"

"PROCESSOR_REVISION"="170a"

"EMC_AUTOPLAY"="C:\\Program Files (x86)\\Common Files\\Roxio Shared\\OEM\\"

"RCAUTOPLAY"="C:\\Program Files (x86)\\Roxio\\OEM\\Roxio Central 5\\"

"BURN_AUTOPLAY"="C:\\Program Files (x86)\\Roxio\\OEM\\Roxio Burn\\"

"SAFEBOOT_OPTION"="MINIMAL"

[Starbuck]

Hi again John,

 

Ok this could be a bit tricky.....

there is a problem with the board software, in that it sometimes adds spaces in the reports that shouldn't be there.

I've tried adding the information required to save in a delete.reg file ..... but when i preview the post, spaces have been added.

This means that the fix won't work.

Then tried plan 'b':

Add the delete.reg file as an attachment for you to download..... board software won't allow those attachments!

 

But i've found a way of doing it ( and it worked for me)

 

Download the delete.txt at the bottom of this post .... to your desktop.

Click on it to open it.

Click on the File tab >> Save As.

Save the file as "delete.reg" . Make sure to save it with the quotes.

It should have saved another copy on your Desktop that looks like this: http://img.photobucket.com/albums/v708/starbuck50/reg_zps79da5139.jpg

 

Right click on the delete.reg file and choose merge .... to add it to the registry.

 

Now reboot the system and see if normal mode boots up.

delete.txt

[johnblaze]

Hi Starbuck, I followed the instructions in your last post but the computer still won't boot in normal mode. I'm still getting the blank screen with only the pointer...

[Starbuck]

Hi John,

 

It seems that a few of my colleagues have encountered this problem recently.

All on Win7 systems.

Unfortunately no one seems to have been able to fix the problem yet.

It also seems that the listparts report may hold more information than i first thought.

I'm looking through their reports from the effected systems and am trying to find a common link between them all.

There must be one somewhere in the reports.

Will let you know as soon as i find anything that will possibly help us.

[johnblaze]

Hi Starbuck, thanks for keeping me in the loop. I'll sit tight until you get back in touch, and thanks again for your time & help.